Cookie Policy

Last updated: 2 June 2026

RedactProof is built around a privacy-first principle: documents are processed entirely in your browser and never leave your device. That principle extends to how we treat your browser session.

What we do not use

  • No analytics, advertising, or tracking cookies (the traffic analytics we do use are cookie-free - see "How we measure traffic" below)
  • No Google Analytics, and no advertising or retargeting cookies
  • No third-party tracking pixels
  • No social-media embed cookies
  • No browser fingerprinting for tracking or profiling

For transparency: when you choose to send a bug report from inside the app, we attach your browser/OS string and the page URL alongside your message so we can reproduce the issue. This is only sent when you click "Report issue", never in the background.

The marketing site you are reading now (redactproof.com) sets zero cookies under normal browsing.

How we measure traffic

To understand how many people visit and where they arrive from, we use Cloudflare Web Analytics: a privacy-first, cookie-free analytics tool run by Cloudflare, our existing hosting provider. It is not Google Analytics and it is not an advertising product. It:

  • sets no cookies and uses no fingerprinting or cross-site identifiers;
  • collects no personal data, only aggregate page-level signals (page visited, referring site, country, browser, device type);
  • never has access to the contents of any document you open;
  • does not track what you do inside the app once you are signed in: we measure only public pages and the sign-up path.

Because it sets no cookie and identifies no individual, it sits outside PECR / UK GDPR consent requirements. We disclose it here regardless, in keeping with our promise never to add tracking silently.

Cookies set inside the app

Once you sign in at app.redactproof.com, a small number of strictly-necessary cookies are set so the application can authenticate you and remember your session. None of them track behaviour, none are shared with third parties for advertising, and all of them are exempt from PECR / UK GDPR consent requirements as they are necessary for a service you have explicitly requested.

Cookie Set by Purpose Lifetime
rp_access RedactProof Short-lived authentication token (HttpOnly, Secure). Keeps you signed in. 1 hour
rp_refresh RedactProof Session refresh token (HttpOnly, Secure). Lets you stay signed in across visits. 7 days
g_state Google (Sign-in widget) Remembers that Google's sign-in prompt has been shown so it is not shown twice. Set only on the sign-in page. Up to 6 months

Why we do not show a cookie banner

Under the UK Privacy and Electronic Communications Regulations (PECR) and equivalent EU rules, cookies that are strictly necessary to deliver a service the user has requested do not require consent. Every cookie listed above falls into that category, so a consent banner is not required and we have chosen not to add one. We would rather you spent your time redacting documents.

Document content

For absolute clarity: the contents of any PDF or document you open in RedactProof are never sent to our servers, never written to a cookie, and never stored outside your browser session. Only cryptographic hashes (for verification certificates) and aggregate usage counters leave the device. See the Privacy Policy for the full data-handling detail.

Changes to this policy

If we ever add a new cookie - even a strictly-necessary one - this page will be updated and the "Last updated" date above will reflect the change. We will never silently add tracking.

Contact

Questions about cookies or anything else on this page? Email hello@redactproof.com.