Cookie Policy
Last updated: April 20, 2026
Summary
mdstill uses a minimal set of first-party cookies strictly necessary to run the service. We do not use third-party analytics, advertising, or cross-site tracking cookies.
Cookies we set
| Name | Purpose | Lifetime |
|---|---|---|
| refresh_token | Keeps you signed in. HttpOnly, Secure, SameSite=Lax. | 30 days |
| oauth_state | CSRF protection during Google sign-in. Deleted after the flow. | 10 minutes |
| mdstill-theme | Stored in localStorage (not a cookie). Remembers your light/dark preference. | Until cleared |
| mdstill-cookie-ack | Stored in localStorage. Remembers that you dismissed the cookie notice. | Until cleared |
Third parties
We do not embed third-party tracking scripts. If you sign in with Google, the OAuth redirect flow happens on Google's servers under their own cookie policies; we only receive your verified email and name.
Controlling cookies
You can clear all cookies and local storage for mdstill from your browser at any time. Blocking authentication cookies will prevent you from staying signed in, but the service otherwise remains usable without an account.
Questions
Write to mdstill.support@gmail.com.