Cookies
Trapla uses exactly one strictly-necessary cookie plus the two short-lived cookies Auth.js sets during sign-in. No analytics, no advertising, no third-party trackers. No browser storage (LocalStorage, IndexedDB) is used for tracking.
| Name | Purpose | Type | Lifetime | Consent? |
|---|---|---|---|---|
authjs.session-token | Sign-in session | Strictly necessary | Until sign-out | No |
__Secure-authjs.session-token | Sign-in session (HTTPS) | Strictly necessary | Until sign-out | No |
authjs.csrf-token | CSRF defence | Strictly necessary | 1 hour | No |
authjs.callback-url | Post-sign-in redirect | Strictly necessary | Per sign-in | No |
Third-party assets
The map view (/map) loads vector tiles from tiles.openstreetmap.org unless the deployment owner has self-hosted a tile server. OpenStreetMap logs IP addresses for tile requests under their own privacy policy.
Clearing cookies
Sign out from the top-right of any signed-in page. The session cookie is cleared and the corresponding session row in the database is deleted, invalidating any other open tabs.