Cookie Policy
Last Updated: April 29, 2026
Effective Date: April 29, 2026
This Cookie Policy ("Policy") explains how PromptRanks ("we," "us," or "our") uses cookies and storage technologies on your device when you access our Platform at https://app.prompt-skill.com.
1. Overview
PromptRanks takes a privacy-first approach to browser storage. We use a minimal number of HTTP cookies for essential platform functionality, along with HTML5 browser storage technologies (localStorage and sessionStorage) for authentication and session management.
We do not use cookies for advertising, analytics tracking, or cross-site tracking. No cookie consent banner is required for our own cookies, as they are all strictly necessary for platform operation.
2. Our Approach: Minimal Essential Cookies
PromptRanks uses only two (2) HTTP cookies, both strictly necessary for the Platform to function:
| Cookie | Purpose | Duration | Attributes |
|---|---|---|---|
ref_code | Stores referral code when visiting via a referral link (/ref/{code}) | 30 days | First-party |
refresh_token | Stores the long-lived Refresh Token for session management | 30 days | First-party, HttpOnly, Secure, SameSite=Strict |
What we do NOT use cookies for:
- No first-party tracking cookies
- No third-party analytics cookies (e.g., Google Analytics cookies)
- No advertising cookies
- No cookie consent banners are needed for our own cookies
3. HTTP Cookies We Set
3.1 ref_code Cookie
This cookie is set when you visit the Platform via a referral link (https://prompt-skill.com/ref/{code}).
| Property | Value |
|---|---|
| Name | ref_code |
| Purpose | Stores the referral code to attribute new user registrations to the referrer |
| Duration | 30 days from set date |
| Type | First-party, Essential |
| Set by | Server-side redirect when visiting /ref/{code} |
| Data stored | Referral code string (e.g., alice25) |
This cookie is read during registration to automatically attribute the referral relationship. It does not track your browsing behavior.
3.2 refresh_token Cookie
This cookie is set when you log in to maintain your session across page reloads and browser restarts.
| Property | Value |
|---|---|
| Name | refresh_token |
| Purpose | Stores the long-lived Refresh Token for seamless session renewal |
| Duration | 30 days from login (aligned with token expiry) |
| Type | First-party, HttpOnly, Secure, SameSite=Strict |
| Set by | Server-side during login/authentication |
| Data stored | SHA256-hashed refresh token |
Security attributes:
- HttpOnly: Cannot be accessed via JavaScript, protecting against XSS attacks.
- Secure: Only transmitted over HTTPS connections.
- SameSite=Strict: Only sent with same-site requests, protecting against CSRF attacks.
4. Browser Storage Technologies
4.1 localStorage
localStorage data persists on your device until you or your browser removes it. It survives browser restarts and tab closures.
| Key | Description | Purpose | Retention |
|---|---|---|---|
auth_user | JSON object containing user ID, email, name, and avatar URL | Maintains your logged-in profile state | Until logout or account change |
prk_session_id | Anonymous session tracking identifier | Tracks usage for anonymous users prior to registration | Until cleared or 30 days of inactivity |
Note on Access Tokens: Short-lived Access Tokens (24-hour validity) are stored only in application memory (not persisted to localStorage or any persistent storage). This means they are lost when you close the browser or navigate away, and are refreshed automatically using the Refresh Token cookie.
4.2 sessionStorage
sessionStorage data persists only within the current browser tab or window. It is automatically cleared when the tab or window is closed.
| Key | Description | Purpose | Retention |
|---|---|---|---|
oauth_provider | The OAuth provider selected (e.g., "google", "github") | Maintains context during the OAuth redirect flow | Until tab is closed |
auth_intent | Navigation destination after authentication completes | Redirects you to the correct page after login | Until tab is closed |
pending_assessment_claim | Assessment ID to claim after authentication | Links anonymous Assessment results to your account | Until tab is closed |
pending_subscription_plan | Selected subscription plan (e.g., "premium_monthly", "premium_annual") | Preserves your plan choice during checkout flow | Until tab is closed |
pending_subscription_upgrade | Flag indicating a pending subscription upgrade | Manages the upgrade flow after payment | Until tab is closed |
5. Why We Use These Technologies
5.1 Essential Cookies (Required for Platform Operation)
The HTTP cookies are strictly necessary for the Platform to function:
ref_code: Enables the referral system to attribute new user registrations to the correct referrer. Without this cookie, referral relationships cannot be tracked across the redirect from/ref/{code}to the landing page and through the registration process.refresh_token: Enables seamless session management. Without this cookie, you would need to re-authenticate every time your short-lived Access Token expires (every 24 hours). The Refresh Token allows automatic, invisible session renewal.
5.2 Essential Storage (Required for Platform Operation)
The following storage items are strictly necessary for the Platform to function:
auth_user: Enables the Platform to display your name, email, and avatar without making a separate API call on every page load.prk_session_id: Enables anonymous users to take Assessments and later claim their results when they register.- Access Token (in memory): Authenticates your API requests. Stored only in memory for security — not persisted to disk.
