Cookie Policy
Last updated: March 23, 2026
Cookies we use
RepoTree sets exactly one cookie when you sign in:
| Name | Purpose | Duration |
|---|---|---|
| next-auth.session-token | Encrypted OAuth session | 24 hours |
Cookie details
The session cookie is an httpOnly, secure, SameSite=Lax cookie. It is not accessible to JavaScript and cannot be read by third parties. It stores an encrypted JWT containing your session — no raw tokens.
Cookies we do not use
- ✗ No advertising or tracking cookies
- ✗ No analytics cookies (we use server-side analytics only)
- ✗ No third-party cookies
- ✗ No persistent preference cookies
Unauthenticated users
If you use RepoTree without signing in, no cookies are set at all.
Removing the cookie
Click "Sign out" in the header to clear your session cookie immediately. It will also expire automatically after 24 hours.
See also: Privacy Policy