Cookies

Production Board uses exactly two first-party cookies, both strictly necessary, and one local-storage entry for your theme + language preference. We do not set advertising cookies, do not embed third-party trackers on logged-in pages, and do not run session recording.

Because none of the items below requires consent under GDPR or the German TDDDG (formerly TTDSG), no consent banner is needed. If we ever introduce something that does require consent, we will ask separately and clearly.

`session` - keeps you signed in. Set after login, expires when you log out or after 30 days of inactivity. HttpOnly + Secure + SameSite=Lax. Server-only readable - JavaScript on the page cannot see it.

`csrf` - signs the cross-site protection token attached to every state-changing request. Set on first page load, expires with the session. Secure + SameSite=Lax.

`NEXT_LOCALE` - your chosen language (en or de). Cookie, set by the language switcher. Read only at SSR time to render the right strings; never sent to a third party.

`theme` - your dark / light mode preference. Stored in localStorage only. Stays on the device, never sent to us.

No _ga, _fbp, _pin, _hjid, no Google Tag Manager, no Hotjar, no Mixpanel, no Segment, no LinkedIn Insight Tag, no Meta Pixel, no Microsoft Clarity. No advertising network has a beacon on this site. No cross-site tracker can observe you here.

Sign out: drops the session and csrf cookies. Clear site data in your browser: drops everything else, including theme and NEXT_LOCALE. Both are safe - the next page load just behaves as a fresh visit.