Cookie Policy
This policy explains what cookies are, which ones we use on UTMEprep, and how you can control them.
Last updated: May 19, 2026
Plain-language summary
- We use
localStorage- not traditional HTTP cookies - to store your session tokens. - No advertising, tracking, or cross-site cookies are used.
- OAuth sign-in (Google/Microsoft/GitHub) uses a temporary PKCE token deleted immediately after login.
- Clear your browser site data to remove all stored tokens (this signs you out).
1. What Are Cookies?
Cookies are small text files placed on your device by a website. They allow the website to remember information about your visit - such as your preferred language or whether you are logged in - making your next visit easier and the site more useful to you.
Similar technologies include local storage, session storage, and pixel tags. We refer to all of these collectively as "cookies" in this policy.
2. Cookies We Use
UTMEprep relies on browser storage rather than traditional HTTP cookies. The table below lists every item we store locally on your device.
| Name / Key | Storage | Purpose | Expiry |
|---|---|---|---|
accessToken | localStorage | Keeps you signed in to UTMEprep (JWT) | 15 minutes |
refreshToken | localStorage | Silently renews your access token so you stay logged in | 7 days |
| PKCE verifier | sessionStorage | Secures the OAuth handshake when signing in with Google / Microsoft / GitHub. Deleted immediately after sign-in. | Session only |
| Theme preference | localStorage | Remembers your light / dark mode choice | Persistent |
| Exam mode preference | localStorage | Remembers your last selected exam mode (practice vs. timed) | Persistent |
What we do NOT store
- Advertising or targeting cookies
- Cross-site tracking pixels or beacons
- Third-party analytics cookies (e.g. Google Analytics)
3. Third-Party Cookies
When you sign in with a social provider (Google, Microsoft, GitHub), that provider's authentication page may set its own cookies according to its own privacy policy. UTMEprep does not control those cookies. The OAuth handshake is completed on the provider's domain before you are redirected back to us.
4. How to Control Cookies
Because we rely on localStorage and sessionStorage rather than traditional HTTP cookies, the standard browser cookie controls may not fully apply. You can clear all stored site data through your browser settings:
- Chrome / Edge: Settings → Privacy and security → Clear browsing data → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data
- Safari: Preferences → Privacy → Manage Website Data
Clearing site data will sign you out of UTMEprep. Your account and progress data remain intact on our servers - you can sign back in at any time.
5. Changes to This Policy
We may update this Cookie Policy when we add new features that change how we store data locally. We will update the "Last updated" date at the top of this page. Significant changes will be communicated via email or an in-app notice.
6. Contact Us
Questions about our use of cookies? Email us at privacy@utmeprep.app or visit our Help Centre.