Effective Date: May 6, 2026 | Last Updated: May 6, 2026
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work, improve user experience, and — in contexts that do not apply to ProperResponse — to deliver advertising and collect analytics data.
Cookies are either first-party (set by the website you are visiting) or third-party (set by external services embedded in the page). They can be session cookies (deleted when you close your browser) or persistent cookies (stored for a defined period).
Cookies are also categorized by purpose:
ProperResponse uses only strictly necessary cookies. All other categories are absent from this site.
The following table describes every cookie set by ProperResponse. There are no others.
| Cookie Name | Category | Purpose | Duration | Attributes |
|---|---|---|---|---|
PHPSESSID |
Essential | Session authentication. Links your browser to your encrypted server-side session stored in our Redis cache. Without this cookie you cannot log in or use any authenticated feature of the application. | Session (deleted when you close your browser, or after 30 minutes of inactivity — whichever comes first) | HttpOnly, Secure, SameSite=Strict |
| CSRF token cookie (internal name varies) |
Essential | Cross-site request forgery (CSRF) protection. A cryptographic token that the server verifies on every state-changing request (form submissions, data saves, deletes). Prevents malicious third-party sites from tricking your browser into taking actions on your behalf. | Session | HttpOnly, Secure, SameSite=Strict |
HttpOnly: the cookie cannot be read by JavaScript. This prevents cross-site scripting (XSS) attacks from stealing your session token.Secure: the cookie is only transmitted over HTTPS (encrypted) connections — never over plain HTTP.SameSite=Strict: the cookie is not sent with cross-site requests. This provides strong protection against cross-site request forgery attacks.The cookie itself contains only a random session ID — no personal data. Your actual session data (user ID, tenant ID, authentication state) is stored server-side in our encrypted ElastiCache Redis instance, which is not accessible from the internet. The cookie is useless without the matching server-side data.
The following types of cookies and tracking technologies are not present on ProperResponse:
| Technology | Status | Reason |
|---|---|---|
| Google Analytics / Google Tag Manager | Not used | We do not use third-party analytics SDKs. Usage patterns are analyzed from server logs using anonymized, aggregated data we control entirely. |
| Meta (Facebook) Pixel | Not used | We do not run social media advertising pixels. |
| Advertising / retargeting cookies | Not used | We do not participate in behavioral advertising networks. |
| Hotjar, Heap, Mixpanel, FullStory, or similar session-replay / event-tracking tools | Not used | Legal case data is sensitive. We will not embed third-party JavaScript that could record or transmit your case content. |
| Persistent preference cookies | Not used | User preferences (if any) are stored in your server-side session, not in persistent browser cookies. |
| Browser fingerprinting | Not used | We do not collect or process browser fingerprint data for identification or tracking purposes. |
| localStorage / sessionStorage for tracking | Not used for tracking | Our client-side autosave feature uses localStorage to temporarily store draft form data locally in your own browser. This data never leaves your device and is not accessible to us. It expires after 7 days and is cleared when you submit a form. |
Several pages on ProperResponse load static assets (CSS, fonts, icons) from third-party CDNs. These are resource requests only — they do not set cookies on your device from our application pages, but the CDN providers' own privacy policies apply to their logs of the request (IP address, timestamp, referrer).
| Third Party | Resource | Cookies Set? |
|---|---|---|
| jsDelivr CDN | Bootstrap 5.3 CSS and JS | None |
| Google Fonts | Inter typeface (CSS + font files) | None set by us. Google may log the request per its own Privacy Policy. |
| Cloudflare CDN (cdnjs) | Font Awesome 6 icons | None |
| Stripe | Stripe.js — card tokenization on the signup/billing page only | Stripe may set its own cookies for fraud prevention. These are set by Stripe's domain, not ours, and are governed by Stripe's Privacy Policy. They are strictly necessary for secure payment processing. |
Stripe.js is loaded only on the pages where card collection occurs (signup and billing management). It is not loaded on case management, document, or other internal pages.
Because we use only essential cookies, blocking our cookies will prevent you from logging in and using the application. There is no cookie-optional mode — session authentication requires the session cookie by definition.
You can view, block, or delete cookies using your browser's built-in settings:
Deleting your cookies will log you out of ProperResponse. Your account and case data are not affected — they are stored on our servers, not in cookies.
Some browsers offer a "Do Not Track" (DNT) signal. Because ProperResponse does not track users across websites, engage in behavioral advertising, or use cross-site analytics, a DNT signal has no practical effect on how we operate. We treat all users consistently regardless of DNT status.
If we ever add non-essential cookies (analytics, advertising, or preference cookies), we will update this policy, obtain your explicit consent before setting those cookies, and provide an easy way to withdraw consent. We will not add non-essential cookies without notice.
Material changes to this policy will be communicated via email to account administrators and via an in-app notice at least 14 days before taking effect.
Questions about this Cookie Policy or our use of cookies? Email privacy@properresponse.com.