GuardYourName

Cookies

Cookie Policy

Every cookie we set, what it does, how long it lives — there are only five.

Last updated: 5 May 2026.

We use cookies sparingly. There are no analytics cookies, advertising cookies, or third-party trackers on this site — we don't run Google Analytics, Mixpanel, Plausible, or any equivalent. Every cookie below is what privacy law calls "strictly necessary" — it exists to make the service work, not to track you.

Because we don't set non-essential cookies, the GDPR ePrivacy Directive doesn't require us to gate our service behind a consent banner. We display a small notice on first visit so you know what's happening; dismissing it doesn't grant any new consent — there's nothing additional to consent to.

Cookies we set

Name Purpose Lifetime Type
guardyourname_session Identifies your browser session so we can keep you signed in and remember things like your shopping cart between page loads. 120 minutes idle Strictly necessary
XSRF-TOKEN CSRF protection — proves that form submissions came from a real GuardYourName page and not a malicious site impersonating you. Session Strictly necessary
gyn_cart_token Lets your shopping cart persist if you close the tab and come back later, even before you sign in. 30 days Strictly necessary
trusted_device Set only if you tick "Remember this device for 30 days" during a 2FA prompt. Lets us skip the 2FA challenge from this browser. The cookie holds a random token; the matching record in our database stores only a hash of the token plus a UA-derived label. 30 days Strictly necessary (security)
remember_web_* Set only if you tick "Remember me" on the sign-in form. Lets us keep you signed in across browser restarts. ~5 years (Laravel default; we may shorten this) Strictly necessary (auth)

Third-party cookies / external resources

Two pages load resources from third-party origins and may set cookies as a side effect:

  • Magic-link sign-in page — embeds Cloudflare Turnstile, the bot-deterrence widget. Cloudflare may set cookies in their domain (challenges.cloudflare.com) for the duration of the challenge. We don't read or share those cookies.
  • Stripe checkout — when you reach the payment step, Stripe.js loads from js.stripe.com to tokenize your card. Stripe may set cookies in their own domain. We never see the contents.

Opting out

If you decline all cookies in your browser settings, parts of the service will stop working: you won't be able to sign in, complete checkout, or keep a cart. Because we only use strictly-necessary cookies, there is no separate "opt out of analytics / advertising" toggle — there's nothing we'd be willing to set that you haven't already accepted by signing up.

The only optional cookies we set are trusted_device and remember_web_*, both of which are gated behind a checkbox that's unticked by default. If you don't tick them, those cookies are never set.

Changes

If we ever introduce a non-essential cookie (for analytics, marketing, etc.), we will update this page and surface a granular consent banner — the kind with toggles for each category — before the new cookies are set. We have no current plans to do so.

We use only the cookies needed to sign you in and keep your cart — no analytics, no advertising, no tracking. Cookie details · Privacy policy