Cookie Policy

Effective: May 7, 2026

This Cookie Policy expands on Section 4 of our Privacy Policy and explains, in more detail, the cookies and similar storage technologies used by theonlinereader.com (the "Service"). For everything else about how we handle personal information, please see our Privacy Policy.

1. What Cookies Are

A cookie is a small text file that a website asks your browser to store on your device. When you return to the same site, your browser sends the cookie back, which lets the site recognize you (for example, to keep you signed in). Related technologies - such as localStorage and sessionStorage - let a site store small amounts of data in your browser without sending it on every request. We disclose those alongside cookies on this page even though they are technically distinct.

2. How We Use Cookies

The Online Reader uses only strictly-necessary cookies and storage entries - those required for the Service to function (authentication, login state, and remembering that you have seen the cookie notice). Because every entry below is strictly necessary, we do not display a consent prompt for non-essential cookies - we do not set any. The full list:

NameTypeExpiryPurpose
auth_tokenHTTP cookie (HttpOnly)7 daysSet by /api/v1/auth/login after a successful sign-in. Holds your authentication token; cannot be read by JavaScript (HttpOnly). Cleared on sign-out.
connect.sidHTTP cookie (HttpOnly)Session (cleared on browser close)Used only during the Google sign-in redirect to securely complete the OAuth round-trip.
tor-pending-librarysessionStorageUntil browser tab closesRemembers a rate-this-page action you started before signing in, so you can complete it after login.
tor-cookie-notice-acklocalStoragePersistent (until you clear browser storage)Records that you've dismissed the cookie notice, so the banner doesn't reappear on every page load.

3. A Note on Cloudflare Web Analytics

The Service is fronted by Cloudflare, which automatically injects a cookieless analytics beacon (static.cloudflareinsights.com/beacon.min.js) that measures aggregate site performance - Core Web Vitals, page-load timings, and visit counts. This beacon does not set cookies, does not read or write to your browser's localStorage or sessionStorage, and does not build a cross-site profile of you. Because it does not use cookies or device storage, it falls outside the scope of the cookie table above and the ePrivacy "cookie consent" rules - it is listed here for transparency. See section 1b of our Privacy Policy for the full disclosure, and Cloudflare's Web Analytics privacy notice for their side of it.

4. What We Don't Use

Beyond the cookieless Cloudflare beacon described above, the Online Reader does not set or use any of the following on the Service:

5. Browser Controls

Most browsers let you view, delete, and block cookies, and clear localStorage and sessionStorage entries. Because the cookies we use are strictly necessary, blocking them will break sign-in and other core functionality. Standard documentation from major browser vendors:

6. Updates to This Policy

We may update this Cookie Policy from time to time - for example, if we add a new strictly-necessary cookie, or if a third-party service we depend on changes its behaviour. When we do, we will update the "Effective" date at the top of this page. For material changes that affect what data is stored on your device, we will provide a more prominent notice (for example, by re-prompting the cookie banner). Please check back periodically.

7. Contact

Questions about cookies or storage on the Service? Email us at [email protected], or use the contact form.