Cookie Policy

Version 1.0 — Effective May 2026

1. What this policy covers

This Cookie Policy explains how MyGarageStory uses cookies and similar technologies when you visit https://mygaragestoryapp.com. It complements our Privacy Policy and our Terms of Use.

2. What is a cookie?

A cookie is a small text file that a website stores on your browser so that it can recognise you on subsequent visits. Some are deleted when you close the browser ("session" cookies); others persist for a fixed period ("persistent" cookies). We also use browser local storage, which works similarly to a persistent cookie but is stored under a different mechanism. For clarity we treat local-storage entries the same way as cookies throughout this policy.

3. Categories of cookies we use

On your first visit, a cookie consent banner lets you accept or decline the non-essential categories. Essential cookies are always set because the application cannot function without them. You can change your choice at any time via the Manage button on the banner.

Essential — always on

Required for login, session continuity, security (CSRF protection), and rate-limiting failed logins. Without these the app cannot keep you signed in.

Preferences — opt-in

Remember interface choices that aren't tied to your account profile (e.g. last-selected currency or distance unit on a public page). You can disable these in the cookie preferences modal at any time.

Analytics — opt-in

MyGarageStory currently does not use Google Analytics, Microsoft Clarity, or any other third-party analytics or advertising tracker. The category is exposed in the consent banner so we can ask in advance. If we ever add an analytics provider, we will update this policy and re-prompt you for consent before any tracker is loaded.

4. Specific cookies set by this app

Name Purpose Lifetime Category
sessionid Keeps you signed in across page loads. 2 weeks (default) Essential
csrftoken Protects forms against cross-site request forgery. 1 year Essential
messages Flash messages (saved, deleted, etc.) shown on the next page load. Session Essential
axes-attempt-time Tracks failed login attempts so the app can lock out attackers after 5 failures. 1 hour Essential
mgs_cookie_consent Remembers your cookie-banner choices (stored in browser local storage, not a server cookie). Until cleared Essential

If you sign in with Google, Google sets its own cookies as part of the OAuth flow. Those cookies are governed by Google's cookie policy, not ours.

5. Third-party content

Watchlist recommendation cards may display photos sourced from Pixabay. The image lookup is performed server-side by MyGarageStory, so Pixabay does not receive your IP address, your browser request, or any other information that could identify you as a visitor, and it does not place a cookie in your browser. Tailwind CSS is loaded from a public CDN; the CDN may log the request IP but does not set a cookie.

6. Security in transit

In production, all traffic between your browser and https://mygaragestoryapp.com is protected with HTTPS (TLS). Session and CSRF cookies are marked Secure so they are only ever transmitted over an encrypted connection, and HTTP Strict Transport Security is enabled so browsers will refuse plain-HTTP for this domain.

7. How to manage cookies

Three ways:

  • Click the Manage button on the cookie banner the first time you visit, or re-open it from the banner that re-appears whenever this policy materially changes.
  • Clear or block cookies directly in your browser settings (consult your browser's documentation).
  • For preferences we've already remembered, clear local storage for this site and we will re-prompt you.

Blocking essential cookies will prevent the app from working.

8. Changes to this policy

We may update this policy when we add new categories of cookies or change how existing ones behave. The version number and effective date at the top of this page will move forward and, for material changes, we will re-show the cookie banner so you can renew your consent.

9. Contact

Questions about cookies? Write to [email protected].

Last reviewed: May 2026 Version 1.0