Cookies

Drawhisper Technology Limited
著墨語科技有限公司

Last Updated: December 2025

1. Introduction

This Cookie Policy explains how Drawhisper Technology Limited ("Drawhisper," "Company," "we," "us," or "our") uses cookies and similar technologies on our website and services. This policy should be read alongside our Privacy Policy, which provides additional information about how we collect and use your personal data.

By continuing to use our Services, you consent to the use of cookies as described in this policy. You can manage your cookie preferences as outlined in Section 5 below.

2. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. Cookies are widely used to make websites work more efficiently, provide a better user experience, and give website owners useful information about how their sites are being used.

Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your device for a set period or until you delete them, while session cookies are deleted when you close your web browser.

3. How We Use Cookies

Drawhisper uses a minimal set of cookies focused on essential functionality. We do not use cookies for advertising, marketing, or third-party tracking purposes. Our cookie usage is limited to authentication and language preferences.

3.1 Essential Cookies (Strictly Necessary)

These cookies are required for the basic operation of our Services and cannot be disabled. They enable core functionality that you have explicitly requested.

Authentication Cookies: We use Auth.js (NextAuth.js) to manage user authentication. Auth.js sets secure, HTTP-only cookies to maintain your login session, store your authentication token, and protect against cross-site request forgery (CSRF) attacks. These cookies ensure that you remain logged in as you navigate between pages and that your account is protected from unauthorized access. Without these cookies, you would need to log in again on each page you visit.

3.2 Functional Cookies

These cookies enable enhanced functionality and personalization based on your preferences.

Locale Cookie: We use next-intl for internationalization. A single cookie stores your preferred language setting, allowing our platform to display content in your chosen language across sessions. This cookie is set when you select a language and persists until you change your preference or clear your cookies.

4. Cookies We Use

The following table provides details about the specific cookies used on our platform.

Cookie Name	Type	Purpose	Duration
authjs.session-token	Essential	Secure JWT session token that maintains your authenticated login state (Auth.js)	30 days or until logout
authjs.callback-url	Essential	Stores the callback URL during the authentication flow (Auth.js)	Session
authjs.csrf-token	Essential	Protects against cross-site request forgery attacks during authentication (Auth.js)	Session
NEXT_LOCALE	Functional	Stores your preferred language/locale setting (next-intl)	1 year

Note: Cookie names may vary slightly depending on your deployment environment. In production environments with HTTPS, Auth.js cookies are prefixed with __Secure- for enhanced security.

5. Managing Your Cookie Preferences

5.1 Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically find these options in the "Settings," "Preferences," or "Privacy" sections of your browser. Common browser cookie management locations are as follows: for Chrome, visit chrome://settings/cookies; for Firefox, visit about:preferences#privacy; for Safari, go to Preferences then Privacy; and for Edge, visit edge://settings/privacy.

Please note that if you disable essential cookies, you will not be able to log in to your account or use features that require authentication.

5.2 Language Preferences

You can change your language preference at any time through the language selector in our interface. This will update the locale cookie to reflect your new preference.

5.3 Logging Out

When you log out of your account, your session token is invalidated. You can also clear all cookies through your browser settings to remove all stored data.

5.4 Effects of Disabling Cookies

If you choose to disable or reject cookies, please be aware of the following effects. Essential authentication cookies cannot be disabled while maintaining access to authenticated features; you will be unable to log in or stay logged in without these cookies. Disabling the locale cookie will result in the platform defaulting to the system language setting on each visit rather than remembering your preference.

6. Local Storage and Session Storage

In addition to cookies, we may use browser local storage and session storage for application state management. These technologies store data locally on your device to improve performance and user experience.

Local Storage: We may use local storage to cache non-sensitive application data for faster loading times. Local storage data persists until explicitly cleared through your browser settings or through actions within our application.

Session Storage: We use session storage for temporary data that should not persist beyond your current browsing session, such as temporary form states.

Note: Search history and AI image prompt history, if stored, are maintained server-side in association with your user account rather than in browser cookies.

7. Third-Party Cookies

Drawhisper does not use third-party advertising or tracking cookies. We do not allow third parties to place cookies on your device through our Services for advertising purposes.

Our payment processor, Stripe, may set cookies when you access payment-related pages. These cookies are governed by Stripe's privacy and cookie policies. We recommend reviewing Stripe's policies for more information about their cookie practices.

8. Data Retention for Cookie Data

Data collected through cookies is retained as follows. Session cookies (CSRF token and callback URL) are deleted when you close your browser. The authentication session token expires after 30 days of inactivity or upon logout, at which point you will need to sign in again. The locale preference cookie is retained for one year to remember your language setting across visits.

You may delete cookie data at any time through your browser settings.

9. Security Measures

Our authentication cookies implement industry-standard security measures. Cookies are marked as HTTP-only to prevent access by client-side scripts, reducing the risk of cross-site scripting (XSS) attacks. In production environments, cookies are marked as Secure, ensuring they are only transmitted over encrypted HTTPS connections. CSRF tokens protect against cross-site request forgery attacks. Session tokens are cryptographically signed using JWT (JSON Web Token) technology.

10. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a revised "Last Updated" date.

We encourage you to review this Cookie Policy periodically to stay informed about our use of cookies.

11. Contact Information

If you have any questions about our use of cookies or this Cookie Policy, please contact us: