Cookie Policy

Last updated: June 13, 2026

This Cookie Policy explains how Admiresty, Inc. ("Admiresty," "we," "us," or "our") uses cookies and similar technologies on the TLINK PRO platform at tlink.pro and associated subdomains. It should be read alongside our Privacy Policy, which provides the broader context for how we handle your personal data.

The short version: we use very few cookies, and none of them are for advertising or cross-site tracking. We believe your browser storage is yours, and we try to use as little of it as possible while keeping the platform functional and secure.

1. What Are Cookies?

Cookies are small text files that a website places in your browser when you visit. They allow the site to remember information about your visit — such as whether you are logged in, your language preference, or items in a shopping cart — across pages and sessions. Cookies are stored locally in your browser and are sent back to the originating server with subsequent requests.

Cookies differ from other browser storage mechanisms such as localStorage and sessionStorage, which are also stored locally but are not automatically sent to the server with each request. We use a combination of cookies and localStorage depending on the security and functional requirements of each piece of data.

Cookies can be "first-party" (set by the website you are visiting) or "third-party" (set by a different domain, usually an embedded service). They can also be "session cookies" (deleted when you close your browser) or "persistent cookies" (retained until they expire or you delete them).

2. How We Store Your Session

It is worth noting upfront that TLINK PRO does not use cookies to store your primary authentication session. After you log in, your session token (a short-lived JWT) is stored in the browser's localStorage rather than in a cookie. This is an intentional security design choice: by keeping the token out of cookies, we prevent it from being sent automatically with every HTTP request, which reduces certain classes of CSRF (Cross-Site Request Forgery) attacks. Our API client reads the token from localStorage and attaches it explicitly as a Bearer token in the Authorization header.

Because the session is in localStorage rather than a cookie, clearing cookies alone will not log you out of TLINK PRO. To fully sign out, use the "Sign out" button in the application, which clears both the localStorage token and invalidates the server-side session record.

3. Cookies We Set

Essential Cookies

We set a small number of first-party cookies that are strictly necessary for the platform to function correctly. These cannot be disabled without breaking core functionality:

  • CSRF token cookie — When you initiate an OAuth login flow (e.g., "Continue with Google" or "Continue with GitHub"), we set a short-lived, HttpOnly, SameSite=Strict cookie containing a cryptographically random CSRF state parameter. This cookie is checked when the OAuth provider redirects back to our callback URL to ensure the login flow originated from your browser and was not hijacked. The cookie is a session cookie and is deleted when you close your browser, or immediately after the OAuth callback completes (whichever comes first).

This is the only cookie Admiresty itself sets. We have deliberately kept our cookie footprint as small as possible.

Analytics Cookies

We do not use Google Analytics, Mixpanel, Hotjar, Segment, Heap, or any other third-party analytics platform that sets cookies or tracking pixels. All product-usage telemetry is collected server-side from authenticated API calls, associated with your account rather than with a browser fingerprint, and processed on our own infrastructure. There are no analytics cookies on TLINK PRO.

This means we do not track you across other websites, we do not build behavioral profiles for advertising, and we do not share any behavioral data with advertising networks.

Third-Party Cookies

Stripe. When you access the billing or subscription checkout pages of TLINK PRO, the embedded Stripe payment form may set cookies in your browser. These cookies are set by Stripe's domain (stripe.com or js.stripe.com) and are used by Stripe for fraud-prevention, security verification, and to remember your payment-method preferences across Stripe-powered sites. We do not control the content or lifespan of Stripe's cookies. Please refer to Stripe's Privacy Policy for details.

We do not embed social-media widgets, video players, map iframes, live-chat scripts, or any other third-party components that would introduce additional tracking cookies. If this changes in the future, we will update this policy and notify you.

4. How to Control Cookies

You can manage, disable, or delete cookies through your browser's settings. The steps vary by browser:

  • Google Chrome: Settings → Privacy and security → Cookies and other site data
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Apple Safari: Preferences → Privacy → Manage Website Data
  • Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

Most browsers also allow you to block third-party cookies specifically — a setting we encourage you to enable, as it will block Stripe's cookies when you are not in an active checkout session without affecting any core TLINK PRO functionality.

Browser extensions such as uBlock Origin, Privacy Badger, or Cookie AutoDelete can provide more granular control over which cookies are stored and for how long. TLINK PRO is compatible with these tools; our intentionally minimal cookie use means content-blockers have very little to block on our site.

5. Impact of Disabling Cookies

If you disable all cookies for the TLINK PRO domain, the following will be affected:

  • OAuth login will not work. Logging in via "Continue with Google" or "Continue with GitHub" requires the CSRF state cookie described above. Without it, the OAuth callback will fail with a security error. You can still log in with your email and password, which does not rely on cookies.
  • Stripe checkout may be affected. Stripe may refuse to load its payment form in environments where its cookies are blocked, as it uses them for fraud prevention. If you encounter issues, try allowing cookies from stripe.com and js.stripe.com specifically while keeping other third-party cookies blocked.

All other platform functionality — the dashboard, scanning, alerts, API, settings, and reporting — operates without any cookies, since your session is stored in localStorage.

6. Changes to This Policy

If we introduce new cookies or change how we use existing ones, we will update this Cookie Policy and revise the "Last updated" date at the top of this page. For material changes, we will notify registered users by email. We commit never to introduce advertising or cross-site tracking cookies without prominent notice and, where required by law, your explicit consent.

7. Contact

Questions about this Cookie Policy or our use of browser storage? Contact our privacy team:

Admiresty, Inc.
Email: privacy@admiresty.co