Cookie Policy

This Cookie Policy explains how Pastribe uses cookies and similar technologies on our website. The cookies described below are used to provide essential functionality such as authentication and device pairing.

Cookies we use

token — User session cookie
- Purpose: Maintains an authenticated session for users of the web application.
- Typical attributes: HttpOnly; SameSite=Lax; session cookie by default.
device_token — Device pairing cookie (where applicable)
- Purpose: Persistent token used by paired devices and PWAs to authenticate without interactive login.
- Typical attributes: Secure; HttpOnly; SameSite=None; long-lived where explicitly configured.
additional auth cookies
- Purpose: The authentication system may use additional cookies to manage sessions and refreshes. These are essential for the authentication flow.

We do not use marketing or advertising cookies in the current implementation.

Security and configuration

All authentication cookies are HttpOnly to prevent access from JavaScript.
For cross-site cookie use (e.g. device pairing), cookies should be set with SameSite=None and Secure.
In production, cookies controlling authentication should be transmitted only over HTTPS (Secure=true).
Cookie domain and path can be configured by the deployment environment.

Frontend behavior

Our frontend includes credentials with requests to the backend so that authentication cookies are sent automatically by the browser.
The frontend does not read HttpOnly cookies directly; session status is determined via backend session endpoints.

User controls

You can manage and delete cookies through your browser settings.
Disabling essential cookies will prevent you from logging in or using device pairing features.

Changes to this policy

We may update this Cookie Policy to reflect changes in our practices or legal requirements. We will update the "Last updated" date when we make material changes.

Contact

For questions about this Cookie Policy: support@pastribe.com

Last updated: August 2025