HexVault uses only strictly necessary cookies. No advertising cookies. No analytics cookies. No third-party tracking. Three cookies, all of which exist solely to make the service work and keep you secure.
Cookies are small text files that a website places on your device when you visit. They serve a variety of purposes — some are essential for a service to function, others are used for analytics, advertising, or tracking user behaviour across websites.
HexVault is a security product. We have no interest in tracking you. Every cookie we use exists solely to keep the service functional and your account secure.
HexVault uses exactly three cookies. All are strictly necessary.
| Name | Purpose | Expires | Type |
|---|---|---|---|
| session | Stores your encrypted session token. Required to keep you logged in between page loads. Contains no personal data — only an opaque signed token that references your server-side session. | On logout or session timeout (configurable 15 min – 30 days) | Necessary |
| csrf_token | Cross-site request forgery protection. Prevents malicious websites from making requests to HexVault on your behalf. Required for any write operation (saving passwords, changing settings). | Session duration | Necessary |
| hv_theme | Stores your light/dark mode preference locally. This cookie is never sent to our servers — it is read entirely client-side to set the correct theme on page load and avoid a flash of incorrect theme. | 1 year | Necessary |
All three cookies are first-party cookies — set by hexvault.co.uk and readable only by hexvault.co.uk. No cookie data is shared with any third party.
HexVault does not use:
Analytics cookies — we do not use Google Analytics, Mixpanel, Amplitude, or any similar tool that tracks user behaviour across sessions. We have no interest in knowing what features you use most.
Advertising cookies — we have no advertising network relationships and do not place any advertising identifiers on your device.
Social media tracking pixels — no Facebook pixel, Twitter pixel, LinkedIn insight tag, or equivalent.
Third-party cookies — no third-party script on hexvault.co.uk places cookies on your device. Stripe (our payment processor) may set cookies on its own domain when you visit the Stripe payment page, subject to Stripe's own cookie policy.
Because we use only strictly necessary cookies, removing or blocking them will impair the functionality of the service:
Blocking the session cookie means you cannot stay logged in. The service will not function.
Blocking the CSRF token cookie means you cannot save, edit, or delete any data. Read-only access only.
Blocking the theme cookie means your theme preference will not persist between sessions. The service remains fully functional.
You can manage cookies through your browser settings. Most browsers allow you to view, block, or delete cookies from specific domains. Instructions vary by browser — refer to your browser's help documentation.
Because all our cookies are strictly necessary and functional, UK GDPR does not require us to obtain consent before setting them. We do not display a cookie consent banner.
Questions about this policy: [email protected]
See also our Privacy Policy and Terms of Service.