Cookie Policy

Last updated: 17 June 2026

This page lists every cookie Cronheart sets, what each one is for, how long it lasts, and how to switch it off. It expands on the Cookies section of our Privacy Policy. If anything here is unclear, write to support@cronheart.com.

Cronheart sets only a small number of first-party cookies that are either strictly necessary to run the service you asked for or that simply remember a preference you set. We use no advertising, analytics, profiling, or cross-site tracking cookies, and we load no third-party scripts that would set them.

Under the EU ePrivacy Directive (Article 5(3)) and the UK Privacy and Electronic Communications Regulations, cookies that are strictly necessary for a service the user requested do not require consent, and purely functional preference cookies (such as a light/dark theme) may be set without consent provided we offer a simple way to refuse or remove them — which we do (see How to control cookies). Because we set nothing beyond those categories, no consent banner is required and we do not show one.

Cookies we set

All of the cookies below are set by cronheart.com itself (first-party). None are shared with third parties.

Cookie Purpose Category Expires
PHPSESSID Maintains your session (including sign-in state) and carries the anti-forgery (CSRF) token that protects form submissions. Set when your browser starts a session with the site — including on public pages that contain a form. Strictly necessary When you log out or your browser session ends
ui_theme Remembers whether you chose the light, dark, or automatic theme so the next page renders with the right palette. Functional 1 year
REMEMBERME Keeps you signed in between visits — set only if you tick "Keep me signed in" on the login form. Logging out or changing your password invalidates it immediately. Functional 30 days

There is no separate "CSRF cookie": the anti-forgery token lives inside your session, and form requests are additionally validated against their origin. Development and staging builds may briefly set Symfony debugging cookies (for example sf_redirect); these are never present in production.

How to control cookies

  • Theme preference — the ui_theme cookie only records which theme you picked and holds no identifier. To remove it, clear cookies for this site in your browser; the site then falls back to your device's light/dark setting.
  • Stay-signed-in — simply don't tick "Keep me signed in", or log out, to avoid / remove the REMEMBERME cookie.
  • Everything else — every browser lets you view, block, or delete cookies for a site in its privacy settings. Blocking the session cookie will stop you from signing in, because the service cannot work without it.

Analytics & advertising

We do not use Google Analytics, advertising pixels, session recorders, or any other third-party tracking technology. Nothing on Cronheart builds a profile of you or follows you across other sites.

US state privacy laws

For visitors in California and other US states with privacy laws, note that Cronheart does not sell or share your personal information and does not use it for cross-context behavioural ("targeted") advertising. Because there is no such activity, there is nothing to opt out of, and we therefore do not display a "Do Not Sell or Share My Personal Information" link.

Changes to this policy

If we ever introduce a new cookie or a tracking technology that requires consent, we will update this page and, where the law requires it, ask for your consent before setting it. The "Last updated" date above reflects the most recent revision.

See also: Privacy Policy and Terms of Service.