Cookies
Last updated: 2 June 2026
Lago Mar Signups sets only the cookies it needs to operate. It sets no analytics, advertising, or cross-site tracking cookies. If the operator has enabled third-party sign-in (for example, Google) and you use it, that provider may set cookies on its own domain when you sign in there; those are governed by the provider's policies, not ours.
Cookies we set
| Name | Purpose | Lifetime |
|---|---|---|
| authjs.session-token (or __Secure-authjs.session-token over HTTPS) | Keeps organizers signed in after they sign in. | Session |
| authjs.csrf-token (__Host-authjs.csrf-token over HTTPS) | Prevents cross-site request forgery on the sign-in form. | Short-lived |
| authjs.callback-url (__Secure-authjs.callback-url over HTTPS) | Remembers where to return you after a successful magic-link sign-in. | Short-lived |
| os_commit | Lets participants who already committed to a slot return and edit or cancel without re-entering their email. httpOnly; not readable from JavaScript. | 60 days |
Why there is no cookie banner
Every cookie above is strictly necessary to make the service work — either for sign-in or to let a participant edit their own commitment. Under GDPR/ePrivacy, strictly-necessary cookies do not require a consent banner. That is why you don't see a popup.
Related
See the privacy policy for what data we store and how to request a copy or deletion.