Sunday Reset Plan

Cookie Policy

Version 1.0.0 · Last updated 2026-04-26

This page describes how we use cookies. We keep this short because we use cookies sparingly.

Essential Cookies

We set a single essential cookie, __session, after you sign in. It contains a random session token (not your email or any personal information). It is:

  • HttpOnly — JavaScript on the page cannot read it, reducing XSS risk.
  • Secure — only sent over HTTPS.
  • SameSite=Lax — not sent on most cross-site requests.
  • Max-Age=30 days — refreshed on each sign-in.

Without this cookie, you cannot stay signed in. There is no way to opt out without losing access.

What We Don't Use

  • No analytics cookies (Google Analytics, Plausible, etc.).
  • No advertising cookies or pixels.
  • No third-party tracking.
  • No "cookie banner" because there's nothing to consent to beyond the essential session cookie.

If we ever add analytics or marketing tracking, we'll add a cookie banner first.

Local Storage

We may use browser local storage for non-sensitive UI preferences (e.g., which onboarding step you're on). No personal data is stored there.

Contact

privacy@sundayresetplan.com