Necessary cookies
These are required for the service to function. They are set whether or not you accept the analytics tier. You can still clear them through your browser settings — doing so will sign you out and reset the nav state.
| Name | Purpose | Lifetime |
|---|---|---|
access_token | Signed authentication token. Identifies you between requests. Set by the auth backend on a successful magic-link consume. | 7 days |
refresh_token | Renews your access token without re-prompting for a magic link while you are active. | 14 days |
userName | Display name (the local part of your email) so the topbar can greet you without round-tripping to the API on every page. | 7 days |
email | Your email address — kept client-side only as a UI hint, mirrors the value already in the signed token. | 7 days |
role_hint | Cached role for nav rendering only — never authoritative; the `_hint` suffix flags this. The server re-checks role on every protected request. | 7 days |
Local storage
One value is stored as a regular browser localStorage entry rather than a cookie, because it never needs to be sent to the server.
| Name | Purpose | Lifetime |
|---|---|---|
tf_cookie_consent | Records whether you chose "Only necessary" or "Accept all" in the cookie banner. | Until you clear site data |
Analytics (with your consent)
Set only if you choose Accept all in the cookie banner. Choosing Only necessary skips them entirely, and choosing them now does not retroactively affect prior visits.
| Name | Purpose | Lifetime |
|---|---|---|
_tf_visitor | Anonymous per-browser pseudo-id. Used to deduplicate page views when analytics is enabled. Not linked to your account. | 1 year |
Managing your choices
You can change your decision at any time:
- Clear the
tf_cookie_consententry from your browser's site data and reload the page. The banner reappears. - Clear all site data to remove the analytics cookie as well as the consent record. Sign-in cookies will also be cleared, so you will need to sign in again with a new magic link.
A self-service preferences panel is on the roadmap. Until it ships, the browser-level controls above are the way to revoke or change consent.
Third parties
TaleForks does not embed third-party trackers, advertising pixels, or social-network buttons on the site. The fonts (Fraunces, Newsreader, IBM Plex Mono) are served from Google Fonts; the request includes only the font file URL and standard browser headers, and Google Fonts state they do not set cookies on the requesting page.