schmatz
Try free →
Last updated · 2026-05-19

Cookies & tracking

What cookies and similar technologies Schmatz uses, why, and how you can control them. The inventory is short: authentication session cookies and nothing else.

Plain-English SummaryWe use one kind of cookie: the one Auth.js sets so you stay signed in. No advertising cookies, no analytics cookies, no third-party trackers. If we ever add analytics, this page will be updated and you'll be told.

What is a cookie?

A cookie is a small text file that a website stores on your browser to remember information between visits. Related technologies include local storage, session storage, web beacons, and pixel tags. "Cookies" in this notice refers to any of these mechanisms.

Strictly necessary cookies

We use strictly necessary cookies — those required for Schmatz to function — without requesting consent, because they are essential for the service you have asked us to provide.

Authentication session

  • Set by: the Schmatz application (self-hosted Auth.js — no third-party identity provider)
  • Purpose: keep you signed in between page views without requiring re-authentication on each request
  • Duration: 30 days from last sign-in; expires on sign-out
  • Type: HTTP-only, secure, same-site

CSRF protection

  • Set by: Schmatz application
  • Purpose: prevent cross-site request forgery attacks against authenticated endpoints
  • Duration: per-session

Analytics & performance cookies

We do not use these. Page-view telemetry recorded by Schmatz is captured server-side from authenticated session activity (logged into the user_events table) and does not require a third-party analytics cookie. If we ever add a third-party analytics provider, this notice will be updated and we will implement an opt-in consent prompt before any analytics cookies are set.

Advertising & targeting cookies

Schmatz does not use any advertising or targeting cookies. We do not sell advertising. We do not share data with ad networks. We have no plans to.

Third-party cookies on linked domains

When you follow a link from Schmatz to an external website (e.g., a regulatory filing on sec.gov or a Ken French research data page), that external site may set its own cookies. Schmatz is not responsible for the privacy practices or cookies of any third-party site you visit through our links.

How to control cookies

You can control or delete cookies through your browser settings. Useful links:

Blocking strictly necessary cookies (specifically the Auth.js authentication session cookie) will prevent you from staying signed in to Schmatz. There is no work-around because authentication is required to use the service.

Do Not Track

Most major browsers offer a "Do Not Track" signal. There is currently no industry consensus on how to interpret this signal, and Schmatz does not currently change its behavior based on it. Because we do not use advertising or third-party analytics cookies, there is in practice nothing for the signal to disable.

Changes to this notice

If we add any new cookies — particularly third-party analytics or advertising cookies — we will update this notice, revise the "Last updated" date, and (for material additions) request your consent through a banner or in-app notice before any new cookies are set on your device.