1 What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work, remember your preferences, and provide information to site owners. Cookies can be first-party (set by us) or third-party (set by external services).
We take a minimal approach to cookies. Media Luna uses only strictly necessary cookies required for the service to function. We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
2 Cookies We Use
The following table lists all cookies set by Media Luna. These are exclusively first-party, essential cookies.
| Cookie Name |
Purpose |
Duration |
Type |
httpOnly |
session |
Authenticates your login session. Required to access the dashboard and API. |
Session (expires on browser close) or up to 7 days if "Remember Me" is selected |
Essential |
Yes — cannot be read by JavaScript |
csrf_token |
Protects against Cross-Site Request Forgery (CSRF) attacks. Required for any form submission or state-changing API call. |
Session |
Essential / Security |
No — must be readable by JavaScript to be attached to requests |
No third-party cookies: We do not load any third-party scripts that set cookies. No Google Analytics, Meta Pixel, Intercom, Hotjar, or similar tracking tools are used on the Media Luna application or landing site.
Local storage: We use your browser's localStorage to remember your UI preference (light/dark mode). This is not a cookie and is not transmitted to our servers.
3 First-Party vs Third-Party Cookies
First-Party Cookies (set by media-luna.co)
Both cookies listed above are first-party cookies, meaning they are set by the media-luna.co domain directly. These cookies are only sent to our own servers and are not accessible to any third party.
Third-Party Cookies
We do not set any third-party cookies. The landing site (media-luna.co) loads fonts from Google Fonts. Google may set its own cookies; however, we load fonts using the crossorigin attribute and do not pass any identifying user data. If you are concerned about Google Fonts cookies, you can block them via your browser's cookie settings without affecting the application.
Our payment processor, Stripe, may set cookies on the stripe.com domain when you visit the billing portal. These are governed by Stripe's Privacy Policy.
4 Why We Cannot Use Cookie-Less Authentication
The session cookie is strictly necessary for security. We use httpOnly session cookies rather than localStorage-based tokens because:
- XSS protection: httpOnly cookies cannot be stolen by malicious JavaScript injected into the page
- Secure flag: Cookies are transmitted only over HTTPS, preventing interception over insecure connections
- SameSite attribute: Cookies use the
Strict SameSite attribute, preventing them from being sent in cross-site requests
Disabling these cookies will prevent you from logging in or using the dashboard.
5 How to Manage Cookies
Browser Settings
You can control and/or delete cookies through your browser settings. Instructions for common browsers:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
You can also use your browser's Developer Tools (Application → Storage → Cookies) to inspect and delete individual cookies set by our domains.
Impact of Disabling Cookies
Because we only use strictly necessary cookies, blocking or deleting our cookies will prevent you from authenticating and using the Media Luna application. The landing site (this page) can be browsed without cookies.
Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) signal. Because we do not engage in any behavioral tracking, our service behaves identically regardless of whether DNT is enabled.
6 Changes to This Policy
We may update this Cookie Policy if we introduce new features that require additional cookies. We will update the "Last Updated" date and, for material changes, notify you via email or dashboard announcement. We commit to not introducing non-essential cookies without updating this policy and, where required by law, obtaining your consent.
7 Contact Us
If you have questions about our use of cookies, contact us at: