Cookie Policy
Effective date: February 22, 2026 · Last updated: February 22, 2026
This Cookie Policy explains how Novel Forge ("we," "our," or "us") uses cookies and similar tracking technologies on novelforge.to. It should be read alongside our Privacy Policy.
1. What Are Cookies?
Cookies are small text files placed on your device by a website. They allow a site to recognise your device on subsequent visits, remember your preferences, and understand how you use the site. Similar technologies include:
- Local storage & session storage — browser-based key-value stores that persist data without an expiry date (local storage) or until the browser tab is closed (session storage).
- Pixel tags / web beacons — tiny images embedded in pages or emails that signal when content has been loaded or an email has been opened.
- Device fingerprinting — we do not use device fingerprinting.
2. Categories of Cookies We Use
2.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function and cannot be switched off. They are set in response to actions you take (e.g., logging in, saving preferences). Without them, core features such as authentication and secure payments would not work.
Legal basis (GDPR): Legitimate interests (Art. 6(1)(f)) — no consent is required for strictly necessary cookies.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
next-auth.session-token | Novel Forge | Maintains your authenticated session (NextAuth.js) | 30 days (rolling) |
next-auth.csrf-token | Novel Forge | Protects against cross-site request forgery | Session |
next-auth.callback-url | Novel Forge | Stores the URL to redirect to after sign-in | Session |
__Secure-next-auth.* | Novel Forge | Secure variants of NextAuth cookies served over HTTPS | Session / 30 days |
__stripe_mid | Stripe | Fraud prevention and checkout security | 1 year |
__stripe_sid | Stripe | Stripe session identifier for payment flows | 30 minutes |
2.2 Functional / Preference Cookies
These cookies enable personalised features and remember your choices across visits, such as your selected theme and language.
Legal basis (GDPR): Legitimate interests (Art. 6(1)(f)) where the functionality is integral to the service; otherwise Consent.
| Cookie / Key | Storage | Purpose | Duration |
|---|---|---|---|
theme | Local Storage | Stores your dark/light mode preference | Persistent |
language | Local Storage | Stores your selected interface language | Persistent |
referralCode | Cookie | Tracks referral codes so credit is awarded correctly on sign-up | 30 days |
2.3 Analytics Cookies
These cookies help us understand how visitors interact with the Platform so we can improve it. Data is collected in pseudonymous form; we do not use it to identify you personally.
Legal basis (GDPR): Legitimate interests (Art. 6(1)(f)) for aggregated analytics; Consent where required by applicable national law (e.g., for certain EU member states under ePrivacy rules).
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
ph_* (PostHog) | PostHog | Tracks page views, feature usage, and session data for product analytics. IP addresses are anonymised. | 1 year |
ph_*_posthog (PostHog persistence) | PostHog | Stores a pseudonymous user ID to link sessions across visits | 1 year |
PostHog is configured to respect "Do Not Track" browser signals. PostHog's privacy documentation is available at posthog.com/privacy.
3. Third-Party Cookies
Some cookies are set by third-party services we embed or integrate with. We do not control these cookies. The relevant third-party privacy policies are:
- Stripe — stripe.com/privacy
- Google (OAuth) — policies.google.com/privacy
- PostHog — posthog.com/privacy
4. How to Manage & Control Cookies
4.1 Browser Settings
Most browsers allow you to view, delete, and block cookies through their settings menu. Note that blocking strictly necessary cookies will impair core functionality (e.g., you will not be able to stay logged in). Guides for popular browsers:
4.2 Opt-Out of Analytics
To opt out of PostHog analytics tracking, you can:
- Enable your browser's "Do Not Track" setting — PostHog respects this signal.
- Use a browser extension such as Privacy Badger or uBlock Origin.
- Email us at privacy@novelforge.to with the subject "Analytics Opt-Out" and we will add you to our opt-out list.
4.3 Local Storage
Preference data stored in local storage (theme, language) can be cleared through your browser's developer tools (Application → Local Storage in Chrome/Edge) or by clearing site data. Doing so will reset your theme and language preferences.
5. Do Not Track
We honour the Do Not Track (DNT) browser signal for analytics. When DNT is enabled, we instruct PostHog to disable tracking for your session. Strictly necessary cookies are unaffected by DNT.
6. Changes to This Cookie Policy
We may update this Cookie Policy periodically to reflect changes in the technologies we use or applicable legal requirements. The "Last updated" date at the top of the page indicates when the most recent revision was made. Material changes will be communicated via the Platform or by email.
7. Contact Us
If you have questions about our use of cookies or wish to exercise your rights, please contact us at:
- Email: privacy@novelforge.to
- Website: https://novelforge.to