Cookie & Local Storage Policy

Effective: February 22, 2026 · Last updated: February 22, 2026

1. Overview

This policy explains how TradeProof ("we," "us," or "our") uses cookies and browser local storage when you use our website and platform at tradeproof.net (the "Service"). We believe in transparency about client-side data storage and want you to understand exactly what is stored in your browser.

Key point: TradeProof does not set any first-party cookies. Authentication and session data are stored in your browser's localStorage, not in cookies. The only cookies that may appear in your browser while using our Service come from third-party services (Stripe and Cloudflare).

2. How Authentication Works

TradeProof uses JSON Web Tokens (JWT) for authentication. When you log in, the server issues a signed JWT that your browser stores in localStorage (not a cookie). On each subsequent request, the browser sends this token in an Authorization: Bearer HTTP header. This means:

No authentication cookies are set by TradeProof
Your session is not vulnerable to cookie-based cross-site request forgery (CSRF) attacks
Tokens are only sent when our application code explicitly includes them in API requests

3. Browser Local Storage

TradeProof stores the following items in your browser's localStorage to maintain your session and preferences:

Key	Contents	Purpose	Lifetime
`tp_token`	JWT access token (signed, not encrypted)	Authenticates API requests to the TradeProof server	Until you log out or the token expires
`tp_user`	User profile JSON (name, email, user ID)	Displays your identity in the dashboard without an extra API call	Until you log out
`tp_org`	Organization context JSON (org name, org ID, tier)	Identifies which organization you are operating in	Until you log out or switch organizations

Unlike cookies, localStorage data is never automatically sent to the server with HTTP requests. It is only read by TradeProof's client-side JavaScript when needed.

3.1 Session Storage

Some pages may also store tp_token in sessionStorage as a fallback. Session storage is identical to localStorage except that it is automatically cleared when you close the browser tab.

4. Third-Party Cookies

While TradeProof does not set its own cookies, the following third-party services may set cookies in your browser when you use parts of our Service:

4.1 Stripe (Payment Processing)

When you visit billing pages or complete payment transactions, Stripe may set cookies to process payments securely and prevent fraud. These cookies are governed by Stripe's Privacy Policy. Common Stripe cookies include:

__stripe_mid -- Stripe merchant identification
__stripe_sid -- Stripe session identifier

4.2 Cloudflare (Security and CDN)

Our Service is delivered through Cloudflare's network for performance and security. Cloudflare may set cookies to manage bot protection and security challenges. These cookies are governed by Cloudflare's Privacy Policy. Common Cloudflare cookies include:

__cf_bm -- Bot management cookie used to distinguish humans from automated traffic
cf_clearance -- Set after a user completes a Cloudflare security challenge

5. What We Do Not Use

TradeProof does not use:

First-party cookies of any kind
Advertising or behavioral tracking cookies
Social media tracking pixels or widgets
Third-party analytics cookies (e.g., Google Analytics)
Cross-site tracking technologies
Browser fingerprinting

6. Managing Stored Data

6.1 Clearing TradeProof Data

You can clear TradeProof's localStorage data at any time. This will log you out of the application.

Log out: Click the "Log out" button in the dashboard. This clears all TradeProof localStorage items automatically.
Manual removal: Open your browser's Developer Tools (usually F12), navigate to the Application or Storage tab, select "Local Storage" for tradeproof.net, and delete the tp_token, tp_user, and tp_org entries.
Clear all site data: In your browser settings, clear site data for tradeproof.net to remove all localStorage and any third-party cookies in one step.

6.2 Managing Third-Party Cookies

You can control third-party cookies through your browser settings. Most browsers allow you to:

View and delete individual cookies
Block cookies from specific domains
Block all third-party cookies
Clear all cookies when you close the browser

Note that blocking Stripe cookies may prevent you from completing payment transactions. Blocking Cloudflare cookies may cause repeated security challenges when accessing the Service.

7. Changes to This Policy

If we change how client-side data is stored -- for example, by introducing first-party cookies or adding new localStorage items -- we will update this policy and note the changes here. Material changes will be communicated before they take effect.

8. Contact

Questions about cookies or local storage? Contact [email protected].