AI CHAT CONCIERGE
// COOKIE POLICY · v1.0 · UPDATED 2026-07-11

Cookies, itemized.

Every cookie chatgenius.net sets, why it's set, how long it lasts, and how to turn each category off. If a cookie isn't listed here, it isn't set.

01

What cookies are

60-second primer.

02

Strictly necessary

Login, CSRF, bot protection. Always on.

03

Analytics (opt-in)

Anonymous visit stats via Plausible.

04

Marketing (opt-in)

We don't run any — yet.

05

Third-party

Cloudflare bot cookie, self-hosted fonts.

06

How to control

Banner + browser + this page.

// 01 — WHAT COOKIES ARE

A 60-second primer.

?

A cookie is a tiny text file

Websites store cookies in your browser to remember you between page loads. Some are essential (they keep you logged in). Some are optional (analytics, marketing). You control the optional ones via the banner on your first visit and via your browser settings anytime after.

// 02 — STRICTLY NECESSARY

Always on. The site breaks without these.

ESS

session_id

HTTP-only, encrypted, 12-hour expiry. Keeps you logged into your operator dashboard.

ESS

csrf_token

HTTP-only, session-scoped. Protects against cross-site request forgery attacks.

ESS

cg_consent

12 months. Records your cookie banner choices so we don't ask you again on every visit.

ESS

__cf_bm (Cloudflare)

30 minutes. Bot-management cookie set by our CDN. HTTP-only, essential for DDoS protection.

// 03 — ANALYTICS (OPT-IN)

Anonymous. Off by default.

OPT

Plausible Analytics

We use Plausible — a cookieless analytics platform. No cookies set, no personal data collected, no cross-site tracking. Aggregates page views per URL. If Plausible ever changes its stance and starts setting cookies, we'll list them here and re-prompt for consent.

// 04 — MARKETING (OPT-IN)

We don't run pixels.

X

No Facebook, Google Ads, or LinkedIn pixels

chatgenius.net does not currently run any third-party marketing pixels or ad trackers. If we ever start, it will be opt-in only, listed on this page, and re-consent will be triggered via the banner.

// 05 — THIRD-PARTY

What our sub-processors set (or don't).

3P

Fonts

Self-hosted. Space Grotesk, JetBrains Mono, Fraunces. No cookies, no third-party requests, no Google Fonts.

3P

Cloudflare

Sets __cf_bm for bot management. HTTP-only. Essential — no way to disable while retaining DDoS protection.

// 06 — HOW TO CONTROL

Three ways to say no.

A

In our banner

On first visit: [Accept all] · [Necessary only] · [Customize]. Choice remembered for 12 months. To reopen: click the "Cookies" link in the footer or the "Adjust preferences" button above.

B

In your browser

Every browser lets you view + delete cookies per site: Chrome → Settings → Privacy → Cookies; Safari → Preferences → Privacy; Firefox → Preferences → Privacy & Security. Deleting cg_consent re-triggers the banner on your next visit.

C

Global privacy signal

We respect the Global Privacy Control (GPC) header. If your browser sends it, we treat that as an opt-out from all non-essential categories automatically — no banner interaction required.

Questions about cookies?

privacy@ handles cookie questions — same team as the rest of the data flow. Response within 3 business days.