Cookies, itemized.
Every cookie chatgenius.net sets, why it's set, how long it lasts, and how to turn each category off. If a cookie isn't listed here, it isn't set.
What cookies are
60-second primer.
Strictly necessary
Login, CSRF, bot protection. Always on.
Analytics (opt-in)
Anonymous visit stats via Plausible.
Marketing (opt-in)
We don't run any — yet.
Third-party
Cloudflare bot cookie, self-hosted fonts.
How to control
Banner + browser + this page.
A 60-second primer.
A cookie is a tiny text file
Websites store cookies in your browser to remember you between page loads. Some are essential (they keep you logged in). Some are optional (analytics, marketing). You control the optional ones via the banner on your first visit and via your browser settings anytime after.
Always on. The site breaks without these.
session_id
HTTP-only, encrypted, 12-hour expiry. Keeps you logged into your operator dashboard.
csrf_token
HTTP-only, session-scoped. Protects against cross-site request forgery attacks.
cg_consent
12 months. Records your cookie banner choices so we don't ask you again on every visit.
__cf_bm (Cloudflare)
30 minutes. Bot-management cookie set by our CDN. HTTP-only, essential for DDoS protection.
Anonymous. Off by default.
Plausible Analytics
We use Plausible — a cookieless analytics platform. No cookies set, no personal data collected, no cross-site tracking. Aggregates page views per URL. If Plausible ever changes its stance and starts setting cookies, we'll list them here and re-prompt for consent.
We don't run pixels.
No Facebook, Google Ads, or LinkedIn pixels
chatgenius.net does not currently run any third-party marketing pixels or ad trackers. If we ever start, it will be opt-in only, listed on this page, and re-consent will be triggered via the banner.
What our sub-processors set (or don't).
Fonts
Self-hosted. Space Grotesk, JetBrains Mono, Fraunces. No cookies, no third-party requests, no Google Fonts.
Cloudflare
Sets __cf_bm for bot management. HTTP-only. Essential — no way to disable while retaining DDoS protection.
Three ways to say no.
In our banner
On first visit: [Accept all] · [Necessary only] · [Customize]. Choice remembered for 12 months. To reopen: click the "Cookies" link in the footer or the "Adjust preferences" button above.
In your browser
Every browser lets you view + delete cookies per site: Chrome → Settings → Privacy → Cookies; Safari → Preferences → Privacy; Firefox → Preferences → Privacy & Security. Deleting cg_consent re-triggers the banner on your next visit.
Global privacy signal
We respect the Global Privacy Control (GPC) header. If your browser sends it, we treat that as an opt-out from all non-essential categories automatically — no banner interaction required.
Questions about cookies?
privacy@ handles cookie questions — same team as the rest of the data flow. Response within 3 business days.