Cookie Policy

We keep cookie use minimal. Essential cookies keep you signed in and the Service running. Any optional cookies we add in the future will be set only with your consent, controlled through the banner and the Manage cookies link.

Last updated 22 April 2026Version 1.0

1. What cookies are

Cookies are small text files a website asks your browser to store. They are sent back on later requests so the server can recognise your session. “Similar technologies” — including localStorage, sessionStorage, and IndexedDB — work in the same way for privacy purposes and are covered by this Policy where we use them.

2. Categories

Under the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive, cookies fall into two buckets:

Strictly necessary. Cookies required for the Service you have asked for — authentication, session, security. These are set without consent.
Everything else. Preference, analytics, marketing, advertising. These require your prior informed consent.

3. Cookies we currently use

Name	Category	Purpose	Party	Retention
`next-auth.session-token` or `__Secure-next-auth.session-token`	Strictly necessary	Keeps you signed in. The cookie is HttpOnly and signed. If you sign out or it expires, you are logged out.	First-party	Session or up to 30 days
`next-auth.csrf-token` or `__Host-next-auth.csrf-token`	Strictly necessary	Cross-site request forgery protection for sign-in and credential flows.	First-party	Session
`next-auth.callback-url`	Strictly necessary	Returns you to the page you were visiting after sign-in.	First-party	Session
`scenecrew_imp`	Strictly necessary	Admin-only impersonation cookie used during customer-support sessions; audit-logged.	First-party	1 hour
`sc_2fa_pending`	Strictly necessary	Short-lived token issued between password entry and 2FA code entry.	First-party	10 minutes
`sc_consent`	Strictly necessary	Records your choice from the cookie banner so we do not ask every visit.	First-party	12 months

We also use the browser's localStorage to record the same consent choice under the key sc-cookie-consent-v1. That is functionally equivalent to a cookie and is covered by this Policy.

We do not currently run any analytics or marketing cookies. If we add any, this page will be updated and the consent banner will appear again asking for your explicit opt-in.

4. Payment and subscription pages

Our checkout uses Stripe. When you are in the checkout flow, Stripe may set its own cookies to process the payment, prevent fraud, and remember a session. Stripe's cookie policy explains those cookies in detail: stripe.com/legal/cookies-policy. Those cookies are strictly necessary for the payment you have asked us to process.

5. Third-party providers during AI generation

When your browser downloads or streams an Output that is hosted by an AI Provider (for example a video file), the Provider may see the request metadata in line with its own policies. We avoid third-party cookies on our own pages.

6. How to manage cookies

Our banner. Click Manage cookies in the footer to reopen the banner and change your choice at any time.
Browser controls. Every modern browser lets you block or delete cookies site-by-site and clear localStorage. Blocking our strictly-necessary cookies will break sign-in.
Sign out. Clears the session cookie immediately.

7. Do Not Track and Global Privacy Control

Because the law does not yet prescribe how services should respond to the “Do Not Track” signal, we do not respond to it. We will honour the Global Privacy Control signal as a do-not-sell/share signal for US residents whose state law recognises it, because we already do not sell or share personal data for advertising purposes.

8. Changes

We will update this Policy to reflect changes in the cookies we use. Material changes (for example, introducing a new category of cookie) will be accompanied by a fresh consent request.