What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work efficiently, remember your preferences, and provide information to the site operators. Cookies are sent back to the originating website on subsequent visits, or to another website that recognizes them.
There are different types of cookies. Session cookies are temporary and deleted when you close your browser. Persistent cookies remain on your device for a set period. First-party cookies are set by the website you are visiting. Third-party cookies are set by a different domain, typically for tracking or advertising purposes.
Our Approach
Privacy-first by design
NexStock does not use advertising cookies, cross-site tracking cookies, or third-party analytics that profile you across the web. The only cookies we set are strictly necessary for the service to function — authentication tokens so you can stay logged in.
We believe your browsing behavior is your business. We have deliberately avoided integrating tracking networks like Google Analytics, Facebook Pixel, or any other third-party cookie-based analytics. Any usage analytics we collect are server-side, associated with your account, and described in our Privacy Policy.
Essential Cookies
These cookies are strictly necessary for NexStock to function. Without them, you cannot log in or use the application. They cannot be disabled without breaking the service.
| Cookie name | Duration | Purpose | Flags |
|---|
ih_access_token | 15 minutes | Short-lived JWT access token used to authenticate API requests. Expires quickly to minimize exposure. | HttpOnlySecure |
ih_refresh_token | 30 days | Opaque refresh token used to obtain a new access token without re-login. Rotated on each use. | HttpOnlySecure |
Security properties explained
- HttpOnly: The cookie cannot be accessed by JavaScript in the browser, protecting it from XSS (cross-site scripting) attacks.
- Secure: The cookie is only sent over HTTPS connections, never over unencrypted HTTP.
- SameSite=Strict: The cookie is not sent on cross-site requests, protecting against CSRF (cross-site request forgery) attacks.
Token rotation
The ih_refresh_token is rotated on every use. When your access token expires and you request a new one, the old refresh token is invalidated and a new one is issued. This limits the window of exposure if a token were ever compromised.
Analytics Cookies
NexStock does not use client-side analytics cookies. We do not integrate Google Analytics, Mixpanel, Amplitude, or any other third-party analytics that set cookies in your browser.
Any product analytics we collect are done server-side using server logs and in-product event tracking tied to your account (not anonymous browser tracking). This data is used solely to improve the product and is never shared with advertising networks.
Preference Cookies
We may use browser localStorage (not cookies) to store lightweight UI preferences such as sidebar collapse state, table column widths, or theme selection. These are stored locally on your device and are never transmitted to our servers.
You can clear these at any time by clearing your browser's site data for nexstock.com. Doing so will not affect your account or data — only local UI settings will reset.
Third-Party Cookies
We do not use third-party tracking or advertising cookies. NexStock does not load any scripts from advertising networks, social media platforms, or third-party analytics providers that would result in cookies being set on your device by those parties.
The only external resources loaded by NexStock are our own CDN-served assets and fonts. These do not set cookies.
Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to view, delete, and block cookies. Instructions for common browsers:
- Chrome:Settings → Privacy and security → Cookies and other site data
- Firefox:Settings → Privacy & Security → Cookies and Site Data
- Safari:Preferences → Privacy → Manage Website Data
- Edge:Settings → Cookies and site permissions → Cookies and site data
Important: Blocking or deleting the ih_access_token and ih_refresh_token cookies will log you out of NexStock immediately and you will need to log in again. These cookies are strictly required for authentication.
Policy Changes
We may update this Cookie Policy from time to time, particularly if we introduce new features that require additional cookies. We will notify you of material changes by updating the date at the top of this page and, where appropriate, by email. We encourage you to review this page periodically.