1. What cookies are
A cookie is a small text file that a website asks your browser to store on your device. Similar technologies include local storage, session storage, web beacons and pixel tags. We use the word "cookies" in this policy to cover all of these.
Cookies can be set by the website you are visiting ("first-party") or by other domains that the site pulls resources from ("third-party"). They can last only for the current browsing session ("session cookies") or for a longer period ("persistent cookies").
2. How we use cookies
We use cookies for three reasons only: to make the Service work, to keep it secure, and to understand what is broken so we can fix it. We do not use cookies for advertising, cross-site tracking, or building behavioural profiles. We do not sell the data collected through cookies.
For anything that is not strictly necessary to provide a service you have asked for, we ask for your consent before we set the cookie, and we remember your choice. You can change or withdraw your consent at any time (see section 6).
3. Categories of cookies we use
- Strictly necessary: required to deliver the Service you have asked for. Examples: keeping you signed in, remembering your cookie preferences, protecting against cross-site request forgery, routing traffic to a healthy server. These do not require consent under Article 5(3) of the ePrivacy Directive because they fall within the "strictly necessary" exemption.
- Functional: remember choices you make, such as language preference or interface settings. We rely on your consent for these, which we may imply from clear affirmative action (for example, choosing a language from the menu).
- Security and anti-abuse: detect sign-in anomalies, block brute-force attempts, and keep payment flows safe. Where these are necessary to provide a secure service you have asked for, they fall under the strictly necessary exemption.
- Analytics (when active): measure aggregate use of the Service so we can improve it. Any such cookie is set only after you consent and is configured to respect user privacy (for example, IP truncation and first-party storage).
We do not currently use advertising or re-marketing cookies. If this changes, we will update this policy and request new consent before any such cookie is set.
4. Detailed list of cookies and storage keys
The table below lists the cookies and storage items that the Service may set. Specific names and providers may change when we update the Service. The category column tells you whether the item requires consent.
| Name / key | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| te_session | The Endlessness (first-party) | Keeps you signed in across page loads and protects against CSRF. | Strictly necessary | Session, cleared when you close the browser |
| te_auth_token | The Endlessness (first-party) | Stores the authentication token issued after you sign in, so you do not have to sign in on every page. | Strictly necessary | Up to 14 days, refreshed automatically |
| te_csrf | The Endlessness (first-party) | Cross-site request forgery token for state-changing requests. | Strictly necessary | Session |
| te_cookie_consent | The Endlessness (first-party) | Stores your cookie consent choices so that we do not have to ask again on every visit. | Strictly necessary | 12 months |
| te_prefs | The Endlessness (first-party) | Remembers UI preferences such as theme, content rating filter and language. | Functional | 12 months |
| Firebase authentication tokens (including __Host- prefixed cookies and IndexedDB entries set on app.theendlessness.com) | Google Ireland Limited | Sign-in, token refresh, session management, and abuse protection provided by the authentication platform. | Strictly necessary | Up to 1 hour (refresh tokens) and up to 30 days (device) |
| Stripe cookies (m, __stripe_mid, __stripe_sid and related keys) | Stripe Payments Europe, Limited | Fraud prevention, checkout session continuity, and payment processing when you open a billing page. | Strictly necessary for payments | Session to 12 months, depending on cookie |
You can inspect the cookies set on your device at any time by using your browser's developer tools, usually under a "Storage" or "Application" tab.
5. Third-party cookies
Some cookies above are set by third parties that help us run the Service. Those providers act as our data processors for the cookies they set on our behalf, and their own processing is described in the Privacy Policy. The landing site https://theendlessness.com itself does not embed advertising scripts, and embedded media (if any) is loaded only after you consent.
6. How to control cookies
You can accept, refuse or withdraw consent at any time:
- Use the cookie banner the first time you visit the Service, or the "Cookie settings" link in the footer to reopen it.
- Change your browser settings to block or delete cookies. Every major browser has help pages with step-by-step instructions: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, Brave, and others.
- Use private browsing or incognito mode to browse without saving cookies between sessions.
If you block strictly necessary cookies, parts of the Service may not work. In particular, you will not be able to stay signed in or complete a checkout.
7. Do Not Track and Global Privacy Control
Browser signals such as "Do Not Track" and "Global Privacy Control" are not standardised in a way that binds website operators under Portuguese or EU law. We still respect them where we can, and we do not set non-essential cookies for users whose browser sends a Global Privacy Control signal.
8. Changes to this policy
If we change the cookies we use, we will update this policy and the effective date at the top. Where the change adds a new category of cookie that requires consent, we will ask for fresh consent before the new cookie is set. Questions about cookies can be sent to info@theendlessness.com.
Questions about this document
Write to info@theendlessness.com or by post to The Endlessness, Rua Visconde Seabra nº27, 1600-766 Lisbon, Portugal. We answer in English or Portuguese.