Cookie Policy

Last Updated: February 2026

1. Why We Use Cookies

At Unlatch, your security and privacy are paramount. We strictly limit our use of cookies exclusively to those necessary for secure authentication. You won't find tracking, marketing, or advertising cookies here. We only utilize secure, encrypted sessions to maintain your zero-knowledge AES-256 access and ensure proper Multi-Factor Authentication workflows.

2. Strictly Necessary Cookies

ACCESS_COOKIE

Contains essential JWT data allowing you to temporarily access your vault while verified. Lives only for an active session.

REFRESH_COOKIE

Issues new access tokens securely in the background without requiring continuous password inputs. Rotated upon login and expires securely.

PENDING_2FA

Preserves a pending session context when an unverified login attempt requires an email 2FA code before fully granting access.

If you disable these required system cookies through your browser settings, Unlatch vault access will cease to function.