Source Unlimited

Cookie Policy

Version 1.0 · Effective April 25, 2026

Plain-language summary. We use a small number of first-party cookies for authentication and core functionality. We do not use advertising cookies, tracking pixels, third-party AdTech SDKs, or cross-context behavioral advertising. We honor Global Privacy Control signals.

1. Overview

This Cookie Policy explains how Source Unlimited uses cookies and similar technologies on our websites and Services. It is part of our Privacy Policy.

2. What Cookies Are

A cookie is a small text file that a website places on your device to remember information about your visit. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until they expire or you delete them).

3. How We Use Them

  • Strictly necessary — to authenticate operator sessions and to keep you signed in as you move between admin console pages, and to remember your per-candidate unmask decisions during a review session.
  • Security — to prevent CSRF attacks and to detect anomalous session activity.
  • Functional — to remember your sidebar collapsed/expanded preference and your view-mode (Table/Cards) preference on the talent search.

We do not use cookies for analytics, advertising, retargeting, lookalike audiences, or any cross-context behavioral advertising purpose.

4. Cookie Inventory

  • authjs.session-token (session, HTTP-only, secure) — operator session token issued by Auth.js. Strictly necessary.
  • __Secure-authjs.callback-url (session, HTTP-only) — auth callback URL. Strictly necessary.
  • __Host-authjs.csrf-token (session, HTTP-only) — CSRF protection. Strictly necessary.
  • unmask_<candidateId> (session) — per-candidate reviewer unmask flag. Strictly necessary.
  • admin_sidebar_collapsed (persistent, localStorage) — your collapsed/expanded sidebar preference. Functional.

5. Third-Party Cookies

We do not embed third-party cookies, pixels, or trackers on the public site, the apply flow, or the candidate self-service surface. Where the Services link to a third-party site (e.g., a payment-processor checkout for Customer subscriptions), that third party may set its own cookies subject to its own policy.

6. Your Choices

You can configure your browser to block or delete cookies. Please note that blocking strictly necessary cookies may prevent you from using parts of the Services (in particular, you will not be able to maintain an authenticated operator session).

7. Global Privacy Control

We honor the Global Privacy Control (GPC) browser signal as a binding opt-out signal where applicable law treats it as one. Because we do not engage in “sale” or “sharing” (as defined by CCPA Cal. Civ. Code § 1798.140), receipt of a GPC signal does not change our processing posture in practice — but the signal is logged and respected.

8. Changes

We may update this Policy from time to time. The version and effective date appear at the top of this page. Material changes will be notified per the Privacy Policy.

9. Contact

Privacy: privacy@sourceunlimited.co