Cookie & Session Notice

1. Overview

This Cookie & Session Notice explains the cookies, session storage, and related browser technologies used by the MyWork platform. We believe in transparency about how we use these technologies and have designed our approach to be as minimal and privacy-respecting as possible.

Key facts:

We use only first-party cookies and storage — no third-party tracking cookies.
We do not use Google Analytics, Facebook Pixel, or any third-party analytics service.
We do not serve advertising or use advertising cookies.
All analytics are processed and stored on our own servers.

2. Cookies We Use

Cookie	Category	Purpose	Duration	Set On
`PHPSESSID`	Essential	Maintains your authenticated session after login. Contains a random session identifier — no personal data is stored in the cookie itself.	Browser session (deleted when you close your browser)	Admin dashboard, Customer portal
`mw_rv`	Analytics	Records whether you are a returning visitor to the public website. Contains only the value "1". Used to calculate new vs. returning visitor metrics.	365 days	Public website only

3. Browser Storage (Not Cookies)

In addition to cookies, we use browser session storage for analytics purposes:

Key	Type	Purpose	Duration	Used On
`mw_sid`	Session Storage	An anonymous, randomly-generated session identifier that groups your page views within a single browsing session. This is not a cookie — it is stored in your browser tab's session storage and cannot be accessed by other websites or tabs.	Automatically deleted when you close the tab	Public website only

Session storage differs from cookies in that it is isolated to a single browser tab, is not sent to the server with every request, and is automatically cleared when the tab is closed.

4. Session Security Technologies

For the admin dashboard and customer portal, we use additional session security measures:

Session Fingerprinting

When you log in, we create a hash of your browser's user agent string combined with a portion of your IP address (subnet). This fingerprint is checked on each request to detect potential session hijacking. Specifically:

We hash the combination of your browser's user agent and your IP subnet (not the full IP address).
If the fingerprint changes mid-session (suggesting someone else may be using your session token), the session is invalidated for security.
This fingerprint is not used for tracking, advertising, or analytics. It exists solely for security.

Session Idle Timeout

Authenticated sessions automatically expire after 30 minutes of inactivity. You will be required to log in again after a timeout. This protects your account if you forget to log out on a shared device.

CSRF Tokens

Forms in the Platform include hidden CSRF (Cross-Site Request Forgery) tokens that are tied to your session. These prevent malicious websites from submitting forms on your behalf. The tokens are generated per-session and are not stored persistently.

5. What We Track on the Public Website

On the public website (mywork.makeitnice.world), our first-party analytics system collects:

Pages visited, time spent on each page, and scroll depth
Clicks on buttons, links, and calls-to-action
Form interactions (start, field focus, submission/abandonment)
Page load performance (to optimize site speed)
Navigation patterns (entry page, exit page, page flow)
Device type, browser, screen size, and operating system
Approximate location via IP geolocation (city/region/country)

All of this data is stored in our own database on our own server. It is never shared with third-party analytics or advertising services.

6. Third-Party Cookies

We do not set any third-party cookies.

Our third-party integrations (Stripe for payments, Resend for email) operate server-side and do not set cookies in your browser through our Platform. If you visit Stripe's checkout page directly, Stripe may set its own cookies subject to Stripe's Cookie Policy.

7. Managing Cookies

You can control cookies through your browser settings:

Block all cookies: You can configure your browser to block all cookies. However, this will prevent you from logging into the Platform (the PHPSESSID cookie is required for authentication).
Delete existing cookies: You can clear cookies at any time through your browser settings. This will log you out of any active sessions.
Block specific cookies: Most browsers allow you to block cookies on a per-site basis. Blocking mw_rv will not affect Platform functionality.

Since we only use essential and first-party analytics cookies (no advertising or third-party tracking), we do not currently display a cookie consent banner. If regulations in your jurisdiction require explicit consent for analytics cookies, please contact us.

8. Related Documents

9. Contact

Questions about our use of cookies and session technologies? Contact us:

Email: AmericanDreams@pm.me
Address: 2316 N Wahsatch Ave, #253, Colorado Springs, CO