Learn how SecretCarousel uses cookies and similar technologies to provide, protect, and improve our secrets management platform.
This Cookie Policy explains how SecretCarousel, a division of Tyga.Cloud Ltd ("we", "us", or "our"), uses cookies and similar tracking technologies when you visit our website at secretcarousel.com and use our secrets management platform, including the dashboard and API services.
This policy should be read alongside our Privacy Policy and Terms of Service.
As a security-focused platform, we minimise cookie usage to what is strictly necessary for platform operation and your protection. We do not use cookies for advertising or cross-site tracking.
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work, work more efficiently, and provide reporting information.
Cookies set by the website owner (in this case, SecretCarousel) are called first-party cookies. Cookies set by parties other than the website owner are called third-party cookies. Third-party cookies enable features or functionality provided by external services (e.g., analytics).
We use cookies for the following purposes:
These cookies are essential for the operation of our platform. Without them, you would not be able to authenticate, access the dashboard, or manage your secrets securely. Because they are strictly necessary, they cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
sc_session |
Dashboard session identifier — maintains your authenticated state | Session |
sc_auth_token |
Authentication token for API key-based sessions | 24 hours |
sc_csrf |
CSRF token to protect against cross-site request forgery attacks | Session |
sc_tenant |
Tenant context identifier for multi-tenant environments | Session |
sc_secure_flag |
Security flag confirming secure connection status | Session |
All authentication cookies are set with HttpOnly, Secure, and SameSite=Strict flags to prevent cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. This is critical for a secrets management platform.
These cookies collect information about how you use our platform, such as which pages you visit most often and if you encounter any errors. This data helps us improve platform performance and reliability.
| Cookie | Purpose | Duration |
|---|---|---|
sc_analytics |
Anonymous platform usage analytics (pages visited, feature usage) | 30 days |
sc_perf |
API response time monitoring and performance metrics | 7 days |
These cookies enable enhanced functionality and personalisation of your dashboard experience. If you do not allow these cookies, some or all of these features may not function properly.
| Cookie | Purpose | Duration |
|---|---|---|
sc_theme |
Dashboard theme preference (light/dark mode) | 1 year |
sc_dash_prefs |
Dashboard layout and display preferences (sort order, view mode, collapsed panels) | 1 year |
sc_notify_prefs |
Notification preferences (rotation reminders, expiry alerts, share notifications) | 1 year |
sc_timezone |
Timezone preference for displaying audit log timestamps | 1 year |
As a secrets management platform, SecretCarousel uses specific cookies and token mechanisms related to API authentication, session management, and dashboard state. These are integral to the secure operation of the service.
When you authenticate via the dashboard or SDK, a session token is issued and stored as an HttpOnly cookie. This token:
The dashboard uses session cookies to maintain your authenticated state. Sessions are:
To provide a seamless experience, the dashboard stores non-sensitive interface preferences locally, including:
We minimise third-party cookie usage. The following third-party services may set cookies when you use our platform:
| Provider | Purpose | More Info |
|---|---|---|
| Google Fonts | Font delivery for the dashboard and marketing pages | Google Privacy Policy |
| Cloudflare | CDN delivery, DDoS protection, and security (when applicable) | Cloudflare Privacy Policy |
We do not use advertising cookies, social media tracking pixels, or any cross-site tracking technology.
You have several options for managing cookies:
Most web browsers allow you to control cookies through their settings. You can usually find these in the "Options" or "Preferences" menu of your browser. The following links may help:
You can update your cookie preferences at any time by clicking the button below. Note that strictly necessary cookies cannot be disabled as they are required for the platform to function securely.
Important: Disabling strictly necessary cookies will prevent you from authenticating and accessing the SecretCarousel dashboard. This includes session cookies, CSRF tokens, and authentication tokens. The platform cannot function without these cookies.
In addition to cookies, we may use the following similar technologies:
We do not use web beacons, pixel tags, or fingerprinting technologies.
If you are based in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding cookies and the personal data they process:
Strictly necessary cookies are processed under Article 6(1)(f) GDPR (legitimate interest) as they are required for the secure operation of the platform. Performance and functional cookies are processed with your consent under Article 6(1)(a) GDPR.
We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Effective" date at the top of this page and, where appropriate, notify you via the dashboard.
We encourage you to review this Cookie Policy periodically to stay informed about our use of cookies.
If you have any questions about our use of cookies or this Cookie Policy, please contact our Data Protection Officer:
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.