Cookie and Local Storage Notice
Effective date: July 15, 2026 · Version 1.0
1. What these technologies are
Cookies are small data files stored by a browser. Local storage and similar technologies store information on a device or browser. StableDeliver uses these technologies only where necessary to operate and secure the Service, plus a small number of functional first-party cookies described below.
2. Strictly necessary uses
- Authentication and passwordless account sessions.
- CSRF, nonce, anti-replay, and other security controls.
- Checkout and order state.
- Rate limiting, abuse prevention, and load balancing.
3. Functional first-party cookies
These are set only by StableDeliver (first-party), are not used for advertising, and are not strictly necessary — the Service works without them, with a minor loss of convenience.
- Theme preference (sd_theme): remembers your light/dark choice.
- First-touch attribution (sd_src): remembers the first referrer/source that brought you to the site, so a later signup can be attributed to it. It is a coarse source label, not a cross-site tracker.
- Sign-in continuation (sd_next): briefly remembers where you were headed so login can return you there.
4. Analytics and advertising
StableDeliver uses privacy-focused, self-hosted analytics and does not use behavioural advertising cookies, fingerprinting, or third-party ad trackers. If non-essential analytics or advertising technologies are ever introduced, this notice and any required consent mechanism will be updated before deployment.
5. Managing settings
Blocking strictly necessary technologies may prevent login, checkout, security, or preferences from working. You can use your browser controls to clear stored data at any time.
6. Technologies in use
| Name | Provider | Purpose | Type | Duration | Required? |
|---|---|---|---|---|---|
| Session cookie (__Host-sd_session) | StableDeliver | Authentication (httpOnly, signed) | Cookie | Session / until logout or expiry | Yes |
| Theme preference (sd_theme) | StableDeliver | Remembers light/dark choice | Cookie | 1 year | No |
| First-touch attribution (sd_src) | StableDeliver | Remembers the first referrer/source for signup attribution | Cookie | 90 days | No |
| Sign-in continuation (sd_next) | StableDeliver | Returns you to your intended page after login | Cookie | 30 minutes | No |
| Checkout state | StableDeliver | Order and payment-step continuity | Local storage / token | Duration of checkout | Yes |
Infrastructure providers (e.g. our CDN) may set strictly necessary technical cookies for security and load balancing; see the Subprocessor page.