Cookie Policy
This page lists the cookies and browser-storage keys the Service uses, grouped by the four ePrivacy categories: essential, functional, analytics, and marketing. For the wider data-handling context (who we are, your rights, retention, transfers), see the Privacy Policy.
Essential storage
Required for the Service to function. No consent required.
| Key | Type | Purpose | Lifetime |
|---|---|---|---|
muse_token | localStorage | JSON Web Token for authentication | Until you log out or it expires |
muse_user | localStorage | Cached account profile so the UI renders without an extra request | Until you log out |
sb-*-auth-token | localStorage | Authentication SDK refresh-token storage | Until you log out or session expires |
post_login_redirect | sessionStorage | Remember the page to return to after OAuth sign-in | Until tab closes |
cookie_consent_v1 | localStorage | Remembers your cookie preferences so we don't reprompt | Until you clear it |
Functional storage
Remembers your choices and preferences. Improves UX but the Service still works without them. Stored in your browser only; not transmitted to our servers as identifiers. Categories include:
- UI preferences: theme (light/dark), generation defaults (aspect ratio, resolution, engine, version count), Discover feed filters, grid column count, sidebar widths, default for the "share anonymously" toggle, dismissed onboarding tour state.
- Short-lived caches: your collection list, the validated auth-page slideshow image list, and a transient payload used to carry "recreate" context between pages when you click recreate on a public post.
All of the above are stored in localStorage or sessionStorage under self-descriptive key names. Clear them at any time from your browser's storage settings.
Analytics
Loaded only if you consent to analytics in the cookie banner. We use a third-party product-analytics provider (data hosted in the European Union) to measure how the product is used so we can fix what doesn't work and prioritise what does. The provider does not run advertising, retargeting, or cross-site tracking.
| Key | Type | Purpose | Lifetime |
|---|---|---|---|
ph_* | localStorage | Analytics distinct ID, session ID, and feature-flag cache | Up to 1 year, refreshed on each visit |
ph_*_window_id | sessionStorage | Per-tab window identifier so events from different tabs don't collide | Until tab closes |
The * in the keys above is a non-personal project identifier. Equivalent cookies (rather than localStorage) may also be set if your browser blocks localStorage; those follow the same lifetimes. To revoke consent, use .
Marketing
We do not currently run any advertising pixels or remarketing tags. We do not share data with ad networks. Same commitment as for analytics: any future addition triggers a re-prompt.
Third parties that may set their own cookies
- Our authentication provider: required to keep you signed in.
- Our content-delivery and bot-protection provider: may set a
__cf_bmcookie for bot management on image and asset requests. - A third-party web-font provider: sets no cookies, but your IP address is sent to the font host during the font load.
- Our product-analytics provider (only if you consent to analytics): EU-hosted, no advertising or cross-site tracking.
- Our payment processor (when paid plans launch): may set cookies during checkout for fraud prevention, session management, and compliance. These are governed by the payment processor's own privacy and cookie policies.
Manage your choice
You can also clear cookies and storage directly from your browser (Chrome: Settings → Privacy and security → Clear browsing data; Firefox: Settings → Privacy & Security → Cookies and Site Data; Safari: Settings → Privacy → Manage Website Data). Note that clearing storage will sign you out and reset your preferences.
Changes to this policy
If we add a new category or a new third party that sets cookies, we update this page and re-prompt for consent via the cookie banner. The "Last updated" date at the top reflects the most recent revision.