Cookie Policy
Exactly which cookies and browser storage SecretPNG uses, which third-party cookies can appear after consent, and where none are allowed.
Effective 2026-07-14 · Last updated 2026-07-14
Overview
This policy explains how SecretPNG (secretpng.com) uses cookies and similar browser storage technologies (localStorage, sessionStorage, and equivalents). SecretPNG is operated by SecretPNG (legal entity to be confirmed before launch).
Our use is deliberately minimal: one first-party consent-preference entry, optional Google cookies on public pages only after you consent, and local browser storage that the tools use on your own device. The secure workspace uses no third-party cookies or scripts at all.
What cookies and browser storage are
A cookie is a small text file a website asks your browser to store and send back on later visits. localStorage and sessionStorage are similar browser features that store data on your device without automatically sending it to any server. Sites use these technologies for things like remembering preferences, measuring traffic, and serving ads.
An important distinction for SecretPNG: data in localStorage stays on your device unless a script sends it somewhere. Our tools use local storage precisely because it does not leave your browser.
Our first-party consent preference
We store a single first-party consent-preference record — as a cookie and/or a localStorage entry — that remembers the choices you made in the consent banner (for example, whether you allowed analytics or advertising cookies on public pages). It contains your preference settings and nothing else: no identifier tied to your identity, no tracking history.
Without this record, we would have to ask for your consent on every visit. It is used for no other purpose.
Third-party cookies on public pages (only after consent)
Our public informational pages may use Google AdSense (advertising) and Google Analytics 4 (traffic measurement). Google's scripts, and therefore Google's cookies, are loaded only after you consent where consent is required. If you decline, those scripts are not loaded and those cookies are not set.
Where Google makes non-personalized advertising options available, we use them. Google's own policies govern the cookies its services set; see Google's privacy documentation for the specifics of each cookie.
Cloudflare Web Analytics
Public pages may also use Cloudflare Web Analytics, a privacy-focused measurement tool that does not use cookies or client-side state to track individuals. Because it sets no cookies, it does not appear in the consent-gated category, but we disclose it here for completeness. It gives us aggregate page-view counts, not visitor profiles.
The secure workspace: a no-cookie, no-third-party zone
Every page under /app/* — the secure workspace where the actual tools run — contains no ads, no analytics, no third-party scripts, and no marketing pixels. No advertising or analytics cookies are set there, regardless of your consent choices elsewhere on the site. This is a deliberate design commitment: the environment where you handle files, passwords, and secrets is kept free of third-party code.
Local storage used by the tools
Some tools use your browser's local storage on your device — most notably local private notes, which live only in your own browser storage and are never transmitted to SecretPNG. Tool settings may also be remembered locally. This data is yours: it stays on your device, we cannot read it, and clearing your browser's site data removes it permanently (including any local private notes, which we cannot restore).
The consent banner and changing your mind
Where consent is required, a banner on public pages lets you accept or decline analytics and advertising storage before any of it is set. You can change or withdraw your consent at any time by reopening the consent settings from the link in the site footer; withdrawing consent stops the relevant scripts from loading on subsequent page views.
Declining consent does not reduce the functionality of any tool. The tools do not depend on advertising or analytics cookies in any way.
Managing cookies in your browser
Your browser gives you additional controls: you can block or delete cookies, clear site data, and configure per-site rules. Consult your browser's help documentation for instructions. Note that clearing site data for secretpng.com deletes your consent preference (we will ask again) and any local tool data, including local private notes.
Do Not Track and Global Privacy Control
Where we can technically detect a Global Privacy Control (GPC) signal and applicable law gives it effect, we treat it as a valid opt-out of consent-gated advertising and analytics storage on public pages. Because our default is to load nothing until you affirmatively consent, visitors sending such signals get the same outcome as visitors who simply decline the banner.
Cookies we do not use
For clarity, SecretPNG does not use: cross-site tracking cookies of our own, fingerprinting scripts, session-replay tools, social media pixels, or any cookie-based re-identification of visitors across the secure workspace. There are no login or session cookies because there are no accounts at launch.
Changes to this policy
If we add, remove, or change a cookie or storage use, we will update this policy and its effective date. A material expansion of third-party cookie use on public pages would be reflected in the consent banner as well, so it would require your consent before taking effect where consent is required.
Contact and draft status
Questions about this policy can be sent to support@secretpng.com.
This document is a draft prepared for launch and requires review by qualified legal counsel before public launch.