PII and Cookies

Names, emails, and IP addresses are the only personally identifiable information (PII) stored in the UserVoice database.

Cookies are required for normal operation of UserVoice; however, no PII is stored in any of the cookies that UserVoice uses:

Cookie Name Expiration Description
__utma, __utmb, __utmc, __utmz, __utmvvariesUsed by Google Analytics.
_session_idend of sessionUsed to track whether you‘re logged in or not. See below for more info.
_uservoice_tz90 daysYour time zone.
_uservoice_utcd6 monthsUsed for analytics tracking. More info below
_uservoice_uid8 weeksUsed to track logged-in state.
uvfend of sessionUsed to track if the user has been saved to the analytics backend.
uvts1 yearUsed to track user usage analytics.
__uvtend of sessionUsed to test whether cookies are enable.
_rfend of sessionUsed to determine if your information is up to date. It‘s usually just a number like 0 or 1.
auth_token1 yearUsed for “remember me” functionality to keep you logged in between sessions (i.e. closing and reopening your browser). Only appears if you log in and click the “Keep me logged in” link, or if you vote anonymously.

_session_id.

The _session_id is something that all apps use in order to determine if you‘re logged in and authorized to do logged-in actions. All apps that require authentication use some version of it. That‘s the reason for those "you have to enable cookies in order to use this site" sort of warnings. If you were to delete it you would be logged out. If you log back in, we put it back with another securely random number.

_uservoice_uid.

The _uservoice_uid works in conjunction with the _session_id to help us to verify the security of your session data. If you were to delete your _uservoice_uid it would reappear the next time you loaded the page as a logged-in user.

_uservoice_utcd.

_uservoice_utcd is another random session number. It‘s what we use to do analytics, like pageviews and such, so we can tie an anonymous user with an identifier. This exists so that it‘s not connected to your _session_id. Therefore, it‘s completely anonymous; we don‘t connect real user information with these utcds. It can be deleted at any time with no effect on your use of our app.