Cookie Policy
Effective Date: January 1, 2026
Last Updated: April 24, 2026
This Cookie Policy explains how WorkPerfect Co ("WorkPerfect," "we," "us," or "our") uses cookies and similar technologies on work-perfect.com (the "Website") and the WorkPerfect platform (the "Service"). It supplements our Privacy Policy.
1. What Are Cookies?
Cookies are small text files that a website places on your device when you visit. They are widely used to make websites work, to make them work more efficiently, and to provide information to website operators. "Similar technologies" include browser local storage, session storage, and pixel tags. In this Policy we refer to all of these as "cookies."
Cookies may be:
- First-party — set by the website you are visiting (in our case, work-perfect.com or app.work-perfect.com).
- Third-party — set by a domain other than the one you are visiting.
- Session — deleted when you close your browser.
- Persistent — stored on your device until they expire or you delete them.
2. How We Use Cookies
We use a deliberately small number of cookies. We do not use cookies for advertising, cross-site tracking, or third-party analytics. We do not place any cookies that track you across other websites.
The cookies we use fall into two categories:
Strictly Necessary
These cookies are required for the Service and Website to function. They cannot be switched off in our systems. They are usually only set in response to actions you take, such as logging in or filling out a form. You can configure your browser to block these cookies, but parts of the Website and Service will not work.
Functional
These cookies remember choices you make to provide a more personalized experience, such as language preference. They are not used for tracking.
We do not currently use:
- Advertising or marketing cookies.
- Third-party analytics cookies.
- Social media tracking cookies.
- Cross-site or cross-context tracking cookies.
If we add cookies in any of these categories in the future, we will update this Policy and, where required by applicable law (including EU/UK ePrivacy law), obtain your consent before placing them.
3. Cookies We Use
In production, the authentication cookies below are issued with the __Secure- prefix that browsers require for cookies marked Secure (e.g. __Secure-perf.session_token). The bare names appear only in non-production environments.
| Name | Type | Purpose | Duration | First / Third Party |
|---|---|---|---|---|
perf.session_token |
Strictly necessary | Identifies your authenticated session | Up to 7 days, or until sign out | First-party |
perf.session_data |
Strictly necessary | Encrypted cache of session metadata used to validate the session without a database lookup on every request | Up to 7 days, or until sign out | First-party |
perf.dont_remember |
Strictly necessary | Records that you did not select "remember me" so your session ends when the browser closes | Browser session | First-party |
perf.trust_device |
Strictly necessary | Marks a device as trusted for two-factor authentication so you are not prompted on every sign in from the same device | Up to 60 days, or until you remove the device | First-party |
perf.enf_loop |
Strictly necessary | Short-lived loop breaker that prevents redirect loops if a post-sign-in policy check fails | 30 seconds | First-party |
device_id |
Strictly necessary | HMAC-signed identifier used for device fingerprinting and account-takeover detection. Rotated on logout-all or device revocation | Up to 90 days | First-party |
NEXT_LOCALE |
Functional | Remembers your language preference (en-US, en-GB, fr-CA) | 1 year | First-party |
pref-theme |
Functional | Stores the resolved appearance ("light" or "dark") so the server can render the correct theme on first paint without a flash | 1 year | First-party |
pref-theme-intent |
Functional | Stores your appearance preference ("light," "dark," or "system") to keep theme controls in sync | 1 year | First-party |
pref-density |
Functional | Remembers your interface density preference (compact, default, comfortable) | 1 year | First-party |
pref-font |
Functional | Remembers your selected interface font | 1 year | First-party |
pref-card-style |
Functional | Remembers your selected card-style preset (outline or shadow) | 1 year | First-party |
WorkPerfect protects against cross-site request forgery using same-site cookies and Origin-header validation; we do not set a separate CSRF cookie.
We also use browser local storage within the Service to cache user-interface preferences (such as which dashboard widgets you have arranged on your launchpad). This data is stored in your browser, is not transmitted to us except when you take an action that requires it, and is cleared when you log out or clear your browser storage.
We use session storage for short-lived application state during a single session. It is cleared when you close the tab.
We do not use:
- Tracking pixels in the Service.
- Tracking pixels in transactional emails. We use only standard message delivery; we do not embed open-tracking or click-tracking pixels in account or service emails.
If we use marketing emails in the future, any tracking pixels they contain will be disclosed and, where required, subject to consent.
4. Your Choices
Browser Controls
Most browsers let you view, delete, and block cookies. Instructions for common browsers:
Blocking strictly necessary cookies will prevent you from logging in to or using the Service.
Global Privacy Control
We honor the Global Privacy Control ("GPC") browser signal as an opt-out of "sale" and "sharing" of personal information under US state privacy laws. Because we do not sell or share personal information, the GPC signal does not change our practices, but we recognize it.
Do Not Track
We do not respond to Do Not Track ("DNT") browser signals because there is no agreed industry standard for how to interpret them. We honor GPC instead.
5. Changes to This Policy
We may update this Policy from time to time. The "Last Updated" date at the top reflects the most recent revision. If we make material changes — including adding cookies in any category not currently used — we will update this Policy and provide notice as required by applicable law.
6. Contact
Questions about this Cookie Policy:
WorkPerfect Co
Email: privacy@work-perfect.com