Cookie Policy
Last updated: 15 May 2026
KeyStack uses a small number of strictly necessary cookies. We don't use advertising cookies and we don't load third-party trackers on the marketing site.
What we set
| Cookie | Purpose | Lifetime | HttpOnly |
|---|---|---|---|
ks_access | Holds your JWT access token while signed in. | ~15 minutes | Yes |
ks_refresh | Holds your refresh token so you stay signed in. | 30 days | Yes |
ks_user | Stores a small JSON summary of your user (id, email, name, platform role) so the client UI doesn't need an extra round-trip. Not used for authorisation — the server always re-verifies the access token. | 30 days | No |
All three cookies are set by our authentication backend on *.keystack.dev and are scoped to first-party use only.
Analytics
The marketing site uses privacy-friendly, cookieless analytics (Plausible). No personal data is sent to third parties.
Your choices
- Sign out at any time to clear the auth cookies.
- Modern browsers let you block first-party cookies per-site if you wish, but KeyStack won't work signed in without them.
Contact
Questions about cookies? Email privacy@keystack.dev.