Cookie Policy
Last updated: May 11, 2026
RedactProof is built around a privacy-first principle: documents are processed entirely in your browser and never leave your device. That principle extends to how we treat your browser session.
What we do not use
- No analytics cookies (no Google Analytics, no Plausible, no Mixpanel, no Hotjar)
- No advertising or retargeting cookies
- No third-party tracking pixels
- No social-media embed cookies
- No browser fingerprinting for tracking or profiling
For transparency: when you choose to send a bug report from inside the app, we attach your browser/OS string and the page URL alongside your message so we can reproduce the issue. This is only sent when you click "Report issue", never in the background.
The marketing site you are reading now (redactproof.com) sets zero cookies under normal browsing.
Cookies set inside the app
Once you sign in at app.redactproof.com, a small number of strictly-necessary cookies are set so the application can authenticate you and remember your session. None of them track behavior, and none are shared with third parties for advertising. They are required for the service to function.
| Cookie | Set by | Purpose | Lifetime |
|---|---|---|---|
rp_access | RedactProof | Short-lived authentication token (HttpOnly, Secure). Keeps you signed in. | 1 hour |
rp_refresh | RedactProof | Session refresh token (HttpOnly, Secure). Lets you stay signed in across visits. | 7 days |
g_state | Google (Sign-in widget) | Remembers that Google's sign-in prompt has been shown so it is not shown twice. Set only on the sign-in page. | Up to 6 months |
Your choices
Because we do not run advertising, analytics, or third-party tracking, there is nothing to opt out of beyond signing out. Signing out clears the authentication cookies. You can clear all cookies at any time via your browser settings; you will simply need to sign in again on your next visit. We do not respond to "Do Not Track" headers because we do not track in the first place.
California (CCPA / CPRA), Virginia, Colorado and other US privacy laws
We do not sell or share personal information for cross-context behavioral advertising. We do not need to honor a Global Privacy Control signal for advertising purposes because we do no such advertising.
Document content
For absolute clarity: the contents of any PDF or document you open in RedactProof are never sent to our servers, never written to a cookie, and never stored outside your browser session. Only cryptographic hashes (for verification certificates) and aggregate usage counters leave the device. See the Privacy Policy for the full data-handling detail.
Changes to this policy
If we ever add a new cookie - even a strictly-necessary one - this page will be updated and the "Last updated" date above will reflect the change. We will never silently add tracking.
Contact
Questions about cookies or anything else on this page? Email hello@redactproof.com.