5.3 Session Flow Storage (Improves User Experience)
The sessionStorage items are used to maintain state during multi-step flows:
- OAuth authentication: Preserves your intent and context across redirects to Google or GitHub and back.
- Subscription checkout: Preserves your selected plan and assessment context across the Stripe checkout redirect.
- Assessment claiming: Links your pre-registration Assessment results to your account after you register or sign in.
6. What We Do NOT Store
PromptRanks does not use cookies or browser storage for:
- Tracking your browsing behavior across websites
- Serving personalized advertisements
- Analytics or performance monitoring via third-party scripts
- Social media tracking or pixel tracking
- Fingerprinting your device or browser
- Storing passwords (the Platform is entirely passwordless)
7. Third-Party Cookies and Storage
When you interact with third-party services integrated into the Platform, those services may set their own cookies or storage:
7.1 Stripe (Payment Processing)
When you proceed to Stripe Checkout to subscribe, Stripe may set its own cookies on the Stripe-hosted payment page. These are governed by Stripe's Cookie Policy. PromptRanks has no control over Stripe's use of cookies.
7.2 Google (OAuth)
If you use Google Sign-In, Google may set cookies during the authentication flow on Google's domain. These are governed by Google's Privacy Policy.
7.3 GitHub (OAuth)
If you use GitHub Sign-In, GitHub may set cookies during the authentication flow on GitHub's domain. These are governed by GitHub's Privacy Statement.
7.4 Social Media Platforms (Badge/Referral Sharing)
When you share your Badge or referral link to social media platforms (X/Twitter, LinkedIn, Facebook), those platforms may set their own cookies during the sharing process. These are governed by each platform's respective privacy policy.
8. How to Manage and Clear Browser Storage
8.1 Clearing Cookies
Google Chrome:
- Open Settings > Privacy and security > Cookies and other site data > See all cookies and site data
- Search for
prompt-skill.com - Select and delete the cookies
Mozilla Firefox:
- Open Settings > Privacy & Security > Cookies and Site Data > Manage Data
- Search for
prompt-skill.com - Select and remove
Safari:
- Safari > Settings > Privacy > Manage Website Data
- Find
prompt-skill.comand remove
Microsoft Edge:
- Open Settings > Cookies and site permissions > Manage and delete cookies and site data > See all cookies and site data
- Search for
prompt-skill.com - Select and delete
8.2 Clearing localStorage
Google Chrome:
- Open Developer Tools (F12 or Ctrl+Shift+I)
- Go to Application tab > Local Storage > select the PromptRanks domain
- Right-click and select Clear
Mozilla Firefox:
- Open Developer Tools (F12 or Ctrl+Shift+I)
- Go to Storage tab > Local Storage > select the PromptRanks domain
- Right-click and select Delete All
Safari:
- Open Web Inspector (Cmd+Option+I)
- Go to Storage tab > Local Storage
- Select and delete entries
Microsoft Edge:
- Open Developer Tools (F12 or Ctrl+Shift+I)
- Go to Application tab > Local Storage > select the PromptRanks domain
- Right-click and select Clear
8.3 Clearing sessionStorage
sessionStorage is automatically cleared when you close the browser tab. To clear it manually:
- Follow the same steps as above, but select Session Storage instead of Local Storage.
8.4 Clearing All Site Data
You can also clear all storage for the Platform at once:
Chrome/Edge: Settings > Privacy and security > Site Settings > View permissions and data stored across sites > find prompt-skill.com > Clear data
Firefox: Settings > Privacy & Security > Cookies and Site Data > Manage Data > find prompt-skill.com > Remove Selected
Safari: Safari > Settings > Privacy > Manage Website Data > find prompt-skill.com > Remove
8.5 Effect of Clearing Storage
Clearing cookies and browser storage will:
- Log you out of the Platform (Refresh Token cookie removed)
- Remove your referral attribution cookie (if any)
- Remove your anonymous session tracking
- Clear any pending assessment or subscription state
- Not affect your account data or Assessment results stored on our servers
9. Data Stored on Our Servers
This Policy covers only client-side cookies and browser storage. For information about data we store on our servers (such as your account details, Assessment results, payment records, referral data, and refresh token hashes), please refer to our Privacy Policy.
10. Changes to This Cookie Policy
We may update this Policy if we introduce new storage technologies or change how we use cookies and browser storage. We will notify you of material changes by:
- Posting the updated Policy on the Platform with a revised "Last Updated" date
- Sending email notification if we introduce non-essential cookies in the future
11. Contact Information
If you have questions about this Cookie Policy or our use of cookies and browser storage technologies, please contact us:
- Company: SCOPELABS PTE. LTD.
- Address: 2 Shenton Way, #15-04, SGX Centre I, Singapore 068804
- Email: admin@promptranks.org
- Website: https://app.prompt-skill.com
By using the PromptRanks Platform, you acknowledge that you have read and understand this Cookie Policy.