Cookie policy

Keep you signed in, remember your language and currency, and prevent CSRF. These can’t be turned off because the site stops working without them.

• siru_session — session identifier, HttpOnly, Secure, SameSite=Lax, 30 days
• siru_locale — language + currency, 1 year
• siru_csrf — form-submission guard, session

Remember your sign-in name on this device so we can show “Continue as [Name]” on your next visit, and load Google’s One Tap helper which lets you sign in inline if you’re already in your Google account in another tab. If you skip consent, you’ll see the generic “Save your trip” button instead. Sign-in still works either way.

• siru_auth_hint— your display name + chosen OAuth provider (Google or Apple). Display-only; it cannot sign you in. 13 months, refreshed on each sign-in. Cleared with the “Not you?” link.
• g_state, g_csrf_token— set by Google’s One Tap script (accounts.google.com) when the helper is loaded. Lifetime managed by Google; see Google’s cookie policy.
• Dark/light mode and dismissed banners are stored in localStorage and can be cleared any time from your browser.

If you opt in via the consent banner, we store an anonymous first-party identifier to understand which pages people actually use. No third-party tracking, no fingerprinting, no retargeting.