Legal

Cookie & Tracking Policy

Last updated: March 2026

OSQR is built on privacy. We use minimal cookies — only what's necessary to keep you logged in and the service running. We do not use advertising cookies, tracking pixels, or sell your browsing data.

01What Are Cookies

Cookies are small text files placed on your device by a website when you visit. They help the service remember information about your session — such as whether you're logged in — so you don't have to re-enter it on every page.

Similar technologies serve comparable purposes:

  • Cookies — stored by your browser, sent with each request to our servers
  • Local storage — persistent key-value data stored in your browser, not sent with requests
  • Session storage — like local storage but cleared when you close the browser tab

OSQR uses all three, but only for the purposes described in this policy.

02Cookies We Use

Essential Cookies

Required for the service to function. Cannot be disabled.

Authentication session cookieExpires: logout or 30 days

Set by NextAuth.js. Keeps you logged in across pages and browser sessions. Without this cookie, you would be signed out on every page load.

CSRF protection tokenExpires: session duration

Prevents cross-site request forgery attacks by verifying that form submissions originate from OSQR itself.

Cookie consent preferenceExpires: 1 year

Remembers that you have acknowledged this cookie policy so we don't show the notice on every visit.

Functional Cookies

Used to provide and improve core service features. Stored in local storage.

Theme / display preferencesPersistent

Remembers whether you prefer dark or light mode so your display preference is applied on every visit.

Sidebar statePersistent

Remembers whether you have the navigation sidebar collapsed or expanded.

Last active workspacePersistent

Routes you directly to your most recently used workspace when you return to the app.

Feature discovery statePersistent

Tracks which in-app tips and discovery prompts you have already dismissed so they don't appear again.

Analytics

Our approach to analytics is deliberately minimal.

  • OSQR does not use Google Analytics, Facebook Pixel, or any third-party tracking service
  • We may collect anonymous, aggregated usage statistics — such as page views and feature usage counts — using first-party tooling only
  • No analytics data is shared with advertisers or third-party analytics providers
  • Aggregated statistics cannot be used to identify you individually

03Third-Party Cookies

Certain third-party services integrated into OSQR may set their own cookies. OSQR does not control these cookies and they are governed by the respective third party's cookie policy.

  • Stripe — may set cookies for payment processing and fraud prevention when you access billing or subscription pages
  • Authentication providers (Google, GitHub) — may set cookies during the OAuth login flow to maintain the state of the sign-in process

These third-party cookies are set only when you actively interact with those services (e.g., initiating a login with Google or visiting the billing page). They are not present during normal use of OSQR.

04Local Storage & Session Storage

OSQR uses browser local storage and session storage to improve your experience. These mechanisms store data only in your browser — they are never transmitted to OSQR's servers as part of a tracking profile.

Used for:

  • UI state (sidebar layout, panel positions, modal dismiss state)
  • Draft message content (so you don't lose unsent messages)
  • Cached preferences and theme settings

Never used for:

  • Tracking your behavior across sessions for advertising purposes
  • Cross-site identification or fingerprinting
  • Sharing data with third-party advertising networks

05How to Control Cookies

You have full control over cookies in your browser. Most modern browsers allow you to view, block, or delete cookies through their privacy or security settings.

  • Check your browser's help documentation for instructions on managing cookies — search for "manage cookies" in your browser's help centre
  • You can clear local storage and session storage through your browser's developer tools (usually accessible via F12 or right-click → Inspect → Application tab)
  • Most browsers also offer a private or incognito mode that does not persist cookies or local storage after the session ends

Important Note

Blocking or deleting essential cookies — particularly the authentication session cookie — will prevent you from staying logged into OSQR. You will need to sign in again each time you visit.

06Do Not Track

OSQR respects the Do Not Track (DNT) browser signal. When your browser sends a DNT signal, we disable any optional first-party analytics collection for your session.

  • DNT is a browser setting that tells websites you prefer not to be tracked — it can usually be enabled in your browser's privacy settings
  • When DNT is enabled, we skip any optional aggregated usage analytics collection
  • Essential cookies (authentication, CSRF, consent preference) are still required for the service to operate regardless of your DNT setting

07Changes to This Policy

We will update this policy if our cookie practices change. Any changes will be reflected in the "Last updated" date at the top of this page.

  • Minor clarifications may be made without notice
  • Material changes — such as adding new categories of cookies or third-party integrations — will be communicated via a notice within the service
  • Continued use of OSQR after a material change constitutes your acceptance of the updated policy

08Contact

If you have questions about this Cookie & Tracking Policy or how OSQR uses cookies, please reach out:

Related Policies

This policy should be read alongside our other legal documents: