Cookie Policy

Last updated: 2026-05-05. Operator: Oddly Even Group Pte. Ltd., Singapore. This policy explains how oddly uses cookies and similar local storage on myoddly.com.

Short version. We use a single first-party session cookie so you can stay logged in. No advertising cookies, no third-party tracking pixels, no fingerprinting, no cross-site profiling.

What we use

Name	Type	Purpose	Lifetime
oddly_session	First-party, strictly necessary	Authenticates your dashboard session after a magic-link or Google sign-in. HttpOnly + Secure + SameSite=Lax.	30 days, rotated on logout
oddly_cookie_notice	First-party, preference	Records that you have seen the cookie banner so we do not show it again on the next visit.	365 days
oddly_reconnect_snooze_*	localStorage, preference	Snoozes the reconnect banner per provider for 24 hours after you dismiss it. Stored in your browser; never sent to our servers.	24 hours per provider

What we do not use

Advertising cookies, retargeting pixels, or remarketing tags.
Third-party analytics that track you across other sites (no Google Analytics on myoddly.com).
Browser fingerprinting or device-graph identifiers.
Social-media sharing widgets that set third-party cookies.

Cookies set by your dashboard integrations

When you connect a source (Shopify, Google Ads, Google Search Console, Meta Ads, HubSpot, Slack), the OAuth flow temporarily redirects you to the source's own domain. The source platform may set its own cookies during that redirect. Those cookies are governed by the source platform's own policy, not this one.

Your choices

You can clear oddly_session at any time from your browser. The next request will redirect you to the sign-in page.
You can sign out at /api/auth/logout; the session cookie is invalidated immediately.
If you block all cookies in your browser, the dashboard will not be able to keep you signed in.

Server-side request logs

Independently of cookies, we keep server-side request logs (URL, status code, latency, IP) for 30 days for diagnostics. These logs are not joined to user identifiers and are deleted after 30 days. See the Privacy Policy for the full retention schedule.

Changes

We may update this policy when we add or remove cookies. The "Last updated" date at the top reflects the most recent change. Material changes are announced by email at least 30 days ahead of the effective date.

Contact

Questions about this policy: [email protected].

Data protection officer: [email protected].