Cookie Policy
Last updated: April 2026
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They're used to remember preferences, keep you signed in, and protect against abuse. This policy describes exactly which cookies ETCH uses and why.
2. First-party cookies
Cookies set by get-etch.app itself. All are strictly necessary — the site cannot function without them, so PECR and UK GDPR do not require consent for them.
| Name | Purpose | Duration | Category |
|---|---|---|---|
| etch-session | Authenticated session identifier (encrypted). Contains your user ID and session metadata. HttpOnly and Secure. | Up to 7 days idle, 90 days absolute | Strictly necessary |
| _csrf | CSRF-protection token. Readable by our own JavaScript so it can be injected into request headers. Prevents cross-site request forgery. | Session (until browser closes) | Strictly necessary |
| etch_consent | Remembers that you have acknowledged this cookie notice, so we don't show it again on every page. | 6 months | Strictly necessary |
3. Third-party cookies
We do not use third-party analytics, advertising, or tracking cookies. Third-party cookies are only set during specific interactions with integrated services, and they are set on those services' own domains — not on get-etch.app.
Cloudflare Turnstile (contact form and blog comments)
We use Cloudflare Turnstile to protect the contact form and the blog comment form from automated spam. Turnstile may set short-lived cookies (__cf_bm, cf_clearance) on the cloudflare.com domain for anti-abuse purposes only. We classify these as strictly necessary for security under ICO guidance (PECR Recital 66). See Cloudflare's cookie policy.
Stripe (paid plans)
When you subscribe to a paid plan, you are redirected to Stripe Checkout at checkout.stripe.com. Stripe sets its own cookies on its own domain to process the payment. We do not receive or share any cookie data with Stripe. See Stripe's cookie policy.
Google (Sign in with Google)
If you choose to sign in with Google, Google sets its own cookies on the google.com domain during the authentication flow. See Google's cookies information.
4. Local storage
We do not use localStorage, sessionStorage, or IndexedDB to store personal data. A small number of UI-preference keys (such as which navigation groups are collapsed in the dashboard sidebar, and your preferred view mode on the templates page) may be stored in localStorage after you sign in — these contain no personal data and do not leave your browser.
5. Managing cookies
All modern browsers let you view, block, and delete cookies through their settings. Blocking the cookies listed above will prevent sign-in and form submission — the site depends on them. If you want to limit third-party cookies, you can typically disable them in your browser's privacy settings without affecting first-party functionality.
You can reopen the cookie notice at any time by clicking in the footer.
6. Changes to this policy
If we add any new cookies — for example, if we introduce analytics or marketing cookies in future — we will update this page and show the cookie notice again so you can review the change.
7. Contact
Questions about cookies? Email us at support@get-etch.app.