Cookie Policy — AiTrackr

1. WHAT ARE COOKIES?

Cookies are small text files that a website places on your device when you visit. They are widely used to make websites work efficiently and to provide information to site owners. Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (stored for a defined period).

Cookies can be set by the website you are visiting ("first-party cookies") or by third-party services embedded in that website ("third-party cookies").

2. OUR APPROACH — NO TRACKING COOKIES

WE DO NOT USE:

✕ Google Analytics or any website analytics cookies
✕ Facebook Pixel or any social media tracking cookies
✕ Advertising or behavioural profiling cookies
✕ A/B testing or conversion tracking cookies
✕ Any cookies that track your activity across other websites

WE USE ONLY:

✓ Strictly necessary cookies for authentication and security
✓ Stripe cookies on checkout pages only (fraud prevention)

Because we use only strictly necessary cookies, we are not required to display a cookie consent banner under the ePrivacy Directive. However, we are providing this policy in full transparency so you understand exactly what is set on your device.

3. COOKIES WE USE

next-auth.session-tokenSTRICTLY_NECESSARY

PURPOSE: Maintains your authenticated session after sign-in. Without this cookie you would be signed out on every page load.

SET BY: 1st party (AiTrackr)

DURATION: 30 days

SECURITY: HttpOnly, Secure, SameSite=Lax

CONSENT REQUIRED: No

next-auth.csrf-tokenSTRICTLY_NECESSARY

PURPOSE: Cross-Site Request Forgery (CSRF) protection. Ensures that form submissions and API calls originate from our own pages, not from malicious third-party sites.

SET BY: 1st party (AiTrackr)

DURATION: Session (deleted when browser closes)

SECURITY: HttpOnly, SameSite=Lax

CONSENT REQUIRED: No

next-auth.callback-urlSTRICTLY_NECESSARY

PURPOSE: Stores the URL to redirect you back to after a successful sign-in (e.g., /dashboard). Only set during the sign-in flow.

SET BY: 1st party (AiTrackr)

DURATION: Session

SECURITY: SameSite=Lax

CONSENT REQUIRED: No

__stripe_midSTRICTLY_NECESSARY

PURPOSE: Set by Stripe on checkout pages only. Used by Stripe for fraud prevention and to maintain session integrity during payment processing. Not used for tracking.

SET BY: 3rd party (Stripe, Inc.)

DURATION: 1 year

SECURITY: SameSite=Strict

CONSENT REQUIRED: No (strictly necessary for payment processing)

__stripe_sidSTRICTLY_NECESSARY

PURPOSE: Set by Stripe on checkout pages only. Used by Stripe to identify the browsing session for fraud prevention. Not used for advertising or profiling.

SET BY: 3rd party (Stripe, Inc.)

DURATION: Session

SECURITY: SameSite=Strict

CONSENT REQUIRED: No (strictly necessary for payment processing)

4. LEGAL BASIS FOR COOKIES

Under the ePrivacy Directive and GDPR, cookies that are strictly necessary for a service explicitly requested by the user do not require prior consent. This exemption covers all cookies we set, as they are required solely for:

Providing the authenticated service you have signed up for (session management)
Protecting the security of your account and our systems (CSRF protection)
Processing a payment you have initiated (Stripe fraud prevention)

Legal basis under GDPR: Art. 6(1)(b) — Contract performance and Art. 6(1)(f) — Legitimate interests (security and fraud prevention).

5. THIRD-PARTY COOKIES (STRIPE)

Stripe cookies (__stripe_mid and __stripe_sid) are set only when you navigate to a checkout page to purchase a Pro subscription. They are not set on any other page of AiTrackr.

These cookies are subject to Stripe's own privacy policy: stripe.com/privacy

Stripe is certified under the EU–US Data Privacy Framework. Data processed by these cookies is used exclusively for fraud detection and payment integrity — not for advertising.

6. HOW TO MANAGE & DELETE COOKIES

You can control and delete cookies through your browser settings. Below are links to cookie management instructions for the most common browsers:

Chrome →Firefox →Safari →Edge →Opera →Brave →

⚠ Deleting the next-auth.session-token cookie will sign you out of AiTrackr. All other functionality will continue to work normally.

7. DO NOT TRACK

Some browsers transmit a "Do Not Track" (DNT) signal. Since we do not engage in cross-site tracking, behavioural advertising, or analytics, there is no meaningful change in our behaviour in response to a DNT signal. We do not track you regardless.

8. CHANGES TO THIS POLICY

We will update this Cookie Policy if we add new cookies or our use of cookies changes materially. Changes will be reflected in the "Last updated" date at the top. We will notify users of material changes via email.

9. CONTACT

For questions about cookies or this policy, contact: privacy@aitrackr.io

COOKIE_POLICY

1. WHAT ARE COOKIES?

2. OUR APPROACH — NO TRACKING COOKIES

3. COOKIES WE USE

4. LEGAL BASIS FOR COOKIES

5. THIRD-PARTY COOKIES (STRIPE)

6. HOW TO MANAGE & DELETE COOKIES

7. DO NOT TRACK

8. CHANGES TO THIS POLICY

9. CONTACT