$
SGA Spreads

Cookie Policy

Last updated: April 2026

1. What We Use Cookies For

We use cookies strictly to maintain your authenticated session. NextAuth sets a secure session cookie after you sign in via SGA Central Auth. No analytics, advertising, or third-party tracking cookies are set.

2. Cookies We Set

  • next-auth.session-token — your signed session JWT (HTTP-only).
  • next-auth.csrf-token — CSRF protection during sign-in.
  • next-auth.callback-url — preserves the page you intended to visit before signing in.

3. Disabling Cookies

Disabling cookies in your browser will prevent you from signing in. The dashboard cannot function without the session cookie.

4. Third Parties

Cloudflare, which fronts our domains, may set its own infrastructure cookies (e.g. __cf_bm). These are managed by Cloudflare and documented in their privacy policy.