1. What is a cookie?
A cookie is a small text file stored on your device by your browser. We also use related technologies: local storage (for your browser-side keypair and theme preference) and session storage (for short-lived navigation state).
2. Cookies we use
2.1 Essential — no consent required
These cookies are required to deliver the service. Disabling them breaks core functionality (sign-in, paid features, security).
| Cookie | Purpose | Expiry |
|---|---|---|
__Host-authjs.session-token | NextAuth session — keeps you signed in | 30 days (refresh on activity) |
__Host-authjs.csrf-token | NextAuth CSRF protection | Session |
__Secure-authjs.callback-url | OAuth redirect target after sign-in | 1 hour |
genzagents_session_id | Analytics session identity (server-side; not used for marketing) | 30 minutes idle |
theme | Your dark / light mode preference (localStorage, not a cookie) | Until cleared |
2.2 Optional — consent required (off by default)
| Cookie | Purpose | Expiry |
|---|---|---|
_ga / _ga_* | Google Analytics 4 — page views, traffic sources. Anonymised; IP truncated. | 13 months |
genzagents_consent | Remembers your cookie-banner decision so we don't ask every visit | 12 months |
Google Analytics is only loaded after you opt in via the cookie banner. We do not use Google Ads, Facebook Pixel, LinkedIn Insights, or any advertising network.
3. Third-party cookies
The following third parties may set cookies on our behalf:
- Google (Google Analytics 4) — only after consent
- Stripe — only on checkout pages, for fraud prevention. Set when you initiate a payment, removed after.
- OAuth providers (Google, Microsoft, GitHub) — only on the sign-in page during the OAuth handshake. Cleared immediately after the redirect back to our domain.
4. Your choices
You can manage cookie preferences via the banner shown on your first visit, or by clicking "Cookie preferences" in the footer of any page.
You can also:
- Block all non-essential cookies in your browser settings
- Clear all cookies and start fresh
- Use private / incognito mode (cookies don't persist between sessions)
Blocking essential cookies will break sign-in. We're not able to provide the Service without them.
5. Do Not Track
We honour the Do Not Track HTTP header — if your browser sends it, we will not load Google Analytics on your visits even if you previously consented. We don't set any other cookies that the DNT header could affect.
6. Changes
We may update this policy if we add or remove technologies. The effective date at the top reflects the current version. We notify you of material changes 30 days in advance via email.
7. Contact
Privacy / cookies questions: hello@genzagents.io. See also our Privacy Policy for the broader data-protection framework.