Overview
A "cookie" is a small text file stored in your browser. CipherForces uses cookies and similar storage (localStorage, IndexedDB, sessionStorage) for a handful of well-defined purposes. Most of our tools don't need cookies at all.
In the EU/UK and similar regions, you'll see a cookie banner on your first visit. You can change your choice at any time:
Strictly necessary
These are required for the site to function. You cannot opt out (if you block them, parts of the site will break).
| Cookie | Purpose | Expiry |
|---|---|---|
cf_license | HMAC-signed Pro-license token. Issued after you unlock the $39 Pro license. | 365 days |
cf_usage | Daily usage counter for free-tier tool quotas. Resets at UTC midnight. | 1 day |
cf_cookie_prefs | Your cookie-banner choices (which optional categories you allowed). | 180 days |
cf_recent_tools | Remembers tools you recently visited so the sidebar suggestions are useful. | 90 days |
| Next.js / Vercel | Standard load-balancing cookies (no personal data). | Session |
Analytics (optional)
If you accept analytics cookies, we use Google Analytics to understand aggregate site usage (which pages are popular, which tools are used, where traffic comes from). Pseudonymous; never sold.
| Cookie | Purpose | Expiry |
|---|---|---|
_ga | Google Analytics distinguishes unique users. | 2 years |
_ga_* | Google Analytics session state. | 2 years |
Live chat (optional)
If you accept chat cookies, we load tawk.to, a third-party live-chat widget. tawk.to sets its own cookies to preserve your chat session. We never see chat transcripts shared with tawk.to beyond what users message us.
| Cookie | Purpose | Expiry |
|---|---|---|
__tawkuuid | Identifies your chat session across page loads. | 6 months |
TawkConnectionTime | Tracks the last time you connected to chat. | Session |
Tool storage (not cookies)
Several tools store data in your browser's localStorage or IndexedDB rather than in cookies. This stays on your device — the server never sees it.
- Resume Builder drafts (
cf_draft_index::resume+ named payloads). - Contract Generator drafts (
cf_draft_index::contract+ named payloads). - BYO-key AI vault (AES-GCM encrypted API keys you optionally provide, decrypted only inside a single scoped function in the browser; never transmitted to our servers).
- Tool-specific UI state (last template picked, preferences).
Managing cookies
You can manage cookies in three ways:
- Our banner: accept or reject optional categories on your first visit. To revisit your choice, click "Cookie preferences" at the bottom of any page or use the button above.
- Your browser: every modern browser has settings to block or delete cookies. Check your browser's help for instructions.
- Global Privacy Control (GPC): if your browser sends the
Sec-GPC: 1header, we treat it as an opt-out of optional cookies and of any "sale/share" under US state privacy laws.
Do Not Track
We don't process the older Do-Not-Track header because it was never standardized consistently. We do honor GPC, which is the supported modern signal.
Changes
If we add or change cookies, we'll update this page. The "Last updated" date at the top reflects the latest revision. Material changes are announced alongside Privacy Policy updates.