Cookie policy

Cookies are small text files a website stores on your device. They let the site remember you between requests — for example, that you're signed in.

Trumailo uses cookies for two things: keeping you signed in after you authenticate, and remembering UI preferences like whether you've dismissed the onboarding dialog. We don't use cookies for advertising or analytics tracking.

• next-auth.session-token — your signed-in session. HTTP-only, secure (in production), SameSite=Lax. Expires when your session does.
• next-auth.csrf-token — cross-site request forgery defence. Set during sign-in.
• next-auth.callback-url — remembers where to send you after sign-in.

We also use one localStorage entry (trumailo-onboarded) to remember that you've seen the API-setup walkthrough. Not technically a cookie, but worth mentioning here.

When you reach the checkout page, Paddle's embedded checkout sets its own cookies to process your payment. See Paddle's cookie policy for details. We don't embed analytics, social, or advertising trackers.

You can clear or block cookies in your browser settings. Disabling our session cookie will sign you out and prevent you from using the app, but you'll still be able to read the marketing site.

If we ever add a tracking cookie we'll show a consent banner first. Until then, this page tells the whole story.