Cookies at Whisp3r

Cookies on Whisp3r are kept to the minimum needed to keep the app working. We do not run our own analytics or marketing pixels — the consent you set at Whisp3r Auth governs both apps.

Effective 2026-06-05 Version v1.0-draft

What we set

On whisp3r.com we only set cookies that are necessary to keep the app functioning. There is no telemetry pixel, no advertising network beacon, and no third-party tracker on any of our pages.

wa_session — your signed-in session. Holds the OIDC subject + access/refresh tokens received from Whisp3r Auth at sign-in. HttpOnly, Secure, SameSite=Lax. Cleared on sign-out or when the session expires.
cookie_consent — a local mirror of the preferences you set at Whisp3r Auth, so the page renders the right state without a round trip on every navigation. Read only by client-side code in this app.
PARAGLIDE_LOCALE — if you pick a different language from the footer, we store that override here so the next page render serves the right translations.

That is the entire set. No _ga, no fbp, no tt_*, no mp_*. If we ever add an analytics cookie it will gate strictly behind the Analytics preference defined below — and the consent screen at Whisp3r Auth that controls it will surface on your next visit.

Cookie preferences are inherited from Whisp3r Auth

Whisp3r is one of several apps that sign in through Whisp3r Auth. Cookie consent is an account-level choice, not a per-app one — we deliberately do not show our own banner because that would let two surfaces disagree about what you allowed.

The two categories defined at Whisp3r Auth are:

Essential — always on, can't be disabled. Covers authentication, security, and "remember which page you were on." Your sign-in session is essential by definition.
Analytics — anonymised usage so we know what to fix. Today this app does not run analytics; the toggle is honoured anyway for any future surface that needs it (an error-reporter, an in-app help widget, a feature opt-in flow).
Marketing — attribution + remarketing pixels. Today this app does not run any. Toggle stays available so we never quietly change behaviour without your prior consent.

To change your preferences, go to your account on Whisp3r Auth and manage cookies there. The next time you visit this app the new state propagates within seconds — see the Privacy document for the wire-level details on how that propagation works.

Changes to this document

This document is versioned. Material changes (additions to the cookie list, anything that loosens the inherited-consent model) require a fresh consent screen at Whisp3r Auth before they take effect for your account.

v1.0-draft (2026-06-05): Initial publication. Documents the wa_session / cookie_consent / PARAGLIDE_LOCALE set and the inherited-from-Whisp3r-Auth consent model.