What we store on your device, why, and how to change it. Compliant with the EU ePrivacy Directive and GDPR.
Last updated: 21 May 2026 - Version 2026-05-21
The categories we use
Strictly necessary Always on
These are needed to keep you signed in, remember which role you logged in as, and protect against cross-site request forgery. They are exempt from the consent requirement under recital 30 of the ePrivacy Directive because the service does not function without them.
What we set:ASP.NET_SessionId (session, HttpOnly), ibmarker_aid (anonymous identifier, 1 year), ibmarker_consent (your choices, in localStorage), OAuth state tokens (session, only during sign-in).
Analytics Off
Helps us understand which features are used so we can improve the product. Tracked in aggregate. We do not run third-party advertising trackers and we do not sell or share with data brokers.
If you opt in: we set a first-party rotating identifier for the analytics session. No long-term cross-site tracking. You can withdraw at any time below.
Product communications Off
Lets us email you about new features, study tips, and product updates. This is separate from transactional emails (verification, password reset, billing) which we send regardless because they are necessary for the service.
If you opt in: we record your consent here and add you to the product newsletter. You can unsubscribe via any email we send.
Change your choices
Your decisions are stored only on this browser. Change them any time, no questions asked.
Browser-level controls
You can also disable cookies entirely in your browser. Direct guidance:
If you block strictly necessary cookies you will not be able to sign in. Blocking analytics or product-communications cookies is supported and does not affect the core product.
Related
See our privacy policy for the full picture of how we handle personal data.