Legal
StormView Cookies Policy
Last updated: June 2026
1. What Are Cookies?
Cookies are small text files and similar technologies that are stored on or accessed from your device when you use a website or application. They help a service recognise your browser or device and support features such as authentication, security, and session continuity.
2. How StormView Uses Cookies
StormView application code does not set its own cookies. In the hosted production service,
Microsoft Azure's platform-managed authentication layer (Easy Auth) may set strictly
necessary security cookies as part of the sign-in flow. Protection against
cross-site request forgery (CSRF) is enforced through HTTP request headers
(such as Sec-Fetch-Site, Origin, and X-Requested-With)
rather than a cookie token — no CSRF cookie is issued. StormView is a restricted-access
informational application and is not designed around advertising or social-media tracking.
3. Strictly Necessary Cookies
The table below lists the platform-managed cookies observed in the hosted sign-in flow. StormView application code does not issue these cookies directly; they are set by Microsoft Azure's Easy Auth layer.
| Cookie | Source / Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| Nonce | Microsoft (Azure Easy Auth) | Short-lived security token set at the start of the OAuth sign-in redirect to prevent replay attacks. Cleared after authentication completes. | Strictly Necessary | Short-lived (sign-in flow only) |
| AppServiceAuthSession | Microsoft (Azure Easy Auth) | Maintains the authenticated session after sign-in completes so the browser can continue to access protected pages without repeating the login flow on each request. | Strictly Necessary | Session |
4. Third-Party Services and Resources
StormView loads resources from the following third-party services. These requests may expose technical data such as your IP address and browser information to those providers in accordance with their own policies.
- Microsoft (Azure Easy Auth / Microsoft Entra ID) — when you sign in, your browser is redirected to Microsoft's identity platform to complete authentication. During this process, Microsoft sets platform-managed cookies used first for the temporary sign-in handshake and then for the authenticated browser session, as described in section 3 above. See the Microsoft Privacy Statement.
-
Mapbox — when you open the map view on a job result page, Mapbox GL JS
and related assets are loaded from Mapbox's servers (
api.mapbox.com). The application also permits connections toevents.mapbox.com, so Mapbox may also make additional requests in accordance with its own policies. See the Mapbox Privacy Policy. -
Google Fonts — a fallback font (Inter) is currently loaded from
fonts.googleapis.comandfonts.gstatic.comon every page. When this stylesheet is requested, Google may receive technical request data such as your IP address and browser information. See the Google Privacy Policy. -
Tailwind CSS CDN — the application's styling framework is loaded from
the script at
cdn.tailwindcss.comon every page. As with any CDN-hosted resource, the provider may receive standard technical request metadata. -
Cloudflare — when you access StormView over the internet, traffic is
routed through Cloudflare, which provides edge security (web application firewall),
content delivery, and TLS termination, and runs a lightweight, cookieless
web-analytics beacon (
static.cloudflareinsights.com). In doing so, Cloudflare may process technical request data such as your IP address, request headers, and browser information in accordance with its own policies. See the Cloudflare Privacy Policy.
5. What StormView Does Not Currently Use
StormView does not set advertising, marketing, or social-media tracking cookies, and does not use cookies for profiling or behavioural advertising. StormView's own application code sets no cookies of any kind.
StormView does not operate its own analytics-cookie stack. Cloudflare's cookieless edge web-analytics beacon described in Section 4 may be used for aggregate traffic and performance measurement, not for profiling or advertising. Third-party resources described in Section 4, including Mapbox, may also process technical or usage telemetry under their own policies.
6. Managing Cookies
You may be able to control cookies through your browser settings. However, if you block or clear strictly necessary cookies used by StormView, you may be unable to sign in, maintain an authenticated session, or use some or all of the service.
7. Changes to This Policy
We may update this Cookies Policy from time to time. The "Last updated" date shown on this page indicates when this version was last revised.
8. Contact
StormView is operated by Peak Reinsurance Company Limited. Questions about this Cookies Policy or StormView's use of cookies and similar technologies are handled by the StormView project team at [email protected].