Copyright, privacy, terms, and cookies for cinrift.
A cookie is a small text file that a website asks your browser to store. Your browser then sends the cookie back on subsequent requests. Local storage and session storage are similar but live only inside your browser, are not sent on every HTTP request, and are not subject to the same browser limits as cookies.
We set three cookies, and only when you sign in or create an account. They are issued by the better-auth library and carry the prefix cinrift. (configured in src/lib/auth.ts). They are first-party, HTTP-only where the library supports it, and required for the sign-in flow to function.
cinrift.session_token — opaque session identifiercinrift.session_data — non-sensitive state that pairs with the session tokencinrift.csrf (or whatever name better-auth selects) — CSRF protection tokenThese cookies are removed when you sign out, or when they expire per better-auth's policy.
We use localStorage and sessionStorage to remember device-only state. None of this is sent to any server unless you are signed in and the corresponding sync route is hit. The complete list is below.
| Name | Purpose | Duration |
|---|---|---|
| cinrift.session_token First-party HTTP cookie · necessary | Session identifier issued by the better-auth library on sign-in. Required to keep you signed in across page loads. | Session, renewed on each successful sign-in. |
| cinrift.session_data First-party HTTP cookie · necessary | Companion cookie to cinrift.session_token. Holds non-sensitive state needed by better-auth's session validation. | Session, renewed on each successful sign-in. |
| cinrift.csrf / similar First-party HTTP cookie · necessary | CSRF protection token issued by better-auth for state-changing requests. | Session. |
| Name | Purpose | Duration |
|---|---|---|
| cinrift_vid localStorage | Visitor ID. A random UUID generated on first visit. Used to attribute pageviews and play events across sessions on the same browser. Sent to /api/events and /api/heartbeat. | Until you clear site data or the key is removed. |
| cinrift_session_id localStorage | Sync session ID sent in the x-session-id header to /api/watchlist and /api/progress so the server can mirror the device watchlist and progress. | Until you clear site data. |
| cinrift_watchlist localStorage | The titles on your watchlist. Synced to D1 when you are signed in. | Until you clear site data. |
| cinrift_progress localStorage | Per-title watch progress (percent, current time, duration). Synced to D1 when you are signed in. | Until you clear site data. |
| cinrift_history localStorage | Device-only history of titles you have opened. | Until you clear site data. |
| cinrift_home_data localStorage | Cached home-page payload so a hard refresh shows something before the server returns. | Up to 30 minutes, keyed by a version stamp. |
| cinrift_analytics_optout localStorage | Manual analytics opt-out flag. When set to "true", /api/events is bypassed for the current device. | Until you clear site data. |
| cinrift_last_source localStorage | Cached UTM / click-id attribution payload. Mirrored to the D1 attribution table on the first pageview. | Until you clear site data. |
| cinrift_synced localStorage | Per-device flag that the one-time device-to-account sync has already run, so we do not re-upload the entire local watchlist on every page load. | Until you clear site data. |
| Name | Purpose | Duration |
|---|---|---|
| cinrift_session sessionStorage | Tab-scoped session ID. Regenerated when the browser tab is closed. | Until the tab is closed. |
| cinrift_ads_hidden sessionStorage | Per-tab Ad-Free toggle. When "true", the Monetag ad script is not loaded on this tab. | Until the tab is closed. |
| cinrift_logo_cache sessionStorage | Cached TMDB network/streaming-service logos used on the home page. Cleared when the tab closes. | Until the tab is closed. |
| cinrift_provider_ranking sessionStorage | Per-tab reliability ranking of the third-party embed providers based on the user's own success/failure history. | Until the tab is closed. |
| sf_movie_<id> / sf_tv_<id> sessionStorage | Per-title preferred embed source, so the player remembers your last choice for a given show or movie within the session. | Until the tab is closed. |
| tmdb:<path> sessionStorage | In-tab cache of TMDB proxy responses to avoid re-fetching the same metadata within the same session. | Up to 30 minutes per key. |
| Name | Purpose | Duration |
|---|---|---|
| Monetag (al5sm.com) cookies and storage Third-party cookies / localStorage | When ads are not suppressed, the al5sm.com script (zone 11094537) may set cookies or use local storage on your device to select and serve ads, and to measure impressions. The Monetag privacy policy governs that data. | Per Monetag. |
When you press play, the page loads a third-party embed frame. The operator of that embed domain may set cookies or storage on your device. We do not control what they set. The same applies when the Monetag ad script is allowed to load; the ad provider may set cookies and local storage to select and measure ads.
You can suppress the Monetag script on a per-tab basis with the "Ad-Free" toggle in the top-right of the site.
package.json for future use but the current wrapper in src/lib/sentry.ts only writes to the console.You can clear everything cinrift has set in your browser settings. Doing so will sign you out and remove your device-only watchlist, progress, and history. If you have an account, the server-side copy in D1 is unaffected and will re-sync on next sign-in.
Common browsers expose a "Clear site data" or "Cookies and other site data" option. Select cinrift.me (or cinrift.pages.dev for the preview environment) and clear.
We honor the Do Not Track header and the Global Privacy Control signal. If either is set in your browser, we do not write to the events D1 table for the current session.
Email cinrift@gmail.com with any question about this page.