Categories.
Strictly necessary.
These cookies are essential for the service to function. They are exempt from consent under the ePrivacy Directive because without them you cannot sign in or use the dashboard.
- qr_session — the session cookie that keeps you signed in after magic-link authentication. Expires 30 days after issue. Marked
HttpOnly,Secure, andSameSite=Lax. - qr_csrf — a short-lived CSRF token set on form pages to prevent cross-site request forgery. Rotated on each form submission.
Analytics.
We do not use third-party analytics cookies. Scan-event data is collected server-side from the passport viewer URL; it does not set cookies in the visitor's browser.
Advertising.
None. We do not run advertising and we do not set or permit advertising cookies.
Managing cookies.
You can clear cookies at any time through your browser's privacy settings. Clearing qr_session signs you out of the dashboard. The public passport viewer continues to work without any cookies at all.
Changes.
If we ever introduce a new cookie category — e.g. for privacy-preserving analytics — this page is updated and a notice is emailed to account holders 30 days before the change goes live.
Questions on this policy? Use the contact form — or email the team through the details on the contact page.