Draft legal policy
Cookie and Tracking Notice
DesirForge uses necessary session and security controls. Third-party tracking is not active unless separately configured and disclosed.
Policy metadata
- Version
- 0.1.0-draft
- Status
- draft
- Last updated
- 2026-05-14
- Effective date
- 2026-05-14
- Owner
- Privacy and Security
- Attorney review
- Required before public production
Draft legal notice
Draft policy for product development. Not legal advice. Attorney review is required before public production launch. Public production launch remains blocked until legal review and operational blockers are resolved.
Scope
Applies to web sessions, CSRF/origin controls, preferences, operational metrics, logs, and future analytics.
User-facing summary
Draft cookie notice for sessions, CSRF/origin controls, preferences, operational metrics, logs, and future analytics.
Necessary cookies and controls
The app may use session cookies to keep users signed in and security controls to validate trusted requests. These are necessary for account and project workspace functionality.
Operational metrics and logs support security, reliability, and release readiness.
Future analytics
If analytics, advertising, or third-party tracking is added, the policy and consent UX must be updated before public use.
Operational notes
The current implementation uses httpOnly session cookies and origin/CSRF protections.
No third-party marketing tracker should be enabled without consent and policy updates.
A cookie consent banner is future work if non-essential cookies are introduced.
Known gaps
No consent banner exists because non-essential tracking is not currently configured.
Future analytics provider inventory is not complete.