Cookie Policy

Effective Date: October 23, 2025

Last Updated: October 23, 2025

1. What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. They help websites remember information about your visit, such as your preferences and login status.

This Cookie Policy explains what cookies we use, why we use them, and how you can manage your cookie preferences.

2. How We Use Cookies

We use cookies to:

• Keep you logged in to your account
• Remember your preferences and settings
• Maintain your session during voice conversations
• Understand how you use the Service (with your consent)
• Improve the security and performance of our Service

3. Types of Cookies We Use

3.1 Essential Cookies (Required)

These cookies are necessary for the Service to function and cannot be disabled. Without these cookies, you cannot use the Service.

Cookie Name	Purpose	Duration
sb-access-token	Authentication - Keeps you logged in	Session / 7 days
sb-refresh-token	Authentication - Refreshes your session	30 days
session-id	Session management - Tracks your current session	Session
tenant-context	Multi-tenancy - Identifies which organization you're using	Session
csrf-token	Security - Protects against cross-site request forgery attacks	Session

Legal Basis: Essential cookies are necessary for the performance of our contract with you (providing the Service you requested).

3.2 Analytics Cookies (Optional)

These cookies help us understand how users interact with the Service. They collect anonymous, aggregated data that cannot be used to identify you personally.

We only use analytics cookies if you consent.

Service	Purpose	Duration	Privacy-Friendly?
Umami Analytics	Usage statistics, page views, feature engagement	24 hours	✅ Yes - No personal data, GDPR compliant, no tracking across sites

What Umami Collects (with your consent):

• Page views and navigation patterns
• Device type (desktop, mobile, tablet)
• Browser type (Chrome, Safari, Firefox, etc.)
• General location (country level only, no precise geolocation)
• Referral source (how you found us)

What Umami Does NOT Collect:

• Personal information (name, email, etc.)
• IP addresses (anonymized)
• Conversation content
• Cross-site tracking data
• Fingerprinting data

Legal Basis: Your explicit consent, which you can withdraw at any time.

3.3 Cookies We Do NOT Use

To respect your privacy, we DO NOT use:

• ❌ Advertising Cookies: We don't show ads or use advertising networks
• ❌ Third-Party Tracking: No Facebook Pixel, Google Ads, or similar tracking
• ❌ Social Media Cookies: No social media tracking pixels
• ❌ Marketing Cookies: No marketing automation or retargeting
• ❌ Fingerprinting: No device or browser fingerprinting

4. Third-Party Cookies

Our Service uses the following third-party services that may set cookies:

4.1 Supabase (Authentication & Database)

Supabase sets authentication cookies to keep you logged in. These are essential for the Service to function.

• Purpose: Secure authentication and session management
• Privacy Policy: https://supabase.com/privacy

4.2 Vercel (Hosting)

Vercel may set cookies for performance optimization and security.

• Purpose: Content delivery, security, and performance
• Privacy Policy: https://vercel.com/legal/privacy-policy

4.3 Umami Analytics (Optional)

Only if you consent to analytics, Umami sets a session cookie.

• Purpose: Privacy-friendly usage analytics
• Privacy Policy: https://umami.is/privacy

5. Managing Your Cookie Preferences

5.1 Through Our Service

You can manage your cookie preferences at any time:

1. Log in to your account
2. Go to Settings → Legal & Cookies
3. Toggle analytics cookies on or off

Note: Disabling essential cookies will prevent you from using the Service.

5.2 Through Your Browser

You can also control cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Safari: Preferences → Privacy → Manage Website Data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Edge: Settings → Cookies and site permissions → Manage and delete cookies

Browser options:

• Block all cookies (will break the Service)
• Block third-party cookies only (recommended)
• Delete cookies after each session
• Allow only specific sites to set cookies

Learn more about managing cookies:

• www.allaboutcookies.org
• www.youronlinechoices.com

5.3 Do Not Track

We respect "Do Not Track" (DNT) browser signals. If you enable DNT, we will:

• Disable all analytics cookies automatically
• Not track your usage patterns
• Continue to provide full Service functionality with essential cookies only

6. What Happens If You Disable Cookies?

6.1 Essential Cookies Disabled

If you disable essential cookies, you cannot use the Service. You will not be able to:

• Log in to your account
• Maintain sessions during conversations
• Access any features requiring authentication

6.2 Analytics Cookies Disabled

If you disable analytics cookies (or use Do Not Track), the Service continues to work perfectly. The only difference:

• We won't know which features are most popular
• We won't see aggregate usage patterns to improve the Service
• You'll have slightly faster page loads (fewer scripts running)

7. How Long Do Cookies Last?

We use two types of cookies based on duration:

7.1 Session Cookies

These cookies are temporary and expire when you close your browser. They're used for:

• Maintaining your login session
• Tracking conversation state
• Security and CSRF protection

7.2 Persistent Cookies

These cookies remain on your device for a set period (up to 30 days). They're used for:

• Keeping you logged in across sessions ("Remember Me")
• Remembering your preferences

You can delete persistent cookies at any time through your browser settings.

8. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us with personal information through cookies, please contact us immediately.

9. International Users

If you're in the European Economic Area (EEA) or other regions with strict cookie laws:

• We obtain explicit consent before setting non-essential cookies
• You can withdraw consent at any time through settings
• Essential cookies are exempt from consent requirements (legitimate interest)
• We comply with the EU ePrivacy Directive and GDPR

10. Changes to This Cookie Policy

We may update this Cookie Policy from time to time. Changes will be communicated through:

• Email notification (for significant changes)
• In-app notification
• Updated "Last Modified" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the updated Cookie Policy.

11. Your Rights

Under GDPR and other privacy laws, you have the right to:

• Know: What cookies we use and why
• Control: Accept or reject non-essential cookies
• Withdraw: Remove consent at any time
• Access: See what data cookies have collected
• Delete: Remove cookies from your device

12. Contact Us

For questions about cookies or to exercise your rights:

• Email: privacy@[DOMAIN].com
• Cookie Settings: Available in your account settings
• Mail: [Physical Address]

We will respond to your inquiry within 30 days.

---

This Cookie Policy is designed to comply with the EU ePrivacy Directive, GDPR, CCPA, and other applicable laws. We are committed to transparency about how cookies are used on our Service.