Cookie Policy
Effective date: 2026-05-11
1. What Are Cookies
Cookies are small text files placed on your device by a website when you visit. They allow the site to "remember" your preferences, login status, and similar information. We use cookies to power login sessions, security, performance monitoring, and (optionally) analytics and marketing.
For convenience, we use "cookies" in this policy to include similar technologies (such as localStorage, sessionStorage, and pixel tags).
2. Categories of Cookies We Use
We classify our cookies into three categories. Only the "Strictly necessary" category is enabled by default; the other two categories are enabled only with your explicit consent.
2.1 Strictly Necessary — Enabled by default, cannot be disabled
These cookies are essential for the basic functionality of the product. Disabling them prevents you from logging in or using the core service.
| Name | Purpose | Retention |
|---|---|---|
ds_token / ds_admin_token | User / administrator login session (JWT) | Session lifetime (default 7 days) |
th_consent_v1 | Records your cookie-consent choice | 1 year |
threathunter-lang | Your interface-language choice | 30 days |
csrf_token | CSRF protection | Session |
| Server load-balancing cookies | Session affinity | Session |
Lawful basis: Contract performance / our legitimate interest (site security and proper operation). Strictly-necessary cookies are exempt from the prior-consent requirement under the ePrivacy Directive (Article 5(3)).
2.2 Analytics / Performance — Disabled by default
These cookies help us understand how the product is used, identify performance bottlenecks, and trace errors so that we can improve the service. Disabling them does not affect your use of the product.
| Provider | Purpose | Retention |
|---|---|---|
| Analytics provider | Page views, user-flow analysis, funnel metrics | 13 months (default) |
| Error-monitoring provider | Front-end error tracking | 90 days |
Data is anonymised (IP truncation / hashing) and is not used for cross-site tracking.
Lawful basis: Your explicit consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time via Footer → "Cookie Preferences".
2.3 Marketing — Disabled by default
These cookies are used to measure ad effectiveness and attribute conversions across sites. No marketing cookies are currently enabled by default. If marketing cookies are enabled in the future, this policy will be updated and your renewed consent will be sought.
| Provider | Purpose | Status |
|---|---|---|
| LinkedIn Insight Tag | LinkedIn ad attribution (only when NEXT_PUBLIC_LINKEDIN_PARTNER_ID is configured) | Conditional |
Lawful basis: Your explicit consent.
3. How to Manage Cookies
3.1 First Visit
On your first visit, a cookie banner is displayed at the bottom of the screen. You can:
- Accept All — enable all three categories (including Analytics and Marketing);
- Reject All — enable only Strictly Necessary (default); or
- Customize — enable Analytics and / or Marketing individually.
The "Reject All" button has the same visual weight as "Accept All" — we do not use dark patterns to encourage acceptance.
3.2 Updating Your Choice at Any Time
A "Cookie Preferences" link is available in the footer of every page; click it to reopen the preferences panel and update your choices.
3.3 Browser-Level Controls
You can also delete existing cookies or block future cookies through your browser settings:
Note that blocking cookies at the browser level may affect basic functionality such as login or language preferences.
3.4 Do Not Track / Global Privacy Control
We honour the Global Privacy Control (GPC) signal — if your browser sends a GPC signal, we treat it as a rejection of Analytics and Marketing cookies by default.
4. Third-Party Cookies
Some cookies are set by third-party providers (sub-processors). Their cookies are governed by their own policies:
- Third-party payment processor — when payment components load, related cookies may be set; the provider's cookie policy is available on request from privacy@threathunter.com.
- Analytics provider (if enabled) — see provider's privacy policy.
- LinkedIn Insight Tag (if enabled) — see LinkedIn Privacy Policy.
See the Sub-processors list for the complete list of categories.
5. Policy Updates
This policy may be updated from time to time. Material changes (new cookie categories or new third-party providers) will be notified by banner and your renewed consent will be sought.
6. Contact Us
For any cookie-related question:
- Email: privacy@threathunter.com
- Full Privacy Policy: /legal/privacy
Last updated: 2026-05-11 · Version: 2026-05-11