Cookie & Local Storage Policy

Last updated: March 27, 2026

Overview

The AI Check ("AIC") uses a minimal cookie and local storage footprint consistent with our zero-knowledge, privacy-first architecture. Under the EU ePrivacy Directive, regulations apply not only to HTTP cookies but to all forms of client-side storage. This policy covers cookies, localStorage, sessionStorage, and Chrome extension storage used by AIC. We do not use advertising cookies, third-party tracking pixels, Google Analytics, or any advertising technology.

Cookies We Use

CookieSet ByPurposeTypeDurationConsent Required?
sb-*-auth-tokenSupabaseAuthentication session — keeps you logged inStrictly necessarySession / 1 weekNo
sb-*-auth-token-code-verifierSupabasePKCE verifier for OAuth authentication flowStrictly necessarySessionNo

Dashboard Local Storage

The AIC dashboard (app.theaicheck.com) uses your browser's localStorage and sessionStorage for strictly necessary functions related to the zero-knowledge encryption service:

Storage KeyTypePurposeConsent Required?
aic_master_keysessionStorageDerived encryption key for vault decrypt/encrypt — cleared on tab closeNo (strictly necessary)
sb-*-auth-tokenlocalStorageSupabase auth session persistence (mirrors the HTTP cookie)No (strictly necessary)
aic_themelocalStorageUser's dark/light mode preferenceNo (strictly necessary for UI)

No plaintext chat content, API keys, or personally identifiable information is stored in localStorage or sessionStorage. Encryption keys held in sessionStorage are derived cryptographic material, not your master password, and are automatically cleared when you close the browser tab.

Universal Bridge Extension Storage

The Universal Bridge Chrome extension uses Chrome's isolated extension storage (chrome.storage.local) to operate. This storage is sandboxed by Chrome and is not accessible to websites or other extensions.

Storage Key PatternPurposeContains PII?
aic_cmd_*Sync trigger commands from the dashboard to scrapersNo
aic_status_*Scraper progress and status per platformNo
aic_logDiagnostic log entries for debugging sync issuesNo
aic_scraped_*Temporarily cached scraped conversation data before encryption and uploadYes — plaintext chat content held temporarily until encrypted and uploaded, then deleted

Scraped conversation data is held in extension storage only for the duration of the sync operation. Once encrypted and uploaded to your vault, the temporary plaintext data is deleted from extension storage. The extension does not retain plaintext chat content after a sync completes.

Analytics

We use Plausible Analytics, a privacy-first analytics service based in the European Union. Plausible:

  • Does not use cookies.
  • Does not collect personally identifiable information.
  • Does not use fingerprinting or any cross-site tracking.
  • Collects only anonymized, aggregate page view data (page URL, referrer, browser type, country).
  • Is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent.

What We Do NOT Use

  • No advertising cookies or tracking pixels.
  • No Google Analytics, Facebook/Meta Pixel, or any advertising network.
  • No cross-site tracking of any kind.
  • No cookie consent management platform (CMP) — our footprint is small enough that a full CMP would be architecturally inconsistent with our privacy-first posture.

CDN and Edge Cookies

AIC is hosted on Vercel. Vercel's edge network may set minimal operational cookies for load balancing and security. These are strictly necessary and do not require consent. If our hosting infrastructure changes, this section will be updated.

Cookie Banner

Because AIC uses only strictly necessary cookies and a cookie-free analytics service, we do not display a cookie consent banner. If our cookie usage changes in the future, we will implement appropriate consent mechanisms and update this policy.

Changes to This Policy

If we add any new cookies or change our analytics provider, we will update this page and provide notice as described in our Privacy Policy.

Contact

If you have questions about our cookie practices, contact us at [email protected].

This document was last updated on March 27, 2026. It is a pre-launch draft and will be reviewed by legal counsel before becoming effective.