Summary of Mullvads policies regarding data and storage of data:
- No logging - Please read our No-logging of user activity policy
- Cookies - Below (this document)
At Mullvad, we never store data that isn't absolutely necessary, and if it is, then only upon the active request of a customer. This choice is deeply rooted in our culture and tied to our belief that everyone has a right to privacy.
As a result, our website utilizes only the following few cookies, all of which are essential for us to provide certain services and created only if a user actively chooses that service:
- sessionid (expires after one hour) – is created when you log into an account and automatically logs you out after an hour
- language (expires when the browser window is closed) – is created when you choose a language preference for this website
- csrftoken (expires when the browser window is closed) – is created when you view almost any form on this website and prevents a malicious website from tricking you into submitting a POST request to us, otherwise known as cross-site request forgery
- __stripe_sid (expires after 30 minutes) – is implemented by Stripe and created when you proceed to the Stripe payment page
- __stripe_mid (expires after one year) – is implemented by Stripe and created when you proceed to the Stripe payment page.