The short version
We use cookies sparingly. All current cookies are strictly necessary to run the service — no advertising trackers, no third-party analytics by default.
What we use
Essential (always on — can't be disabled without breaking login)
| Cookie | Purpose | Lifetime |
|---|---|---|
projoint.session | Authenticated session ID after login. Without it you'd be logged out on every page. | 30 days (rolling) |
projoint.csrf | CSRF protection token — prevents cross-site request forgery on form submissions. | Session |
projoint.theme | Remembers your light / dark theme preference. | 1 year |
Analytics (opt-in via the consent banner)
If you accept analytics in the consent banner, we set a privacy-friendly analytics cookie (Plausible / GoatCounter) that tracks aggregate page views — no individual user tracking, no cross-site identifiers, no sale to third parties. You can change your mind anytime from the banner's "Cookie settings" link in the footer.
Browser local storage
In addition to cookies, the app uses your browser's local storage for a few non-essential preferences (e.g. last-viewed project, sidebar collapsed state). This data never leaves your device.
Disabling cookies
Modern browsers let you block cookies per-site. Blocking
projoint.session will break login on Projoint — that's not
a configurable behaviour. Blocking the analytics cookie is fully
supported and won't affect functionality.
Changes
Material changes (e.g. adding a new cookie category) are announced via the consent banner the next time you visit.
Contact
Privacy questions: privacy@projoint.tech.