Last updated · 13 May 2026
Every cookie we set is listed below. As of this writing, all of them are strictly necessary for the service to work. Under the UK Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies don't need prior consent. We still show a banner the first time you visit so you know they're there.
If we ever add optional cookies (analytics, A/B testing, anything for marketing), this page will get an "Optional" section and the banner will ask before they're set. You can come back here any time and change your mind.
| Cookie | Set by | What it's for | Lasts | Category |
|---|---|---|---|---|
authjs.session-token (or __Secure-authjs.session-token in prod) | First | Signed session cookie. Keeps you logged in across pages. Without this you can't access the dashboard. | 30 days, rolling | Strictly necessary |
authjs.csrf-token (or __Host-authjs.csrf-token in prod) | First | Prevents cross-site request forgery on the sign-in flow. | Session | Strictly necessary |
authjs.callback-url | First | Remembers where to send you back after sign-in (e.g. /pricing). | Session | Strictly necessary |
authjs.pkce.code_verifier | First | OAuth PKCE flow protection during Google sign-in. | 15 minutes | Strictly necessary |
tx_cookie_consent | First | Stores your response to the cookie banner so we don't keep asking. | 12 months | Strictly necessary |
__stripe_mid / __stripe_sid | Third (Stripe) | Stripe sets these during checkout for fraud detection. They aren't loaded on normal browsing, only when you go to upgrade. | 1 year / 30 minutes | Strictly necessary |
Stripe Checkout session cookies | Third (Stripe) | Set on checkout.stripe.com (not on tixpredict.com) when you complete a payment. Governed by Stripe's privacy policy. | Stripe-managed | Strictly necessary |
Google account cookies | Third (Google) | If you sign in with Google, Google sets cookies on its own domain. We don't read them; Google does. Governed by Google's privacy policy. | Google-managed | Strictly necessary |
Vercel platform cookies (e.g. _vercel_jwt) | Third (Vercel) | Vercel may set these to route traffic and detect bots at the edge. They don't identify you to us. | Vercel-managed | Strictly necessary |
PECR carves out an exception for cookies that are essential to providing a service the user has asked for. Sign-in cookies, CSRF cookies, the checkout cookies that protect against fraud: all strictly necessary. You can't opt out of those without breaking the service, because the service literally depends on them.
We don't run any optional cookies right now. No PostHog, no Google Analytics, no Plausible, no Facebook Pixel, no remarketing. If that ever changes, this section will tell you what's running and how to switch it off.
Some of the cookies above are set by other companies because their services run inside our pages. The three that matter:
Every browser lets you block cookies. The cleanest way is per site, in the browser's site-settings panel. Quick links:
Block our strictly necessary cookies and the site won't let you sign in or pay. Which is fair enough.
If you want to see the cookie banner again, delete the cookie called tx_cookie_consent in your browser settings and reload the page.
Mail privacy@tixpredict.com and a real person will answer.