What cookies we use, why we use them, and how to control them.
Short version: We use only the cookies needed to keep you logged in and keep the service secure. No ad tracking, no third-party analytics, no profiling.
Cookies are small text files that a website stores on your device when you visit. They're used to remember things between page loads — like whether you're logged in, or your language preference.
Cookies are not programs and cannot carry viruses or install software. They simply store a small piece of text that the website can read on your next visit.
This policy covers cookies and similar technologies (such as local storage) used by Extra Drive on extradrive.net and workspace.extradrive.net.
We use a minimal set of cookies. Every cookie we set is necessary to provide the Service — we don't set cookies for any other purpose.
| Cookie | Purpose | Expires | Type |
|---|---|---|---|
| ed_session | Keeps you logged in during your current browser session. Without this cookie the Service cannot function. | End of session | Required |
| ed_remember | Set when you check "Remember me" at login. Keeps you signed in across browser sessions so you don't have to log in every time. | 30 days | Required |
| ed_csrf | A security token that protects your account against cross-site request forgery (CSRF) attacks. Required for all form submissions. | End of session | Required |
| ed_locale | Stores your preferred language and date/number format settings so we don't have to ask every visit. | 1 year | Functional |
| ed_theme | Stores your light/dark mode preference so the dashboard loads in the right mode immediately. | 1 year | Functional |
| ed_cookie_notice | Records that you have seen and dismissed our cookie notice, so we don't show it on every page. | 1 year | Functional |
All cookies set by Extra Drive have the HttpOnly and Secure flags set, which means they can only be transmitted over HTTPS and cannot be accessed by JavaScript — protecting them from XSS attacks. Session and authentication cookies also use the SameSite=Strict attribute to prevent cross-site leakage.
We do not use any of the following:
Because we use Plausible (a cookieless analytics tool), our marketing website does not require a cookie consent banner under GDPR. We show the notice anyway as a matter of transparency.
The Extra Drive dashboard at workspace.extradrive.net uses Stripe for payment processing. When you visit a billing or checkout page, Stripe may set its own cookies to detect fraud and provide a secure payment experience. These are governed by Stripe's Privacy Policy.
No other third-party services set cookies on Extra Drive pages. We do not embed social media widgets, video players, or external comment systems that would introduce third-party cookies.
Browser settings. You can configure your browser to block or delete cookies at any time. Here's how in the most common browsers:
Important: Blocking the ed_session or ed_csrf cookies will prevent you from logging in to Extra Drive. The Service cannot function without these cookies. Blocking ed_remember simply means you'll need to log in each time you open your browser — the Service will still work.
Opting out of functional cookies. You can clear ed_locale and ed_theme at any time through your browser's developer tools or cookie settings. Your preferences will reset to defaults, but the Service will continue to work normally.
Do Not Track. Some browsers send a "Do Not Track" (DNT) signal. Because we already don't track you across sites, this signal has no additional effect on how we operate.
If we add new cookies or change how we use existing ones, we will update this policy and notify you by email and in-app notice at least 14 days in advance. We will never introduce advertising or tracking cookies without your explicit consent.
The "Last updated" date at the top of this page reflects the most recent revision.
Questions about our use of cookies? We're happy to explain.
Also see our Privacy Policy and Terms of Service.