Cookie policy summary

The categories

We use cookies in three buckets:

1. Strictly necessary. Authentication, CSRF protection, your active workspace. Cannot be disabled without breaking the app.
2. Functional. Theme preference, dismiss state for banners, language. Improve experience; the app works without them.
3. Analytics. Aggregate usage metrics. Help us improve. Opt-out friendly.

We do NOT use:

• Advertising / targeting cookies. Zero, anywhere on the product.
• Cross-site tracking. No third-party trackers inside the dashboard.
• Session-replay tools. No FullStory / Hotjar / similar.

The specific cookies

Name	Category	Purpose	Lifetime
__session	Necessary	Authenticated session	14 days
__csrf	Necessary	CSRF token for form posts	Session
aid:active_org	Necessary	Which workspace is currently selected	30 days
aid:theme	Functional	Light / dark / system preference	365 days
aid:trial-banner-dismissed-v1	Functional	Don't re-show a dismissed trial banner	30 days
aid:cookie-consent	Functional	Your cookie preferences	365 days
aid:analytics	Analytics	Anonymised session token	90 days

The cookie names use the aid: prefix consistently. Anything else in your browser claiming to be ours isn't.

Where consent lives

On first visit, EU / EEA / UK visitors see a consent banner. Choices:

• Accept all — necessary + functional + analytics.
• Reject non-essential — only necessary.
• Manage — granular toggles per category.

The selection is stored in aid:cookie-consent and respected on every subsequent visit. Change it any time via Settings → Privacy → Cookies.

Non-EU visitors see a simpler notice (a footer link to this page) and analytics defaults to on; you can opt out at any time via the same setting.

Local storage vs. cookies

Some preferences (e.g. UI state, recently-viewed entities, search history in docs) live in localStorage, not cookies. localStorage is per-origin and never transmitted with HTTP requests. It's not "tracking" in the cookie sense, but we list it here for transparency:

• aid:recently-viewed — list of recently-opened entities for the command palette.
• aid:docs-recent-searches — your last few docs searches (for autocomplete).
• aid:editor-draft-cache — local autosave for the content editor.

All localStorage data stays on your device; we never read it server-side.

Disabling per category

Settings → Privacy → Cookies has toggles. Disabling necessary cookies is not possible (the app stops working). Disabling functional cookies means dismissed banners re-appear, themes reset, etc. Disabling analytics is fully supported and has no impact on app functionality.

Browser-level controls

You can also block cookies at the browser level. Doing so is equivalent to disabling all categories, including necessary, and the app will refuse to load.

For analytics-only blocking, configure your browser's "block third-party cookies" to also block first-party analytics (some browsers offer this; Firefox's Enhanced Tracking Protection at "Strict" does). Or use the in-app toggle above.

Third parties

The dashboard itself loads zero third-party cookies. The marketing site (/, /pricing, etc.) may load:

• Embedded Stripe Checkout (when you're on the pricing page) — drops Stripe cookies.
• YouTube embeds (when you press play on a video) — YouTube's cookies after click.

Neither runs without your explicit action (clicking to checkout or pressing play).

Sub-processors

For analytics, we use a privacy-friendly analytics provider that doesn't share data with third parties. See /legal/subprocessors for the current list.

See also

• GDPR — your data rights more broadly.
• CCPA — California-specific rights.
• Security — how we handle data we DO collect.