Last updated: April 19, 2026
This policy explains how Shiken Lab (“we”, “us”) uses cookies and similar technologies on shikenlab.com, in accordance with the EU ePrivacy Directive and GDPR.
Cookies are small text files placed on your device by a website. They allow the site to remember information about your visit — such as whether you are logged in — between page loads. Cookies are not programs and cannot carry viruses or access files on your device.
We use strictly necessary cookies only. These cookies are essential for the Service to function and cannot be switched off without breaking core features. Under GDPR, strictly necessary cookies do not require your consent.
| Cookie name | Purpose | Duration | Type |
|---|---|---|---|
| auth_token | Keeps you signed in. Contains a signed JWT identifying your account. | 7 days | Session / Auth |
| oauth_state | CSRF protection during Google OAuth sign-in flow. Deleted immediately after sign-in. | 10 minutes | Security |
Both cookies are marked HttpOnly (cannot be read by JavaScript) and are only transmitted over HTTPS.
We do not use advertising, analytics, or social media tracking cookies. However, third-party services we load may set their own cookies or use browser storage:
| Service | When used | What it may store | Their policy |
|---|---|---|---|
| Cloudflare Turnstile | Sign-up page only | Ephemeral challenge token; may set a short-lived cookie for bot detection | Privacy policy ↗ |
| Google OAuth | When you click "Continue with Google" | Google manages its own session cookies; we only receive your profile data | Privacy policy ↗ |
These third-party cookies are only loaded when you actively interact with those features (signing up or clicking “Continue with Google”). Browsing the rest of the site does not trigger them.
We do not use Google Analytics, Meta Pixel, or any other analytics or advertising platform. We have no interest in tracking your browsing behaviour for commercial purposes.
Our first-party cookies (auth_token, oauth_state) are set on the legal basis of legitimate interest and contract performance — they are required to provide the authentication service you have requested. Because they are strictly necessary, consent is not required under Article 5(3) of the ePrivacy Directive.
Third-party cookies from Cloudflare and Google are processed under those companies’ own legal bases and policies (typically legitimate interest for security, or consent where required in your jurisdiction). You can avoid these by not using Google sign-in and by creating an account with email/password instead.
You can control cookies through your browser settings. Note that disabling cookies will prevent you from staying signed in. Here are links to cookie settings for common browsers:
To delete only our cookies, you can sign out of your account (which clears auth_token) or clear site data for shikenlab.com in your browser’s developer tools.
We may update this Cookie Policy to reflect changes in technology or law. The “Last updated” date at the top will always show when the current version was published.
Questions about our use of cookies? Email us at privacy@shikenlab.com.