Cookies.

Cookies rarely tell the whole story on their own. They work alongside server logs, local storage keys, session tokens issued at authentication time, content delivery configuration, and application telemetry that may not always be stored in a classical cookie jar. Our Privacy Policy remains the authoritative description of personal data processing, legal bases, retention, international transfers, and your rights. This Cookie Notice zooms in on browser storage and client-side identifiers so you can configure browsers, consent tools, and internal wiki pages with specificity. When we say "we" below, we mean Holdstill as described in the Privacy Policy. When you publish client galleries, you may also place obligations on visitors; your own notices should complement ours where you act as an independent controller.

HTTP cookies are small name-value pairs your browser stores and sends back to the origin that set them, subject to scope rules such as host, path, Secure, HttpOnly, and SameSite attributes. Similar technologies include Local Storage and Session Storage APIs, IndexedDB where used for offline-capable features, service worker caches, and authentication tokens carried in memory during a browsing session. We also use ephemeral identifiers generated for abuse prevention and rate limiting that may not survive a restart. Some analytics products use first-party cookies or local storage to deduplicate events without joining your behaviour across unrelated websites. We avoid fingerprinting as a product feature: if we measure performance or adoption, we aim to do so with aggregated or pseudonymous techniques that do not depend on covert cross-site linkage.

The practices below apply to pages and applications served from our primary marketing and application domains, including authentication flows, billing portals where applicable, documentation, status pages linked from the footer, and interactive demos we host ourselves. Third-party photographers may embed gallery experiences on custom domains; those experiences inherit the security and access controls you configure in the studio, but the exact storage technologies can differ when integrations or CDNs introduce additional headers. If you are unsure which policy applies, check the domain in your address bar: notices on holdstill.app and our documented subdomains follow this document. Links out to social networks, payment providers, or calendar tools are governed by those services' own policies once you leave our origin.

Some storage is essential for security and basic functionality. Examples include session cookies that keep you signed in after passwordless authentication, anti-forgery tokens that mitigate cross-site request forgery when you submit forms, short-lived state cookies that complete OAuth-style redirects safely, and load-balancer affinity cookies that route your websocket or upload stream consistently during a session. Without these technologies, you would experience broken sign-in loops, failed uploads, or intermittent errors that look like product bugs but are actually missing session continuity. You cannot disable this category through our UI because doing so would make the studio unreliable in ways we will not pretend are supported. You may still clear them manually in your browser; the consequence is simply that you will need to authenticate again.

We remember choices such as marketing language, theme where offered, and certain gallery workspace display preferences so you do not have to restate them on every visit. Depending on implementation, these values may live in cookies, Local Storage, or your account profile on the server once you are signed in. Preference storage is not used to sell advertising segments. If you use multiple browsers or devices, preferences may not automatically synchronise unless the feature explicitly says so, because each environment maintains its own storage partition under modern browser privacy models. Clearing site data removes these memories but does not delete your account; it simply returns the experience to sensible defaults until you set preferences again.

We use privacy-oriented analytics to understand which parts of the product are genuinely useful, where photographers struggle during onboarding, and whether performance changes correlate with support tickets. Implementations may include first-party event capture hosted in the European Union, with configuration that avoids third-party advertising identifiers and limits raw event retention. Where Google Analytics or similar is enabled for a deployment, it is used for aggregated measurement rather than behavioural ads, and we respect consent choices communicated through our banner when we can detect them. We do not buy "identity graphs" from data brokers and we do not attempt to re-identify gallery visitors across unrelated studios. If you reject non-essential categories in our cookie banner when shown, we attempt to suppress optional marketing analytics calls on supported pages; essential operational logging may still occur on servers because it is not always expressed as a browser cookie.

We do not run display advertising on the authenticated studio experience, do not monetise attention with programmatic auctions, and do not resell audience segments derived from your client galleries. We do not use sneaky evercookies to resurrect storage you cleared, and we do not incentivise dark-pattern consent flows that hide reject options. If we ever introduce an optional feature that materially increases tracking surface — for example a tightly scoped A/B test platform — we will update this notice, bump the revision date, and provide an honest opt-in where the law requires it. Skepticism is healthy; vendor trust should be evidenced by behaviour over time, not only by wording.

Like any modern SaaS product, we rely on infrastructure partners for hosting, email delivery, payment processing, error reporting, and occasionally support tooling. Those partners may set or read their own cookies when you interact with their domains directly — for example when completing a card payment on a processor-hosted field. We maintain a subprocessor overview suitable for privacy reviews; it complements this Cookie Notice but is not a duplicate. When a third-party script is strictly required for a transaction you initiate, treat that interaction as governed by the partner's documentation as soon as you cross into their origin. We minimise the number of third-party scripts embedded on our own marketing pages specifically to reduce unexpected storage.

Session cookies typically expire when you close your browser or after a sliding timeout designed to balance convenience against shared-device risk. Remember-me style functionality, if offered, uses longer-lived tokens stored with additional safeguards and can usually be revoked from account security settings. Analytics identifiers are rotated or truncated on schedules aligned to our internal data retention policy so that databases do not accumulate infinite granular histories by accident. If you delete your account, client-side storage may linger until you clear site data, but server-side associations are handled according to the Privacy Policy's deletion timelines subject to legal holds or backup immutability constraints.

Where we show a cookie banner on marketing surfaces, you can accept all optional categories, reject non-essential categories, or open this page for detail. Browser settings let you block third-party cookies entirely, wipe storage on exit, or use container tabs for separation. Industry signals such as Global Privacy Control are interpreted inconsistently; we treat explicit in-product choices and account settings as clearer instructions when they conflict with ambiguous defaults. Data subject rights under the GDPR — access, rectification, erasure, restriction, objection, portability, and complaints to supervisory authorities — are described in the Privacy Policy and are not replaced by this Cookie Notice. If you are a gallery visitor, contacting the photographer remains the fastest route for many questions, but we will still assist when we are the controller for the underlying processing.

Holdstill is built for professional photographers whose clients may include families and minors appearing in lawful galleries. We do not knowingly direct behavioural advertising at children through cookies, and we do not use cookie-based profiling to chase minors around the web. Schools, churches, and public institutions evaluating us for procurement should pair this notice with our DPA and security overview: the goal is predictable, minimum-necessary storage rather than maximal surveillance cleverly relabelled as analytics.

We will update this Cookie Notice when our technologies or regulatory guidance evolve. Material changes will be reflected by the "Last updated" date at the top of the page and, where appropriate, by additional notice such as email or an in-product banner. Continued use after the effective date constitutes acceptance of the updated notice except where stricter consent rules apply. Questions specifically about cookies or similar storage can be sent to privacy@holdstill.app; operational questions unrelated to privacy can continue to hello@holdstill.app. Thank you for reading carefully — it helps us keep the product honest.