1. What are cookies?
Cookies are small text files that a website asks your browser to store. They let the site recognise you across requests and remember your preferences. We also use localStorage, a similar browser-storage mechanism, for a handful of UI preferences. Together we refer to both as "cookies" on this page.
2. How we categorise cookies
- Strictly necessary — required for the service to function (authentication, CSRF protection, your saved consent choice). These do not require consent under GDPR Recital 30 / ePrivacy Art 5(3).
- Preference — remember non-essential UI choices like theme and language. Lifetime is short and they carry no tracking identifiers.
- Analytics — help us understand how the homepage is used. Only set if you grant analytics consent in the banner.
3. Cookies and storage we use
Names below show the production prefix mtf_. Development and staging environments use distinct prefixes (mtf_dev_, mtf_stage_) so storage stays isolated.
| Name | Type | Purpose | Duration | Lawful basis |
|---|---|---|---|---|
mtf_auth_token | HTTP cookie (httpOnly, secure, SameSite=Lax) | Authenticates your session after sign-in. | 30 days | Strictly necessary |
mtf_skynet_auth_token | HTTP cookie (httpOnly, secure, SameSite=Lax) | Authenticates internal admin sessions. Not set for regular users. | 7 days | Strictly necessary |
XSRF-TOKEN | HTTP cookie (readable by JS by design) | Cross-site request forgery (CSRF) protection via double-submit pattern. | Session | Strictly necessary |
mtf_theme | HTTP cookie | Remembers your light/dark theme choice across subdomains. | 1 year | Preference |
mtf_locale | HTTP cookie | Remembers your language choice across subdomains. | 1 year | Preference |
mtf-consent-preferences-v2 | localStorage | Stores the consent choices you made in the banner so we can apply them on every visit. | Until you clear it | Strictly necessary |
mtf-consent-acknowledged | localStorage | Records that you have already seen the consent banner. | Until you clear it | Strictly necessary |
_ga, _ga_<container> | HTTP cookie (Google) | Distinguishes unique visitors for Google Analytics measurement. | 2 years | Consent (analytics_storage) |
_gid | HTTP cookie (Google) | Distinguishes unique visitors over a single day. | 24 hours | Consent (analytics_storage) |
sentryReplaySession (and related sentry-* entries) | localStorage / sessionStorage (Sentry) | Correlates errors with a session for debugging. Only present when Session Replay is enabled. | Session, up to 24 hours | Consent (analytics_storage), or legitimate interest where scoped to error replays only. |
4. Third-party cookies
The analytics row above is set by Google (Google Analytics 4) and the Sentry row is set by Functional Software Inc. (Sentry). These vendors process the data on our behalf under data-processing agreements. Their own cookie practices are described in their privacy notices.
5. Managing your choices
You can change your consent at any time. Withdrawing consent does not affect the lawfulness of processing that happened before withdrawal.
You can also block or delete cookies via your browser settings. Doing so may break sign-in or other strictly-necessary features.
6. Changes
When we add, change, or remove a cookie, we update this page and bump the "Last updated" date above. Material changes are also listed in our changelog.