Skip to content
draft · pending counsel review
last updated 2 May 2026

Cookies.

We keep cookies to a minimum and tell you what each one does.

What we use

First-party (set by us)

  • Session — when you sign in, we set a secure, HTTP-only session cookie so you stay logged in. Lifetime: up to 30 days, shorter if you sign out.
  • CSRF — a short-lived token tied to your sign-in session that prevents cross-site request forgery.
  • Consent state — a small marker that remembers whether you’ve dismissed any in-app notices.

We do not use first-party tracking or advertising cookies.

Third-party embeds

  • Plausible Analytics — we use Plausible for aggregate page-view counts. It is cookieless and does not store identifiers in your browser. Listed here only for transparency.
  • Behold Instagram embed — the Instagram feed on the homepage is rendered by Behold (behold.so) via a script and assets loaded from w.behold.so. Behold and Instagram may set their own cookies. See Behold’s privacy policy and Instagram’s.
  • Stripe — when you go to a payment page, Stripe sets cookies to detect fraud. Stripe’s cookie list.
  • Google / Apple sign-in — only if you choose that route. Standard OAuth flows; no extra cookies set on OnTheMove.
  • Vercel — our hosting provider sets a small load-balancer cookie. No tracking.

Your controls

  • Most browsers let you block or delete cookies in their settings. Blocking session cookies will sign you out.
  • You can opt out of our marketing emails using the unsubscribe link in any email or by writing to privacy@onthemovedxb.com.
  • See our Privacy notice for the full picture.

Changes

If we add or remove an embed, we’ll update this page. The date at the top reflects the last change.