1. Overview
This Cookie Policy explains how SourceHire uses cookies and similar technologies on our websites and Services. It is part of our Privacy Policy.
2. What Cookies Are
A cookie is a small text file that a website places on your device to remember information about your visit. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until they expire or you delete them).
3. How We Use Them
- Strictly necessary — to authenticate operator sessions and to keep you signed in as you move between admin console pages, and to remember your per-candidate unmask decisions during a review session.
- Security — to prevent CSRF attacks and to detect anomalous session activity.
- Functional — to remember your sidebar collapsed/expanded preference and your view-mode (Table/Cards) preference on the talent search.
We do not use cookies for analytics, advertising, retargeting, lookalike audiences, or any cross-context behavioral advertising purpose.
4. Cookie Inventory
authjs.session-token(session, HTTP-only, secure) — operator session token issued by Auth.js. Strictly necessary.__Secure-authjs.callback-url(session, HTTP-only) — auth callback URL. Strictly necessary.__Host-authjs.csrf-token(session, HTTP-only) — CSRF protection. Strictly necessary.unmask_<candidateId>(session) — per-candidate reviewer unmask flag. Strictly necessary.admin_sidebar_collapsed(persistent, localStorage) — your collapsed/expanded sidebar preference. Functional.
5. Third-Party Cookies
We do not embed third-party cookies, pixels, or trackers on the public site, the apply flow, or the candidate self-service surface. Where the Services link to a third-party site (e.g., a payment-processor checkout for Customer subscriptions), that third party may set its own cookies subject to its own policy.
6. Your Choices
You can configure your browser to block or delete cookies. Please note that blocking strictly necessary cookies may prevent you from using parts of the Services (in particular, you will not be able to maintain an authenticated operator session).
7. Global Privacy Control
We honor the Global Privacy Control (GPC) browser signal as a binding opt-out signal where applicable law treats it as one. Because we do not engage in “sale” or “sharing” (as defined by CCPA Cal. Civ. Code § 1798.140), receipt of a GPC signal does not change our processing posture in practice — but the signal is logged and respected.
8. Changes
We may update this Policy from time to time. The version and effective date appear at the top of this page. Material changes will be notified per the Privacy Policy.
9. Contact
Privacy: privacy@sourceunlimited.co