Cookie Policy

Last updated: March 2026

This policy explains what cookies and similar storage technologies Rumo uses, why we use them, and how you can control them.

What are cookies?

Cookies are small text files stored in your browser when you visit a website. We also use localStorage — a similar browser storage mechanism — to remember your preferences across sessions.

Cookies we use

authjs.session-tokenEssential. Keeps you signed in. Set by NextAuth.js when you log in; expires at the end of your session or after 30 days (remember me). Cannot be disabled without breaking authentication.

authjs.csrf-tokenEssential. Protects against cross-site request forgery attacks on sign-in and sign-out actions.

spark-themePreference. Stored in localStorage. Remembers your chosen colour scheme (light / dark / system) so the correct theme loads without flicker on return visits.

cookie-consentPreference. Stored in localStorage. Records whether you accepted or declined our cookie banner so we do not show it on every page load.

No third-party or analytics cookies

We do not use advertising, tracking, or third-party analytics cookies. All cookies listed above are first-party and strictly necessary or functional.

Managing cookies

You can clear cookies and localStorage at any time via your browser settings. Removing the session cookie will sign you out. You can also withdraw consent by clearing your browser storage — the cookie banner will reappear on your next visit.

Changes to this policy

We may update this policy when we change the cookies we use. The date at the top of this page reflects the most recent revision.