LEGAL · COOKIE POLICY
Cookie Policy
Effective date: 2026-01-01 · Last updated: 2026-05-09
What we use
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
pythorix_session | Authenticated session token (HttpOnly, Secure in production, SameSite=Lax) | Strictly necessary | 24h sliding |
pythorix_oauth_state | CSRF state token for Google OAuth flow | Strictly necessary | 10 min |
pythorix_oauth_nonce | OIDC replay-protection nonce | Strictly necessary | 10 min |
localStorage (technically not a cookie, but commonly grouped):
| Key | Purpose | Lifetime |
|---|---|---|
sentinel_token | JWT access token (used by API client) | Until logout / 24h expiry |
pythorix_org_id | Currently selected organisation | Persistent until cleared |
What we don't use
- Third-party advertising / tracking cookies on app pages.
- Cross-site identifiers.
- Marketing pixels on authenticated pages.
Analytics on marketing pages
Marketing pages (Home, Features, Pricing, Docs, etc.) may use anonymous analytics to measure visit → signup conversion. We do not use this data to identify individuals. See Privacy Policy for details.
Your choices
- You can clear cookies via your browser settings; this signs you out.
- You can use Pythorix in a private / incognito window — auth still works for the session duration.
- Strictly necessary cookies cannot be disabled without breaking sign-in.
Changes
We'll update this page when our cookie usage changes.