// legal

Cookie Policy

Last updated: 4 July 2026. What we store in your browser when you use Treethree, and why. Short version: one sign-in cookie, some functional local storage, and cookieless analytics. No advertising or cross-site tracking, so there is no consent banner to click through.

1. The one cookie we set

When you sign in we set a single, strictly necessary cookie named tt_session. It keeps you logged in so you can return to your assessment and reports. It is HttpOnly (not readable by scripts), SameSite=Lax, sent only over HTTPS in production, and it expires after 30 days or when you log out. It is a signed session token, not a tracking identifier, and it is never shared with anyone. Because it is essential to a service you asked for, it is exempt from consent under EU ePrivacy rules.

2. Functional storage in your browser

To carry your answers across the steps of the assessment without losing them, we store a little data in your browser's local storage (not cookies): your in-progress questionnaire answers and your calibration draft. This stays on your device, is used only to remember where you were, and is not used to track you. You can clear it any time in your browser.

3. Analytics, without cookies

We measure how the site and the assessment funnel are used with Vercel Web Analytics. It is privacy-first by design: it sets no cookies, collects no personal data, and does not track you across other websites. It only tells us aggregate things like which pages are viewed and where people drop off in the funnel, so we can improve the product. Our legal basis is our legitimate interest in understanding and improving the service. Because nothing is stored on or read from your device for this, it does not require a consent banner.

4. No advertising or third-party tracking

We do not use advertising cookies, marketing pixels, social media trackers, or any cross-site tracking. There is nothing here to opt out of on that front.

5. Fonts

Some pages currently load a web font from Google Fonts, which means your browser contacts Google to fetch it. Google may receive your IP address as part of that request. No cookie is set by this. We are moving to self-hosted fonts to remove this external request entirely.

6. Managing what is stored

You can clear cookies and local storage, or block them, in your browser settings. Note that clearing or blocking the tt_session cookie will log you out and you will not be able to stay signed in.

7. Changes

We may update this policy. The current version always lives on this page, with the date shown above. For how we handle personal data more broadly, see our Privacy Policy.

Contact

tcfl@pm.me