COOKIE POLICY - nself-org/nchat GitHub Wiki
Effective Date: [INSERT DATE] Last Updated: [INSERT DATE]
This Cookie Policy explains how [YOUR COMPANY NAME] ("Company", "we", "our", "us") uses cookies and similar tracking technologies on the nself-chat application (the "Service").
By using the Service, you consent to the use of cookies as described in this policy. For more information about how we handle your personal data, please see our Privacy Policy.
IMPORTANT: This is a template cookie policy that must be customized for your specific use case. Please consult with legal counsel before publishing this document. Replace all [PLACEHOLDERS] with your actual information.
Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit a website or use an application. Cookies allow the website/application to recognize your device and remember information about your visit.
- Session Cookies: Temporary cookies deleted when you close your browser
- Persistent Cookies: Remain on your device for a set period or until manually deleted
- First-Party Cookies: Set by the Service you're visiting
- Third-Party Cookies: Set by external services (e.g., analytics, advertising)
We use the following types of cookies on the Service:
These cookies are essential for the Service to function and cannot be disabled.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
session_token |
User authentication and session management | Session | First-party |
jwt_token |
Stores JSON Web Token for API authentication | 7 days | First-party |
csrf_token |
Cross-Site Request Forgery protection | Session | First-party |
cookie_consent |
Stores your cookie consent preferences | 1 year | First-party |
Legal Basis: These cookies are necessary to perform the contract (Terms of Service) and provide the Service.
These cookies remember your preferences and settings to enhance your experience.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
theme_preference |
Remembers your light/dark mode preference | 1 year | First-party |
language |
Stores your preferred language | 1 year | First-party |
sidebar_state |
Remembers sidebar collapsed/expanded state | 1 year | First-party |
notification_settings |
Stores notification preferences | 1 year | First-party |
Legal Basis: Consent (optional cookies that improve user experience).
These cookies help us understand how users interact with the Service to improve performance and features.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
_ga |
Google Analytics - Distinguishes users | 2 years | Third-party (Google) |
_gid |
Google Analytics - Distinguishes users | 24 hours | Third-party (Google) |
_gat |
Google Analytics - Throttles request rate | 1 minute | Third-party (Google) |
sentry_session |
Sentry - Error tracking and performance monitoring | Session | Third-party (Sentry) |
Legal Basis: Consent (you can opt out of analytics cookies).
Third-Party Privacy Policies:
- Google Analytics: https://policies.google.com/privacy
- Sentry: https://sentry.io/privacy/
We DO NOT currently use marketing or advertising cookies. If we introduce them in the future, we will update this policy and seek your consent.
In addition to cookies, we use the following tracking technologies:
We use browser local storage to:
- Cache application configuration for faster loading
- Store user preferences offline
- Enable offline functionality
Data Stored:
-
app-config: Application configuration and settings -
user-preferences: User-specific preferences -
theme-config: Theme and color settings
We use session storage for:
- Temporary state management during your session
- Form data preservation (to prevent data loss)
We may use web beacons in emails to:
- Track email open rates (transactional emails)
- Measure email campaign effectiveness (marketing emails, with consent)
We collect limited device information for:
- Fraud prevention and security
- Analytics and error tracking
Information Collected:
- Browser type and version
- Operating system
- Screen resolution
- Timezone
- Language preferences
- IP address (anonymized for analytics)
We use cookies for the following purposes:
- Authenticate users and maintain login sessions
- Protect against Cross-Site Request Forgery (CSRF) attacks
- Detect and prevent fraud and abuse
- Enable two-factor authentication (2FA)
- Remember your settings and preferences (theme, language, layout)
- Provide personalized content and features
- Enable offline functionality
- Restore your session after disconnection
- Understand how users interact with the Service
- Identify performance issues and errors
- Monitor application health and uptime
- Conduct A/B testing to improve features
- Track email delivery and engagement (for transactional emails)
- Provide targeted support based on your usage patterns
Some cookies are set by third-party services we use:
Google Analytics (if enabled)
- Purpose: Website traffic and user behavior analysis
-
Cookies:
_ga,_gid,_gat - Privacy Policy: https://policies.google.com/privacy
- Opt-Out: https://tools.google.com/dlpage/gaoptout
Sentry
- Purpose: Error tracking and performance monitoring
-
Cookies:
sentry_session - Privacy Policy: https://sentry.io/privacy/
- Data Processing: Sentry is our data processor and operates under a Data Processing Agreement (DPA)
When you authenticate using third-party services (Google, GitHub, etc.), those services may set their own cookies. We do not control these cookies. Refer to their privacy policies:
- Google: https://policies.google.com/privacy
- GitHub: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
- Microsoft: https://privacy.microsoft.com/en-us/privacystatement
We use a CDN to deliver static assets (images, scripts, stylesheets) faster. The CDN may set cookies for performance optimization.
