Cookie Policy
Effective Date: March 7, 2026
1. What Are Cookies
Cookies are small text files placed on your device when you visit a website. They allow the site to remember your session, keep you logged in, and store your preferences. Similar technologies include browser local storage and session storage.
2. Our Approach to Cookies
TerryTrilla currently uses only strictly necessary and functional preference cookies. We do not currently use analytics, advertising, or marketing cookies.
If we introduce non-essential cookies in the future (such as analytics or marketing tools), we will update this policy, add a cookie consent mechanism, and obtain your explicit consent before placing those cookies on your device.
3. Categories of Cookies We Use
| Category | Description | Consent Required |
|---|---|---|
| Strictly Necessary | Required for authentication, security, and core functionality. Cannot be disabled without breaking the Platform. | No — essential for service |
| Functional | Remember your preferences (language, theme). The Platform works without them, but will not remember your settings between visits. | No — legitimate interest |
We do not currently use:
- Analytics cookies (e.g., Google Analytics)
- Marketing or advertising cookies (e.g., Meta Pixel, Google Ads)
- Functional preference cookies beyond those listed below
4. Detailed Cookie List
4.1 Authentication Cookies (NextAuth.js)
These cookies are set by our authentication system and are required to log in and use the Platform securely.
| Cookie Name | Purpose | Duration |
|---|---|---|
next-auth.session-token | Maintains your authenticated session | Session / 30 days |
__Secure-next-auth.session-token | Secure version of session token (HTTPS only) | Session / 30 days |
next-auth.csrf-token | Protects against cross-site request forgery attacks | Session |
next-auth.callback-url | Remembers where to redirect you after login | Session |
next-auth.pkce.code_verifier | Used during OAuth login flow (PKCE security) | Session |
next-auth.state | Maintains state during OAuth authentication | Session |
next-auth.nonce | One-time token used during OpenID Connect authentication for replay attack prevention | Session |
4.2 Preference Cookies
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
NEXT_LOCALE | next-intl | Stores your language/region preference | 1 year |
theme | next-themes | Stores your light/dark mode preference | 1 year |
5. Third-Party Services
We use Stripe for payment processing. Stripe may set its own cookies for fraud prevention during checkout. These are strictly necessary for secure payment processing and are governed by Stripe's own privacy policy:
- Stripe Privacy Policy: https://stripe.com/privacy
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
__stripe_mid | Stripe | Device fingerprinting for fraud prevention | 1 year |
__stripe_sid | Stripe | Session fraud prevention during payment | 30 minutes |
6. Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to view, block, or delete cookies:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and Site Permissions
Note: Blocking strictly necessary cookies (authentication and CSRF) will prevent you from logging in and using the Platform.
7. Future Cookie Use
We plan to add the following in future, at which point this policy will be updated and appropriate consent obtained:
- Analytics cookies (e.g., Google Analytics) — to understand how users navigate the Platform
- A cookie consent banner — to allow EU/EEA users to manage non-essential cookie preferences
We will not place any non-essential cookies until a proper consent mechanism is in place.
8. EU/EEA Users
The cookies we currently set are either strictly necessary for the operation of the Platform, or functional preference cookies based on legitimate interest. Neither category requires consent under the ePrivacy Directive or GDPR. When non-essential cookies are introduced, we will implement a compliant consent mechanism before doing so.
9. Changes to This Policy
We will update this Cookie Policy when our cookie usage changes. The "Last Updated" date at the top of this page will reflect any revisions. For material changes (e.g., introduction of analytics or marketing cookies), we will notify registered users by email.
10. Contact
For questions about our use of cookies: [email protected]