Cookie Policy

Last Updated: May 24, 2026

One cookie only
No tracking cookies
No ads or third parties
Session only

This page explains what cookies Runima uses, why, and what each one does. The short version: we use exactly one cookie, and it only exists to keep you signed in.

No tracking. No analytics. No advertising.

Runima does not use any third-party cookies, tracking pixels, analytics scripts, or advertising identifiers. We do not share cookie data with any external service.

The Cookie We Set

Name Type Purpose Expiry
__Host-session Strictly necessary Keeps you signed in to your accountSession / explicit sign-out

Technical Details

The session cookie is set with the highest available security attributes:

  • __Host- prefix — A browser-enforced security prefix. The cookie must be set over HTTPS, cannot specify a Domain attribute, and must use Path=/. This prevents a compromised subdomain from injecting a cookie into your session.
  • HttpOnly — The cookie cannot be read by JavaScript. Even if an attacker injected malicious script into a page, it could not steal your session token.
  • Secure — The cookie is only sent over HTTPS connections, never over plain HTTP.
  • SameSite=Strict — The cookie is never sent on cross-site requests — not on link clicks from external sites, not on form submissions from external sites. This is a strong defense against CSRF attacks.

Managing Cookies

Because we only use a strictly necessary session cookie, cookie consent banners are not required — and we don't show one.

You can delete or block cookies at any time through your browser settings. Blocking or deleting the session cookie will sign you out. You can also sign out explicitly from within the application, which deletes the cookie from the server side immediately.

Contact Us

Questions about how we use cookies? Contact us through the contact form.