Cookie Policy

This page lists every cookie this site sets and explains why. We split them into strictly necessary (always set, you cannot turn them off without breaking sign-in) and analytics (only set after you click Accept on the cookie banner).

Strictly necessary

• authjs.session-token - signed JWT for your active session. Created when you sign in, removed when you sign out, expires after 30 days of inactivity.
• authjs.csrf-token - protects sign-in forms against cross-site request forgery.
• authjs.callback-url - remembers where to send you after you complete sign-in.
• ga_consent- records whether you Accepted or Declined analytics so we don't keep asking. Expires after 1 year.
• ga-theme (localStorage, not technically a cookie) - your dark/light mode preference. Never sent to our server.
• crisp-client/session/* - set by the Crisp live chat widget so your support conversation continues across page loads. Only created once you actually open the chat. Removed by clearing your site cookies.

Analytics (only after you Accept)

If you click Accept on the cookie banner, we load Google Analytics 4 to measure aggregate page views and feature adoption. We do NOT enable any of GA's advertising features, demographics, or remarketing.

• _ga - GA4 client identifier. 2-year expiry.
• _ga_CC7HKZ3BDP - GA4 session identifier for this property. 2-year expiry.

What we do NOT use

• Ad retargeting pixels (no Meta Pixel, no Google Ads conversion)
• Cross-site tracking identifiers
• Session replay tools (no Hotjar, FullStory, etc.)
• Heatmap or scroll-depth tools

How to change your mind

Clear the ga_consentcookie for this domain in your browser (Settings > Privacy > Cookies) and refresh - the banner will reappear and you can re-choose. Blocking all third-party cookies in your browser also prevents Google Analytics from loading even if you previously accepted.

Questions

Email support@getautomator.com.