Cookie Policy.

Cookies are small text files stored on your device when you visit a website. They let the site remember information about you — your login state, your preferences, what's in your cart, and how you use the site. EdEarn uses cookies and similar technologies (localStorage, sessionStorage, fingerprinting tokens) to keep you signed in, remember your theme, measure traffic, and improve the platform.

2.1 Strictly Necessary (always on) • Authentication: edearn-session, edearn-refresh, edearn-mfa • CSRF protection: edearn-csrf • Load balancing: AWSALB, AWSALBCORS You can't disable these — the Platform won't work without them. 2.2 Functional • Theme preference: edearn-theme (dark / light) • Language: edearn-locale • UI dismissals: edearn-banner-dismissed-* 2.3 Analytics • PostHog (product analytics): ph_* • Vercel Analytics: __vercel_* We use these to understand which features are used and which are broken. 2.4 Marketing (opt-in only) • Conversion tracking on landing pages — only set after you accept the cookie banner.

Some cookies are set by services we use to run EdEarn: • Stripe / Razorpay — secure payment iframes • YouTube / Vimeo — embedded course videos • Cloudflare — DDoS protection and CDN • Google / GitHub / Apple — OAuth sign-in (only when you click those buttons) Each provider has its own privacy policy. We never share your personal data with these providers beyond what's needed to render their feature.

4.1 In EdEarn Go to Settings → Privacy to: • Toggle analytics tracking • Toggle marketing cookies • Clear all non-essential cookies 4.2 In Your Browser All major browsers let you block, delete, or get notified about cookies: • Chrome: Settings → Privacy and security → Cookies • Firefox: Settings → Privacy & Security • Safari: Preferences → Privacy • Edge: Settings → Cookies and site permissions Blocking strictly-necessary cookies will break login and prevent you from using EdEarn. 4.3 Do Not Track We respect the DNT signal where required by law.

• Session cookies — deleted when you close the browser • Authentication tokens — 7 days (refresh tokens 30 days) • Theme / language — 1 year • Analytics IDs — 13 months (auto-rotated) • Marketing — 90 days You can delete cookies any time from your browser or via Settings → Privacy.

• All authentication cookies are HttpOnly, Secure, and SameSite=Lax • Cookies are signed with HMAC to prevent tampering • Tokens rotate on every refresh and are revoked on logout • Sensitive data is never stored in localStorage

When we add, remove, or change a cookie, we update this page and bump the "Last Updated" date. Material changes (e.g. introducing marketing cookies) trigger a fresh consent banner.

Questions about cookies? • Email: privacy@edearn.com • Cookie controls: Settings → Privacy See our Privacy Policy for the broader picture of how we handle your data.