Cookies
Last updated: 24 May 2026
OpenSignup sets only the cookies it needs to operate. There are no analytics, advertising, or cross-site tracking cookies, and no third-party cookies of any kind.
Cookies we set
| Name | Purpose | Lifetime |
|---|---|---|
| authjs.session-token (or __Secure-authjs.session-token over HTTPS) | Keeps organizers signed in after they click their magic link. | Session |
| authjs.csrf-token (__Host-authjs.csrf-token over HTTPS) | Prevents cross-site request forgery on the sign-in form. | Short-lived |
| authjs.callback-url (__Secure-authjs.callback-url over HTTPS) | Remembers where to return you after a successful magic-link sign-in. | Short-lived |
| os_commit | Lets participants who already committed to a slot return and edit or cancel without re-entering their email. httpOnly; not readable from JavaScript. | 60 days |
Why there is no cookie banner
Every cookie above is strictly necessary to make the service work — either for sign-in or to let a participant edit their own commitment. Under GDPR/ePrivacy, strictly-necessary cookies do not require a consent banner. That is why you don't see a popup.
Related
See the privacy policy for what data we store and how to request a copy or deletion.