This is the full list. If a cookie or local-storage entry isn't on it, either we don't set it or you should screenshot it and DM us so we can investigate.
Strictly necessary
These exist so the site and the dashboard work at all. You can't turn them off, because turning them off would break login.
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
nimbus_license | HttpOnly cookie | Authenticates your dashboard session | Session, expires on logout |
nimbus_signed_in | Non-HttpOnly cookie | Lets the navbar show "Dashboard" vs "Sign in" | Same as license |
nimbus_csrf | HttpOnly cookie | CSRF token for state-changing requests | Per session |
There is no opt-out for these — without them you cannot log in, you cannot manage your subscription, and you cannot reset your HWID.
Functional
| Name | Type | Purpose |
|---|---|---|
nimbus_theme | localStorage | Remembers your theme preference if we ever ship a light mode |
nimbus_consent | localStorage | Remembers that you've seen our policy disclosures |
You can clear these from your browser at any time. The only consequence is that you'll see the disclosure again or default-theme again.
Analytics
We measure traffic so we know which pages convert and which load slowly. The tooling we use is built to do that without tracking individuals:
- Vercel Analytics. Aggregated page views, route timings, and named events (e.g. "someone clicked Buy"). No personal data, no cross-site identifiers, no cookies. Event props are scrubbed of email-shaped, license-key-shaped, and IP-shaped strings before they leave your browser.
- Vercel Speed Insights. Web Vitals (LCP, CLS, INP) measured via the standard browser Performance API. No cookies, no fingerprint.
- First-party log endpoint (
/api/log). Stores anonymous event names and small prop bags in our server logs for debugging. Rate-limited to 10 events / minute, never logs your IP or user-agent. - Cloudflare bot management + performance metrics. Aggregated request metadata at the edge. No JavaScript pixel runs in your browser.
All of these produce charts that look like "200 people loaded /products today," not "this specific person visited these pages in this order." There is no fingerprint, no IP-to-identity join, and no profile attached to your visit.
What we do NOT use
- No marketing or remarketing cookies
- No third-party ad networks (no Google Ads, no Microsoft Advertising)
- No social-media trackers (no Facebook Pixel, no TikTok pixel, no LinkedIn Insight tag)
- No A/B testing platforms that ship JS into your browser
- No CRM tracking pixels
- No session replay tools (no Hotjar, no FullStory, no LogRocket)
If we ever add anything in those categories, this page will say so prominently, with the effective date pushed forward, before the change goes live.
How to clear or block
- Chrome / Edge: Settings → Privacy and security → Cookies → Site data → "getnimbus.net"
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data → "getnimbus.net"
- Safari: Settings → Privacy → Manage Website Data → "getnimbus.net"
Blocking the strictly-necessary cookies will log you out and prevent re-login. Blocking the others has no functional impact on you, only on the quality of our internal analytics — which is fine, that's the point of the option.
Updates
If we add a cookie, we update this page first. The effective date below moves forward when that happens.
Contact
Open a ticket in our Discord if you spot a cookie this page doesn't list or if a setting isn't behaving the way it says it should.
Effective: 2026-05-30. Last updated: 2026-05-30.