You have several options to manage cookies:
When you first visit the Service, you'll see a cookie consent banner that allows you to:
- Accept all cookies
- Reject non-essential cookies
- Customize your cookie preferences
You can change your preferences at any time through:
- In-App Settings: Account Settings > Privacy & Cookies
- Footer Link: "Cookie Settings" link in the footer
You can configure your browser to:
- Block all cookies
- Accept only first-party cookies
- Delete cookies when you close the browser
- Notify you before accepting cookies
How to Manage Cookies in Popular Browsers:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Cookies and website data
- Edge: Settings > Cookies and site permissions > Manage and delete cookies
Important: Blocking essential cookies may prevent you from using the Service.
You can opt out of certain third-party cookies using:
- Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative: https://www.networkadvertising.org/choices/
- Digital Advertising Alliance: https://www.aboutads.info/choices/
- European Interactive Digital Advertising Alliance: https://www.youronlinechoices.eu/
Some browsers support a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals, as there is no industry-wide standard for compliance.
On mobile devices, you can:
- iOS: Settings > Privacy > Tracking > "Allow Apps to Request to Track"
- Android: Settings > Google > Ads > "Opt out of Ads Personalization"
Under the General Data Protection Regulation (GDPR), we obtain consent for non-essential cookies.
Legal Basis for Cookies:
- Strictly Necessary: Legitimate interest / Contractual necessity
- Functional: Consent (opt-in)
- Analytics: Consent (opt-in)
- Marketing: Consent (opt-in, if applicable)
Your Rights:
- Withdraw consent at any time
- Object to processing based on legitimate interests
- Request deletion of data collected via cookies
Under the Privacy and Electronic Communications Regulations (PECR), we comply with cookie consent requirements for UK users.
We comply with the EU ePrivacy Directive (Cookie Law) by:
- Providing clear information about cookies
- Obtaining consent before setting non-essential cookies
- Allowing users to withdraw consent
Under the California Consumer Privacy Act (CCPA), cookies may be considered "personal information." You have the right to:
- Know what cookies are used and for what purpose
- Opt out of the "sale" of personal information (we do NOT sell data)
- Request deletion of data collected via cookies
We comply with cookie and privacy laws in all jurisdictions where we operate.
Cookie data is protected using:
- Secure Flag: Cookies transmitted only over HTTPS
- HttpOnly Flag: Prevents JavaScript access to sensitive cookies
- SameSite Attribute: Protects against CSRF attacks
- Encryption: Authentication tokens are encrypted
Despite these measures, no method of transmission over the Internet is 100% secure.
Cookies are retained for the following periods:
| Cookie Type | Retention Period | Reason |
|---|---|---|
| Session cookies | Until browser closes | Authentication and security |
| Authentication tokens | 7 days | User convenience (remember login) |
| Preference cookies | 1 year | User experience |
| Analytics cookies | 2 years (Google) | Compliance with analytics provider |
| Consent preferences | 1 year | Record of consent |
After expiration, cookies are automatically deleted by your browser.
The Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly use cookies to collect data from children. If you believe a child has provided data via cookies, contact us at [[email protected]].
We may update this Cookie Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
For material changes, we will:
- Notify you via email (if you have provided one)
- Display a prominent notice in the Service
- Re-prompt you for consent (for cookie preference changes)
Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.
If you have questions about this Cookie Policy or our use of cookies, please contact us:
[YOUR COMPANY NAME] Address: [INSERT PHYSICAL ADDRESS] Email: [[email protected]] Support: [[email protected]] Phone: [INSERT PHONE NUMBER]
Name: [INSERT DPO NAME] Email: [[email protected]]
| Cookie Name | Category | Purpose | Duration | Domain | Third-Party |
|---|---|---|---|---|---|
session_token |
Essential | Authentication | Session | [yourdomain.com] | No |
jwt_token |
Essential | API auth | 7 days | [yourdomain.com] | No |
csrf_token |
Essential | CSRF protection | Session | [yourdomain.com] | No |
cookie_consent |
Essential | Consent record | 1 year | [yourdomain.com] | No |
theme_preference |
Functional | Theme setting | 1 year | [yourdomain.com] | No |
language |
Functional | Language | 1 year | [yourdomain.com] | No |
sidebar_state |
Functional | UI state | 1 year | [yourdomain.com] | No |
notification_settings |
Functional | Notifications | 1 year | [yourdomain.com] | No |
_ga |
Analytics | User analytics | 2 years | [.yourdomain.com] | Yes (Google) |
_gid |
Analytics | User analytics | 24 hours | [.yourdomain.com] | Yes (Google) |
_gat |
Analytics | Rate limiting | 1 minute | [.yourdomain.com] | Yes (Google) |
sentry_session |
Analytics | Error tracking | Session | [yourdomain.com] | Yes (Sentry) |
| Storage Key | Purpose | Data Type | Sensitive? |
|---|---|---|---|
app-config |
App configuration | JSON object | No |
user-preferences |
User preferences | JSON object | No |
theme-config |
Theme settings | JSON object | No |
draft-messages |
Message drafts | String | Yes (cleared on send) |
- Cookie: Small text file stored on your device by a website
- Session Cookie: Temporary cookie deleted when you close your browser
- Persistent Cookie: Cookie that remains on your device for a set period
- First-Party Cookie: Cookie set by the website you're visiting
- Third-Party Cookie: Cookie set by an external service (e.g., analytics)
- HttpOnly: Cookie flag that prevents JavaScript access
- Secure: Cookie flag that requires HTTPS transmission
- SameSite: Cookie attribute that prevents CSRF attacks
- Local Storage: Browser storage mechanism for larger data (not cookies)
- Session Storage: Temporary browser storage (cleared when tab closes)
- Web Beacon (Pixel): Tiny image used to track email opens or page views
- Device Fingerprinting: Collecting device characteristics for identification
- User visits the Service for the first time
- Cookie consent banner appears
- Only essential cookies are set
- User chooses: Accept All, Reject Non-Essential, or Customize
- User clicks "Accept All"
- All cookies (essential, functional, analytics) are enabled
- Consent is recorded in
cookie_consentcookie - Banner is hidden
- User clicks "Reject Non-Essential"
- Only essential cookies are enabled
- Consent preference is recorded
- Banner is hidden
- User clicks "Customize" or "Cookie Settings"
- Modal opens with granular options:
- Essential (always on, grayed out)
- Functional (toggle)
- Analytics (toggle)
- Marketing (toggle, if applicable)
- User saves preferences
- Selected cookies are enabled
- Consent is recorded
- User can access cookie settings via:
- Account Settings > Privacy & Cookies
- Footer link "Cookie Settings"
- Preference changes apply immediately
- Updated consent is recorded
This is a template document. Consult with legal counsel to ensure compliance with applicable laws in your jurisdiction.
Document Version: 1.0 Template Created: January 31, 2026 Last Reviewed: [INSERT DATE]