Cookie Policy
Last updated: May 11, 2026
This Cookie Policy explains how Paneler (“we,” “us,” “our”) uses cookies and similar browser storage on paneler.app and the Paneler web application served from the same domain. It should be read alongside our Privacy Policy.
What are cookies?
Cookies are small text files that a website stores in your browser so that it can recognize you on later visits. They can hold things like a session identifier, a preference, or a security token. Cookies are the standard way the web keeps you signed in between page loads. We also use related browser storage mechanisms (such aslocalStorage) for a small number of user preferences, which we describe below.
Cookies we set
Paneler keeps the cookie footprint as small as possible. We do not set any analytics, advertising, or cross-site tracking cookies. The only cookies we set are the ones required to sign you in and to protect that sign-in flow from cross-site request forgery.
| Name | Purpose | Duration | Category |
|---|---|---|---|
__Secure-authjs.session-token | Holds your signed-in session as a JWT issued by Auth.js v5. Marked HttpOnly, Secure, and SameSite=Lax. Set on thepaneler.app root domain so the landing page and app at /app/* share the same session. | 30 days | Essential |
__Secure-authjs.callback-url | Remembers where to send you after you finish an OIDC sign-in. Set only during the sign-in flow. | Session (ephemeral) | Essential |
__Host-authjs.csrf-token | Protects the sign-in flow from cross-site request forgery (CSRF) attacks. | Session | Essential |
All three cookies are essential: without them you cannot sign in or stay signed in. We do not offer a way to opt out of these specific cookies while still using authenticated features, because they are what makes authentication work. You can still browse paneler.app and use the designer at /app without signing in, in which case none of these cookies will be set.
Third-party cookies
We do not embed any third-party trackers, analytics scripts, ad networks, or social media widgets on paneler.app. The only time you interact with a third party is when you choose to sign in using Google or GitHub. During that sign-in flow you are briefly redirected to the provider’s own domain, and they may set cookies on theirdomain at that point — not on paneler.app. Those cookies are governed by the provider’s own policies:
- Google — Google’s cookie policy
- GitHub — GitHub’s privacy statement and subprocessors and cookies
Once you return to paneler.app the only cookies that remain in your browser for our domain are the three Auth.js cookies listed above.
Local storage
In addition to cookies, the Paneler designer uses your browser’s localStorage to remember a single preference:
- A “don’t warn me again’ flag for the dialog that warns you before switching the active panel model, so you don’t have to dismiss the same warning every time.
This value never leaves your device, is not associated with your account, and is not used for analytics or tracking. You can clear it at any time by clearing site data for paneler.app in your browser, at which point the warning will appear again the next time you switch models.
How to control cookies
Every modern browser lets you view, block, and delete cookies. The exact navigation paths are:
- Chrome:Settings → Privacy and Security → Cookies and other site data
- Firefox:Settings → Privacy & Security → Cookies and Site Data
- Safari:Preferences → Privacy → Manage Website Data
- Edge:Settings → Cookies and site permissions → Manage and delete cookies and site data
Because every cookie we set on paneler.app is essential to authentication, blocking or clearing them will sign you out and require you to sign in again the next time you open the app. Disabling cookies entirely for paneler.app will prevent you from signing in at all, but you can still use the designer anonymously.
EU users and cookie consent
Paneler only sets cookies that are strictly necessary for the authentication you explicitly initiated. Under the EU ePrivacy Directive, strictly necessary cookies do not generally require opt-in consent, which is why you will not see a cookie banner on paneler.app. If you would like a formal legal opinion for your own jurisdiction, we recommend consulting qualified legal counsel.
Changes to this policy
If we add new cookies or change how existing ones work, we will update this page and revise the “Last updated” date at the top. Material changes — for example, adding an analytics cookie — will be announced on the homepage or by email to signed-in users before they take effect.
Contact
Questions about cookies, this policy, or what we store about you? Email [email protected] and we will get back to you.