What is stored in your browser to keep sign-in and security working.
All cookies and similar technologies used by Watch are strictly necessary to deliver the service that you explicitly request. Under § 25 (2) No. 2 TDDDG, storage of and access to these cookies does not require consent.
The service does not set cookies for analytics, advertising, profiling, or A/B testing. No third-party tracker is loaded on normal pages.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
| __Secure-next-auth.session-token | Keeps you signed in after authentication. | Up to 30 days or until sign-out | This site (Auth.js)first-party |
| __Host-next-auth.csrf-token | Prevents cross-site request forgery on sign-in and sign-out. | Session | This site (Auth.js)first-party |
| __Secure-next-auth.callback-url | Remembers where to redirect you after a successful sign-in. | Session | This site (Auth.js)first-party |
Some interface preferences and transient form state may be kept in your browser's sessionStorage or localStorage for the lifetime of the tab or until sign-out. This data stays in the browser and is not transmitted to the server beyond what is needed to render the page you requested.
The sign-in page uses ALTCHA, a self-hosted proof-of-work challenge. It runs entirely between the browser and the operator's server, sets no cookies, and contacts no third party.
You can block or delete cookies in your browser. Because the cookies listed above are strictly necessary, blocking them will prevent sign-in and core parts of the app from working.
19 April 2026