Overview
A "cookie" is a small text file stored in your browser. CipherForces uses cookies and similar storage (localStorage, IndexedDB, sessionStorage) for a handful of well-defined purposes. Most of our tools don't need cookies at all.
In the EU/UK and similar regions, you'll see a cookie banner on your first visit. You can change your choice at any time:
Strictly necessary
These are required for the site to function. You cannot opt out (if you block them, parts of the site will break).
| Cookie | Purpose | Expiry |
|---|---|---|
cf_license | HMAC-signed Pro-license token. Issued after you unlock the Pro license. | 365 days |
cf_usage | Daily usage counter for free-tier tool quotas. Resets at UTC midnight. | 1 day |
cf_cookie_prefs | Your cookie-banner choices (which optional categories you allowed). | 180 days |
cf_recent_tools | Remembers tools you recently visited so the sidebar suggestions are useful. | 90 days |
| Framework / hosting | Standard load-balancing cookies set by our hosting provider. No personal data. | Session |
Analytics (optional)
If you accept analytics cookies, we use a pseudonymous analytics provider to understand aggregate site usage (which pages are popular, which tools are used, where traffic comes from). Never sold, never linked to your identity, and disabled by default unless you opt in.
The analytics provider sets standard first-party cookies (typically two) that expire after about two years and are used solely to distinguish unique visitors and maintain session state. The specific vendor is available on request to privacy@cipherforces.com.
Live chat
We load a third-party live-chat widget so you can message our support team from any page. The widget sets its own cookies to preserve your chat session across page loads (typically a session identifier valid for up to six months, plus a transient connection-time cookie). We only see messages you send us in the chat itself.
Chat loads by default because it is functional customer-support infrastructure. If your browser sends a Global Privacy Control signal, or you decline chat cookies in our preferences panel, the widget will not load. You can open preferences anytime from the footer link.
Tool storage (not cookies)
Several tools store data in your browser's localStorage or IndexedDB rather than in cookies. This stays on your device — the server never sees it.
- Resume Builder drafts (
cf_draft_index::resume+ named payloads). - Contract Generator drafts (
cf_draft_index::contract+ named payloads). - BYO-key AI vault (AES-GCM encrypted API keys you optionally provide, decrypted only inside a single scoped function in the browser; never transmitted to our servers).
- Tool-specific UI state (last template picked, preferences).
Managing cookies
You can manage cookies in three ways:
- Our banner: accept or reject optional categories on your first visit. To revisit your choice, click "Cookie preferences" at the bottom of any page or use the button above.
- Your browser: every modern browser has settings to block or delete cookies. Check your browser's help for instructions.
- Global Privacy Control (GPC): if your browser sends the
Sec-GPC: 1header, we treat it as an opt-out of optional cookies and of any "sale/share" under US state privacy laws.
Do Not Track
We don't process the older Do-Not-Track header because it was never standardized consistently. We do honor GPC, which is the supported modern signal.
Changes
If we add or change cookies, we'll update this page. The "Last updated" date at the top reflects the latest revision. Material changes are announced alongside Privacy Policy updates.