Cookie policy
Last updated 2026-05-03
This page is a focused companion to our Privacy Policy: it lists every cookie and similar storage mechanism the eSigKit dashboard sets, what each one is for, how long it lives, and who else can read it. We deliberately keep this list short and free of advertising / analytics tracking.
1. Strictly-necessary cookies
These keep the dashboard working. They cannot be disabled because the Service does not function without them.
| Name | Set by | Purpose | Lifetime |
|---|---|---|---|
CognitoIdentityServiceProvider.* | AWS Cognito (auth-dev.esigkit.com) | Session cookie set after sign-in. Without it you cannot stay authenticated. | Browser session + refresh-token TTL (configurable, currently 60 min prod / 8 hr dev) |
esigkit-csrf | app.esigkit.com | Double-submit CSRF token tied to the active session. Prevents cross-site request forgery on state-changing API calls. | Browser session |
2. Cloudflare edge cookies
Our edge provider, Cloudflare, sets short-lived cookies for bot management and routing in front of our application. These are operational, not analytics, and are not set by eSigKit. See the Cloudflare cookie reference .
3. What we do NOT use
- No advertising cookies. We do not run advertising on the dashboard.
- No third-party analytics cookies (Google Analytics, Segment, Mixpanel, etc.) at this time. If we add product analytics in the future, we will give you 30 days’ notice + an opt-out.
- No cross-site tracking pixels.
- No social-media sharing buttons that load third-party script.
4. Local storage
AWS Amplify (the Cognito client we use) caches your access token in
the browser’s sessionStorage while you are signed in.
This is cleared when you close the tab or sign out. We do not write to
localStorage for tracking purposes.
5. Your choices
Because we only use strictly-necessary cookies, we do not show a cookie consent banner — under the EU ePrivacy Directive, consent is not required for cookies that are essential to deliver a service the user explicitly asked for. Once we add any optional cookie (e.g., product analytics), we will add a banner and honor your “reject” choice.
You can clear all cookies and storage from your browser’s settings at any time; this will sign you out of the dashboard and you will need to sign in again.
6. Changes
We will update this page when the cookie set changes. Material changes (any new optional cookie, any new third party) will be announced 30 days in advance via email and an in-product banner.
7. Contact
Questions: privacy@esigkit.com.