Blackridge uses a small set of cookies and browser-storage entries. We don't use advertising trackers and don't share cookie data with third parties.
Strictly necessary
blackheart-session — first-party signal cookie set by the frontend when you sign in. The middleware reads it to know you have an active session before rendering the dashboard shell. The real authentication token is a separate HttpOnly cookie set by the API, never readable by JavaScript.
cookie-consent (localStorage) — records your choice on the cookie banner so we don't show it again. Set the first time you click Accept or Decline.
Functional
Theme, currency, dismiss flags (localStorage) — remember your preferred theme, display currency, onboarding-panel dismissal, and last-seen notification timestamp. Cleared if you sign out and clear browser storage.
What we do not use
We do not run Google Analytics, Meta Pixel, Hotjar, Sentry session replay, or any third-party advertising / analytics SDK.
Managing your preferences
You can clear all cookies and local-storage entries via your browser's site-data controls. The next visit will then ask for cookie consent again. Signing out also clears the session signal cookie.