Compamin uses a limited set of cookies and local storage values for authentication, session preference, security, and consent management. Optional analytics and marketing categories remain off unless a user expressly enables them.
| Identifier | Purpose | Legal basis | Retention |
|---|---|---|---|
| authjs.session-token / __Secure-authjs.session-token | Maintains the authenticated session after sign-in. | Necessary for contract performance and secure service access. | Up to the configured session lifetime. |
| authjs.csrf-token | Protects authentication flows and form submissions against CSRF attacks. | Necessary for security and legitimate interests. | Session or short-lived renewal window. |
| compamin_session_mode | Stores whether the user chose a persistent login or a browser-session login. | Necessary to honour the user's sign-in preference. | Session-only when not remembered, or up to 30 days when persistent. |
| compamin_cookie_preferences | Stores the user's cookie-consent choices. | Necessary to document and respect consent preferences. | Up to 12 months. |
Necessary cookies are always active because the service cannot operate securely without them. Analytics and marketing categories should only be enabled after a clear affirmative action by the visitor.
Users can accept all cookies, keep necessary cookies only, or manage category-specific preferences. Consent choices should be stored and respected across future visits until they are withdrawn or refreshed.
Users can revisit the cookie banner or preference controls to change their choice. If optional tracking technologies are introduced later, this policy and the privacy policy must be updated before those tools are activated.
In addition to in-app controls, users may also clear cookies from their browser. Doing so can sign them out, reset cookie preferences, or interrupt certain security protections until a new session is established.