Legal

Cookie Policy

Last updated: 2026-04-29 · Effective from the same date
Plain English summary

We use very few cookies — only the strictly-necessary ones to keep you logged in and the service running. No advertising trackers, no third-party analytics that follow you around the web. The table below lists every cookie, what it does, and how long it lives.

Privacy PolicyTerms of ServiceData Processing AgreementCookie Policy

1. What cookies are

Cookies are small text files a website stores on your device. They’re used for everything from keeping you logged in to tracking you across the web for advertising. We use them for the first reason and not the second.

2. Categories we use

We classify cookies as required by UK e-privacy law (PECR) and ICO guidance:

  • Strictly necessary — required for the service to work (e.g. session token). No consent needed; you can’t opt out without breaking the service. We use these.
  • Functional — improve experience but not strictly required (e.g. remembered theme preference). Consent required.
  • Analytics — measure usage patterns (e.g. Plausible). We use a privacy-respecting first-party setup that doesn’t use cookies.
  • Advertising / tracking — follow you across sites for marketing. We do not use these.

3. The cookies we set

NamePurposeTypeLifetime
scarif_sessionHMAC-signed session token. Identifies you while signed in. HttpOnly + Secure + SameSite=Lax.Strictly necessary30 days (rolling)
scarif_csrfCSRF protection token for form submissions.Strictly necessarySession
scarif_themeStores your light/dark theme override (if you change from default).Functional1 year

That’s it. No third-party tracking cookies, no advertising IDs, no Google Analytics, no Facebook Pixel.

4. Analytics

We use Plausible Analytics (or PostHog for product analytics) configured in privacy-first mode: first-party-only, no cookies, no cross-site tracking, no personal data exported. This is treated as “analytics without cookies” under ICO guidance and doesn’t require a consent banner.

5. How to control cookies

Most browsers let you block or delete cookies via settings. Blocking strictly-necessary cookies will break sign-in. Blocking functional cookies just resets your preferences each visit.

If you want us to delete all your cookies server-side (e.g. log out everywhere), use the “Sign out of all devices” button in /security in the dashboard.

6. Updates

If we add a new cookie or change purpose, we update this page and the “last updated” date. Material changes (new categories, new third-party processors that set cookies) trigger a fresh consent prompt.

7. Contact

Questions: privacy@scarifone.com.

Questions about this document? Email privacy@scarifone.com for privacy / DPA questions, hello@scarifone.com for everything else. Tom replies within a few hours during UK office hours.