Cookie Policy
OpenSettle uses a small set of cookies to operate our dashboard and customer portal. We do not run advertising cookies. We do not sell or share cookie data with advertising networks. We do not run third-party trackers from Meta, Google Ads, TikTok, or similar platforms. We do not currently run any web analytics product.
All cookies we set are strictly necessary for authentication and session integrity. We do not set functional, analytics, or marketing cookies. UI preferences such as your theme choice are stored in your browser's localStorage (not in a cookie) and never leave your device.
You can clear cookies at any time from your browser settings. Disabling strictly necessary cookies will prevent you from signing in to the dashboard or the customer portal.
| Category | Examples | Retention | Purpose |
|---|---|---|---|
| Strictly necessary | __Host-osettle_session | Up to session TTL (typically days) | Dashboard authentication. HMAC-signed, HttpOnly, Secure, SameSite=Lax, host-only. Cannot be disabled. |
| Strictly necessary | __Secure-osettle_portal_session | Up to portal session TTL | Customer-portal authentication for end customers. HttpOnly, Secure, SameSite=Lax, host-only. Cannot be disabled. |
| Strictly necessary | osettle_oauth_v | Short-lived (OAuth handshake) | PKCE code-verifier used during third-party sign-in (OAuth). Deleted on completion. Cannot be disabled. |
| Strictly necessary | osettle_pk_reg, osettle_pk_auth | Short-lived (passkey ceremony) | WebAuthn challenge for passkey registration and authentication. Deleted on completion. Cannot be disabled. |