Cookie Policy
Last updated: February 2026
The short version:
- We only use strictly necessary cookies for authentication and security. No consent banner is needed because these cookies are exempt under ePrivacy rules.
- We do not use any marketing, advertising, or analytics cookies.
- Our analytics tool (Umami) is fully cookie-free and does not track individual users.
1. What Are Cookies?
Cookies are small text files stored on your device by your web browser when you visit a website. They are used for various purposes, including remembering your login session and protecting against cross-site request forgery attacks.
2. Cookies We Use
Marginalia uses only strictly necessary cookies that are essential for the website to function. These cookies are exempt from consent requirements under the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive because the website cannot operate without them.
| Name | Purpose | Duration | Attributes |
|---|---|---|---|
| next-auth.session-token | Identifies your authenticated session | Session / 30 days | HttpOnly, Secure, SameSite=Lax |
| next-auth.csrf-token | Protects against cross-site request forgery (CSRF) attacks | Session | HttpOnly, Secure, SameSite=Lax |
| next-auth.callback-url | Stores the URL to redirect to after sign-in | Session | HttpOnly, Secure, SameSite=Lax |
| next-auth.pkce.code_verifier | PKCE challenge for secure OAuth authentication flow | 15 minutes | HttpOnly, Secure, SameSite=Lax |
| next-auth.state | OIDC state parameter to prevent CSRF during authentication | 15 minutes | HttpOnly, Secure, SameSite=Lax |
3. Analytics
We use Umami for website analytics. Umami is a privacy-focused analytics tool that does not use cookies, does not collect personal data, and does not track individual users across sessions. All analytics data is aggregated and anonymous.
Because Umami is entirely cookie-free, it does not require consent under ePrivacy rules.
4. Third-Party Cookies
Marginalia does not set any third-party cookies. We do not use any advertising networks, social media tracking pixels, or third-party analytics services that place cookies on your device.
5. Managing Cookies
You can control and delete cookies through your browser settings. However, if you disable our strictly necessary cookies, you will not be able to sign in or use authenticated features of the website.
For more information about managing cookies in your browser, visit your browser's help documentation.
6. Changes to This Policy
We may update this Cookie Policy from time to time. Any changes will be posted on this page with an updated “last updated” date.
7. Contact
For any questions about our use of cookies:
Email: [email protected]