Cookies are small pieces of data a website stores in a reader's browser. The Payments Corner uses cookies for functional and security purposes only. TPC does not run third-party advertising trackers and does not fingerprint readers across sites.
The cookies TPC sets
The table below lists every cookie TPC issues, what it does, how long it persists, and where it originates.
| Name | Purpose | Type | TTL |
|---|---|---|---|
tpc_session | Authenticated reader session (signed JWT). Set after a six-digit sign-in code is verified. Drives tier-gated content access. | Functional | 30 days |
tpc_preview_restore | Staff-only. Set when an admin starts an anonymous-preview session. Holds the stashed admin session JWT so Restore admin works. Never set on reader devices. | Functional | 24 hours |
tpc_preview_tier | Staff-only. Set when an admin starts a preview-as-premium session. Substitutes the tier field on the session API so paywalled chrome renders in preview. Never set on reader devices. | Functional | 24 hours |
__cf_bm | Cloudflare bot management — protects the site from automated abuse and scraping. No reader behaviour tracking. | Security | 30 minutes (rolling) |
cf_clearance | Cloudflare clearance token — confirms a browser passed a security check. Issued only when a challenge is presented. | Security | Session / up to 30 days |
All TPC-issued cookies (the three tpc_*) are first-party, HttpOnly, Secure, and SameSite=Lax. They cannot be read by JavaScript and are sent only over HTTPS.
Analytics
TPC uses Cloudflare Web Analytics for aggregate traffic measurement. The beacon does not set cookies, does not collect IP addresses or personally identifying data, and does not fingerprint browsers. It reports page-level counts and performance metrics only.
No third-party tracking
TPC does not embed Google Analytics, Meta Pixel, LinkedIn Insight Tag, X conversion tracking, or any other cross-site tracker. Embedded content from third parties (e.g., YouTube videos on the article pages) may set their own cookies under their own policies when a reader interacts with them.
Disabling cookies
Modern browsers let readers block or delete cookies through site settings. Disabling functional cookies prevents the TPC sign-in flow from working — the session cookie is what tells the site you are signed in. Security cookies are managed by Cloudflare and required to access the site under bot protection.
Updates to this policy
TPC will update this policy whenever cookies are added, removed, or repurposed. The "Last updated" date at the top reflects the most recent change. Material changes are noted in the changelog block of the Privacy Policy.
Contact
Questions about cookie use can go to contact@thepaymentscorner.com.