Cookie Policy
Last updated: October 19, 2025
This Cookie Policy explains what cookies and similar technologies Sora Watermark Remover ("we", "our") uses, why we use them, and how you can manage your choices when using https://sora2watermarkremover.app and related services (the "Service").
1. What Are Cookies and Similar Technologies?
Cookies are small text files stored on your device by your browser. They help websites remember your actions and preferences (e.g., sign-in status) and support security and performance. We may also use localStorage, sessionStorage, and, in limited cases, pixels or server-set cookies for measurement and security.
We do not use advertising or retargeting cookies.
2. Categories of Cookies We Use
- Strictly necessary cookies – Required for core functionality such as authentication (keeping you signed in), CSRF protection, rate-limit/quota tracking, and security. The Service cannot function properly without these.
- Performance/analytics cookies (optional) – Help us understand how the Service is used so we can improve reliability and speed. These collect aggregated usage metrics and are not used to identify you directly.
- Functional cookies – Remember optional preferences (e.g., language, UI dismissal states) to enhance your experience.
3. Third-Party Cookies and Providers
Some cookies may be set by third parties acting on our behalf. Your use of those services is governed by their terms and privacy policies.
- Cloudflare Turnstile (bot detection / human verification). May set a short-lived cookie to remember that a challenge was solved and to prevent abuse.
- Stripe (payments, invoicing, fraud prevention). Stripe may set cookies such as
__stripe_midand__stripe_sidto provide secure payment flows and detect fraud. - Hosting/CDN (e.g., Vercel / Cloudflare). Infrastructure providers may set strictly necessary cookies for routing and security.
- Analytics (if enabled). If we enable first-party or privacy-preserving analytics, measurement may be cookie-less or use a lightweight first-party cookie.
We do not control third-party cookie settings. Please review the providers’ policies for details.
4. Legal Basis and Consent
Where required (e.g., in the EU/UK/EEA), we will obtain your consent before setting cookies that are not strictly necessary. Your selections are stored in a consent preference record (e.g., in a cookie or localStorage) and will be honored on subsequent visits. You can withdraw consent at any time via the methods below.
We endeavor to respect Global Privacy Control (GPC) and similar browser signals where practicable. Note that strictly necessary cookies may still be used to deliver the Service.
5. Managing Your Preferences
You can manage cookies by:
- Browser settings – Most browsers let you block, delete, or receive prompts before storing cookies. See help pages for Chrome, Safari, Firefox, Edge.
- In-product controls – If we display a cookie banner or preferences center, your selections there will be applied in addition to browser-level controls.
- Third-party opt-outs – For Stripe/Cloudflare or other providers, refer to their policies and settings.
Disabling strictly necessary cookies may cause parts of the Service to stop working (e.g., you may be signed out immediately or be unable to complete payments).
6. Retention and Lifetimes
- Session cookies expire when you close your browser.
- Persistent cookies last for a defined period (e.g., 1 day to 12 months, depending on purpose).
- Consent records may be retained up to 12 months (or as required by law) so we can remember your choices.
- Security/bot-protection cookies are typically short-lived (e.g., minutes to hours).
Exact durations may vary as providers update their practices.
7. Example Cookie and Storage Entries (Illustrative)
Replace/extend with your actual entries once finalized.
| Name (example) | Type | Purpose | Provider | Typical Lifetime |
|---|---|---|---|---|
| authjs.session-token / __Secure-next-auth.session-token | Strictly necessary | Keep you signed in; secure session | First-party (Auth.js/NextAuth) | Session / up to 30 days (config-dependent) |
| next-auth.csrf-token | Strictly necessary | CSRF protection during sign-in | First-party | Hours–days |
| cf_turnstile / challenge token | Strictly necessary | Human verification / anti-bot | Cloudflare Turnstile | Minutes–24 hours |
| __stripe_mid, __stripe_sid | Strictly necessary | Fraud prevention / secure checkout | Stripe | Months (per Stripe) |
| app_consent (cookie/localStorage) | Functional | Save your cookie preferences | First-party | Up to 12 months |
| lang / ui_prefs (localStorage) | Functional | Remember language and UI states | First-party | Until cleared |
Names may differ depending on configuration and library versions.
8. Updates to This Cookie Policy
We may update this Policy to reflect changes in technology, law, or our Service. When changes are made, we will revise the “Last updated” date and, where material, provide additional notice (e.g., a banner or in-product message).
9. Contact
Questions about our use of cookies? Email [email protected].