Cookie Policy
Last updated: 11 May 2026
RedactProof is built around a privacy-first principle: documents are processed entirely in your browser and never leave your device. That principle extends to how we treat your browser session.
What we do not use
- No analytics cookies (no Google Analytics, no Plausible, no Mixpanel, no Hotjar)
- No advertising or retargeting cookies
- No third-party tracking pixels
- No social-media embed cookies
- No browser fingerprinting for tracking or profiling
For transparency: when you choose to send a bug report from inside the app, we attach your browser/OS string and the page URL alongside your message so we can reproduce the issue. This is only sent when you click "Report issue", never in the background.
The marketing site you are reading now (redactproof.com) sets zero cookies under normal browsing.
Cookies set inside the app
Once you sign in at app.redactproof.com, a small number of strictly-necessary cookies are set so the application can authenticate you and remember your session. None of them track behaviour, none are shared with third parties for advertising, and all of them are exempt from PECR / UK GDPR consent requirements as they are necessary for a service you have explicitly requested.
| Cookie | Set by | Purpose | Lifetime |
|---|---|---|---|
rp_access | RedactProof | Short-lived authentication token (HttpOnly, Secure). Keeps you signed in. | 1 hour |
rp_refresh | RedactProof | Session refresh token (HttpOnly, Secure). Lets you stay signed in across visits. | 7 days |
g_state | Google (Sign-in widget) | Remembers that Google's sign-in prompt has been shown so it is not shown twice. Set only on the sign-in page. | Up to 6 months |
Why we do not show a cookie banner
Under the UK Privacy and Electronic Communications Regulations (PECR) and equivalent EU rules, cookies that are strictly necessary to deliver a service the user has requested do not require consent. Every cookie listed above falls into that category, so a consent banner is not required and we have chosen not to add one. We would rather you spent your time redacting documents.
Document content
For absolute clarity: the contents of any PDF or document you open in RedactProof are never sent to our servers, never written to a cookie, and never stored outside your browser session. Only cryptographic hashes (for verification certificates) and aggregate usage counters leave the device. See the Privacy Policy for the full data-handling detail.
Changes to this policy
If we ever add a new cookie - even a strictly-necessary one - this page will be updated and the "Last updated" date above will reflect the change. We will never silently add tracking.
Contact
Questions about cookies or anything else on this page? Email hello@redactproof.com.