[ Legal ]
Cookie Policy
What we set, why, and how long it lives. Short list — we don't run an ad network.
Last updated: 11 May 2026
What cookies are
Cookies are small text files stored in your browser by the sites you visit. They let services remember things between page loads — most importantly, that you're signed in.
How we use them
We use three categories. Only the first is on by default.
- Essential cookiesare required to deliver the Service. Sign-in, CSRF protection, 2FA, bot protection. You can't turn these off and still use EXERAX.
- Analytics cookieswould help us understand aggregate product usage. We currently don't set any — we use server-side Grafana metrics instead.
- Marketing cookieswould help us measure ad performance. We currently don't set any. We don't run paid ads.
If we ever add analytics or marketing cookies, we'll prompt you to consent and you'll be able to change your mind from this page.
Detailed list
| Name | Category | Purpose | Duration |
|---|---|---|---|
| exerax_access | Essential | Customer dashboard session (JWT access token). | 15 minutes |
| exerax_refresh | Essential | Refresh token to extend the dashboard session. | 30 days |
| exerax_staff | Essential | Staff dashboard session. Set only on staff.exerax.com. | 8 hours |
| exerax_shadow | Essential | Short-lived token used during staff shadow-login sessions for support. | 15 minutes |
| exerax_2fa_pending | Essential | Temporary token issued mid-login while we await your 2FA code. | 5 minutes |
| CF_Authorization | Essential | Cloudflare Access token gating the staff dashboard. | Session |
| cf_clearance / __cf_bm | Essential | Cloudflare bot-detection and DDoS protection. | Up to 30 days |
| oauth_state_* | Essential | CSRF protection during Google or GitHub sign-in. | 5 minutes |
Managing cookies
You can clear cookies at any time from your browser settings. Note that clearing the essential cookies will sign you out and you'll need to log in again.
For more on how we treat personal data, see our Privacy Policy.