Cookie Policy
Galley uses a small number of cookies, all of which are necessary for the site to function. We do not use cookies for advertising, behavioral tracking, or profiling.
You do not need to accept a cookie banner. Every cookie listed below is strictly necessary for authentication or basic site operation, which is exempt from consent requirements under the ePrivacy Directive and GDPR.
Cookies We Set
galley_jwt
Your authentication token. This cookie is set when you sign in and is used to keep you logged in as you navigate the site. It is not accessible to JavaScript running in the browser.
| Property | Value |
|---|---|
| Type | Authentication |
| HttpOnly | Yes |
| Secure | Yes (HTTPS only) |
| SameSite | Lax |
| Duration | 7 days |
The JWT inside this cookie expires after 15 minutes and is refreshed automatically by the server. The cookie itself lasts 7 days. If the session cannot be refreshed, you will be asked to sign in again.
galley_redirect
A short-lived cookie that remembers where you were trying to go when we redirected you to sign in. After you complete sign-in, we send you back to that page and delete the cookie.
| Property | Value |
|---|---|
| Type | Functional |
| HttpOnly | Yes |
| Secure | Yes (HTTPS only) |
| SameSite | Lax |
| Duration | 10 minutes |
Session token (auth service)
The authentication service at auth.galley.pub sets a session cookie to manage your sign-in session. This is handled by Better Auth and is used to issue and refresh your JWT.
| Property | Value |
|---|---|
| Type | Authentication |
| HttpOnly | Yes |
| Secure | Yes (HTTPS only) |
| Duration | Set by the auth library |
Third-Party Services
Error tracking (Sentry)
Galley uses Sentry to detect and fix errors. Sentry does not set cookies through our integration. It collects error reports and performance samples (10% of page loads) to help us identify and resolve issues.
Analytics (Umami)
When enabled, Galley uses a self-hosted instance of Umami, a privacy-focused analytics tool. Umami is designed to work without cookies and does not track individual users across sessions. No personal data is collected or shared.
What We Do Not Do
- We do not use advertising cookies.
- We do not use tracking pixels or fingerprinting.
- We do not sell or share cookie data with third parties.
- We do not use cookies to build profiles of our users.
Changes
If we add new cookies or change how existing ones work, we will update this page.
Questions? Reach us through the feedback page.