Cookie Policy
Effective: April 29, 2026
This Cookie Policy explains how Axolotl Army uses cookies and similar local-storage technologies on the Axolotl Army Portal at https://portal.axolotlarmy.net. Read it together with our Privacy Policy, which covers everything else we do with personal data.
1. What cookies are
Cookies are small text files a website asks your browser to store so that the next time you visit, the site can recognize you, remember your preferences, or keep you signed in. Cookies set by the site you are visiting are called “first-party” cookies; cookies set by other domains loaded on the page are called “third-party” cookies. We also use related browser-storage features (localStorage, sessionStorage) which behave like cookies but are not transmitted on every request.
2. Categories of cookies we use
Strictly necessary cookies
These cookies are required for the portal to work. Without them you cannot sign in, stay signed in, or submit forms safely. Under EU ePrivacy rules and the UK PECR, strictly-necessary cookies do not require consent, so we do not show a consent banner for them.
Performance and analytics cookies
None.The portal does not run Google Analytics, Mixpanel, Amplitude, Segment, or any other third-party analytics product, and it does not set any analytics cookies. We collect product usage metrics in our own database (no cookies, no third party); see the “Operational logs” entry in the Privacy Policy for details.
Functionality cookies and local storage
We store a small amount of preference data in your browser's localStorage — most notably your theme preference (dark or light) and the dismiss-state of one-time UI hints. This is not strictly a cookie, but we disclose it here for completeness because the practical effect (a value held in your browser, readable by our JavaScript) is the same. Clearing site data in your browser removes these values.
Advertising and targeting cookies
None. We do not run advertising on the portal and we do not set any cookies for cross-context behavioral advertising, retargeting, or audience building. We do not allow third parties to set advertising cookies through our pages.
3. Specific cookies we set
The cookies below are set by the portal during normal use of the Service. Names beginning with __Secure- are the production-mode equivalents that browsers will only return over HTTPS.
| Name | Purpose | Lifetime | Type | Category |
|---|---|---|---|---|
authjs.session-token | Authenticated session. Identifies your signed-in account so we can render your portal. | 30 days (sliding) | First-party, HttpOnly, Secure, SameSite=Lax | Strictly necessary |
authjs.csrf-token | Cross-site request forgery defense for sign-in and account forms. | Session (deleted when browser closes) | First-party, HttpOnly, Secure, SameSite=Lax | Strictly necessary |
authjs.callback-url | Remembers the page you were trying to reach so we can return you there after sign-in. | Session | First-party, HttpOnly, Secure, SameSite=Lax | Strictly necessary |
__Secure-authjs.session-token | Production-mode equivalent of the session cookie above. Sent only over HTTPS. | 30 days (sliding) | First-party, HttpOnly, Secure, SameSite=Lax | Strictly necessary |
__Secure-authjs.csrf-token | Production-mode CSRF cookie. | Session | First-party, HttpOnly, Secure, SameSite=Lax | Strictly necessary |
__Secure-authjs.callback-url | Production-mode callback URL helper. Sent only over HTTPS. | Session | First-party, HttpOnly, Secure, SameSite=Lax | Strictly necessary |
portal-theme (localStorage) | Remembers your dark/light theme choice between visits. | Until you clear site data | First-party browser storage | Functionality |
4. Third-party cookies
We do not embed third-party trackers in the portal. However, two normal flows redirect you off our domain to a partner who sets their own cookies under their own privacy policy:
- Stripe Checkout. When you start a paid plan or pay an invoice we redirect you to
checkout.stripe.com. Stripe sets cookies there for fraud prevention and session continuity. See stripe.com/cookies-policy/legal. - Google OAuth. When you connect a Google account we redirect you to
accounts.google.com, which sets Google cookies for sign-in and account-security. See policies.google.com/technologies/cookies. - Microsoft OAuth. Connecting an Outlook account redirects you to
login.microsoftonline.com, which sets Microsoft sign-in cookies. See privacy.microsoft.com/privacystatement.
Cookies set on those external pages are not under our control. Each provider lists its own cookies and your choices in the policies linked above.
5. Your choices
- Browser settings.Every modern browser lets you block or delete cookies for an individual site. Look in Settings → Privacy → Cookies and site data, or in some browsers Tools → Clear browsing data.
- Clear our local storage. Clearing site data for https://portal.axolotlarmy.net also wipes the theme preference and any UI dismiss flags. They will be re-created next time you sign in.
- Sign out. Signing out from the portal removes the session cookie immediately.
- Strictly-necessary cookies cannot be disabled. If you block them you will not be able to sign in, complete payments, or save changes. If you blocked cookies and now cannot sign in, email privacy@axolotlarmy.net and we will help.
Because we do not set advertising or analytics cookies, there is no consent banner to dismiss and no opt-out toggle for those categories. If we ever add cookies that require consent, we will deploy a banner that asks before they are set, and update this page.
6. Changes to this policy
We will update this page when the cookies we set change. The “Effective” date at the top reflects the most recent revision. For material changes (for example, adding analytics or consent-required categories) we will email account holders at least 30 days before the change takes effect.
7. Contact
Questions about cookies or this policy: privacy@axolotlarmy.net.