Last updated · June 5, 2026
Cookie Policy
VYNE uses a small set of first-party cookies. We do not set third-party advertising cookies. This page lists each cookie + tells you how to manage them.
Tiers + what you can control
Cookies fall into four tiers. Strictly necessary cookies are always set because the Service can't function without them. The other three you can opt into or out of via the cookie banner (shown on first visit) or any time via "Cookie preferences" in the footer.
Cookies we set
| Cookie | Tier | Purpose | Lifetime |
|---|---|---|---|
| vyne-token | Strictly necessary | Session authentication (HttpOnly, Secure, SameSite=Strict). Set by /api/auth/session. | 30 days; cleared on logout |
| vyne-demo | Strictly necessary | Marks a session as the read-only public demo workspace. | Session-scoped |
| vyne-csrf | Strictly necessary | Double-submit token for state-changing API requests. | Session-scoped |
| vyne-consent | Strictly necessary | Stores your cookie-banner choices so we don't re-prompt every visit. | 12 months |
| vyne-theme | Functional (consent) | Light / dark / system theme preference. | 12 months |
| vyne-sidebar-collapsed | Functional (consent) | Keeps your sidebar in the state you left it. | 12 months |
| vyne-analytics-id | Analytics (consent) | Anonymous, salted+rotated visitor id for product analytics. NO cross-site tracking. | 30 days, rotated |
| — | Marketing | Not used. We do not run marketing or advertising cookies. | — |
Browser controls
Do Not Track
We respect the DNT header on first visit — if your browser sends DNT: 1 we default the cookie banner to "reject non-essential". You can still opt in to functional or analytics from the banner.
Children + targeting
We do not knowingly target users under 16, and we do not use cookies for behavioural advertising or to build cross-site profiles.
Changes
We will update this list whenever a new cookie is introduced. Material changes (e.g. adding an analytics provider) are announced via the cookie banner + by email at least 14 days ahead. See also Privacy → Consents table for the server-side audit record we keep of each consent decision.
Contact
Questions: privacy@vyne.app.