Legal
Cookie policy
Last updated: 11 May 2026
1. What cookies are, briefly
A cookie is a small text file a website asks your browser to store and send back on subsequent requests. Cookies are scoped to the domain that set them. Categories you may have seen elsewhere are: strictly necessary (the site cannot work without them), preference (remembers your settings), statistics (measures audience), and marketing (profiles you across sites to target ads).
This Service uses only strictly-necessary and preference cookies. We use no statistics cookies, no advertising cookies, no cross-site trackers, no fingerprinting, and no third-party analytics. There is no cookie banner because we do not set any cookie that requires consent under the ePrivacy Directive (2002/58/EC, as amended) or the implementing national laws.
2. Every cookie we set
| Name | Category | Purpose | Duration |
|---|---|---|---|
rw_session | Strictly necessary | Keeps you signed in after authentication. Without it, every page navigation would log you out. | 30 days (sliding renewal) |
rw_csrf | Strictly necessary | Cross-site request forgery token. Submitted with form posts so the server can confirm the request originated from this site. | Session (deleted when you close the browser) |
rw_theme | Preference | Remembers your light/dark theme choice between visits. Set only after you actively change the theme from the default. | 1 year |
3. Local storage and similar technologies
In addition to cookies we use a tiny amount of localStorage on your device to remember non-sensitive UI state — for example, which filter chips were open the last time you visited a page. Nothing inlocalStorage identifies you and nothing is transmitted to our servers.
4. Why no cookie banner?
EU and UK rules require consent before storing cookies on a user’s device unless the cookie is “strictly necessary” for a service that the user has explicitly requested. The cookies above are either strictly necessary (session, CSRF) or set only after you actively change a preference (theme) — which is itself the user-initiated action that the law contemplates. Because we do not set any cookie that is not in one of those buckets, no opt-in banner is required.
5. Third-party cookies
We do not embed third-party scripts that set cookies on our domain. Resources we serve (fonts, the Logo SVG, item attachments) are either self-hosted or served fromcookieless sub-resources.
One narrow exception: if you proceed to pay for a tier on the checkout page, your browser briefly visits our payment processor (Stripe), which sets its own anti-fraud cookies on Stripe’s domain. Those cookies are governed by Stripe’s privacy policy. We do not see or control them.
6. Controlling cookies
All major browsers let you view, block, or delete cookies for any specific site. If you block our strictly-necessary cookies, you will be able to read the public Service but you will not be able to sign in or use any authenticated feature.
7. Changes to this policy
If we introduce a new cookie we will update this page and describe the cookie before it is set. The “last updated” date at the top reflects the most recent version.
8. Contact
Questions about cookies or other site technologies: info@disruptfinance.io. Our full privacy policy is here.