Scopeslab β€” Cookie Policy

Last Updated: April 23, 2026

Effective Date: April 23, 2026

This Cookie Policy explains how Scopeslab uses cookies and similar tracking technologies when you use our Platform. This Policy forms part of our Terms of Use and should be read alongside our Privacy Policy.

1. What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, to provide a better browsing experience, and to supply information to website owners.

1.1 Types of Technologies We Use

Technology Description
First-Party Cookies Set by Scopeslab directly when you use the Platform.
Third-Party Cookies Set by third-party services integrated with our Platform (e.g., payment processing, authentication).
Session Cookies Temporary cookies that expire when you close your browser.
Persistent Cookies Cookies that remain on your device for a set period or until manually deleted.
Local Storage Browser-based storage (localStorage, sessionStorage) used for session data and preferences.

2. How We Use Cookies

2.1 Categories of Cookies

We classify cookies into the following categories:

Category Purpose Can Be Disabled?
Strictly Necessary Essential for the Platform to function; cannot be disabled. No
Functional Enable enhanced functionality and personalization. Yes
Analytics Help us understand how Users interact with the Platform. Yes
Third-Party Set by external services integrated with the Platform (payment, authentication, monitoring). Yes (where not essential)

3. Detailed Cookie Information

3.1 Strictly Necessary Cookies

These cookies are essential for the operation of the Platform. Without them, you would not be able to use core features such as authentication, session management, and secure payment processing.

Cookie Name Provider Type Duration Purpose
session_id Scopeslab First-Party / Session Session (expires with browser) Identifies your guest session for Steps 1–8 analysis pipeline. Stores analysis progress and data temporarily.
access_token Scopeslab First-Party / Session 24 hours JWT authentication token for registered user sessions. Required for API access (Steps 9–12).
refresh_token Scopeslab First-Party / Persistent 7 days JWT refresh token to maintain authenticated sessions without repeated login.
csrf_token Scopeslab First-Party / Session Session Cross-Site Request Forgery protection token for form submissions.
guest_analysis_count Scopeslab First-Party / Session 7 days (matches guest session TTL) Tracks the number of analyses performed in a guest session (limited to 1 per session).
rate_limit_tracker Scopeslab First-Party / Persistent 24 hours (resets at UTC midnight) Tracks daily analysis count for rate limiting (Free: 5/day; Paid: 50/day).

3.2 Functional Cookies

These cookies enable enhanced functionality and remember your preferences.

Cookie Name Provider Type Duration Purpose
preferred_language Scopeslab First-Party / Persistent 1 year Reserved for future use (Platform currently English-only).
onboarding_state Scopeslab First-Party / Session Session Remembers your progress in the 12-step analysis pipeline so you can resume where you left off.
email_capture_dismissed Scopeslab First-Party / Session Session Remembers that you have dismissed the email capture banner during Step 2 analysis.
theme_preference Scopeslab First-Party / Persistent 1 year Stores your display theme preference (if applicable).

3.3 Analytics Cookies

These cookies help us understand how Users interact with the Platform so we can improve our services.

Cookie Name Provider Type Duration Purpose
_ga Google Analytics First-Party / Persistent 2 years Used to distinguish Users in analytics reporting. Generates a random anonymized identifier.
_ga_[ID] Google Analytics First-Party / Persistent 2 years Maintains session state for analytics.
_gid Google Analytics First-Party / Persistent 24 hours Used to distinguish Users in analytics (short-term).
_gat Google Analytics First-Party / Persistent 1 minute Used to throttle analytics request rate.

Note: We use Google Analytics with IP anonymization enabled. Analytics data is used solely to understand usage patterns and improve the Platform. We do not share analytics data with third-party advertising networks. Data is processed under Google's data processing agreement.

3.4 Third-Party Cookies

These cookies are set by third-party services integrated with our Platform.

3.4.1 Stripe (Payment Processing)

Cookie Name Provider Type Duration Purpose
__stripe_mid Stripe Third-Party / Persistent 1 year Fraud prevention and payment security.
__stripe_sid Stripe Third-Party / Persistent 30 minutes Payment session management.
stripe_csrf Stripe Third-Party / Session Session Security token for payment processing.

Legal Basis: Contractual necessity (payment processing). Privacy Policy: https://stripe.com/privacy

3.4.2 Google OAuth (SSO Authentication)

Cookie Name Provider Type Duration Purpose
g_state Google Third-Party / Persistent 2 years Google sign-in session state.
NID / SID Google Third-Party / Persistent 2 years Google authentication session.
APISID / HSID / SSID Google Third-Party / Persistent 2 years Google account security and session management.

Legal Basis: Contractual necessity (authentication). Privacy Policy: https://policies.google.com/privacy

3.4.3 Sentry (Error Monitoring)

Cookie Name Provider Type Duration Purpose
Sentry-related cookies Sentry Third-Party / Session Session Error tracking and debugging (no personal data collected).

Legal Basis: Legitimate interest (platform stability and security). Privacy Policy: https://sentry.io/privacy/

4. Local Storage Usage

In addition to cookies, the Platform uses browser Local Storage and Session Storage for the following purposes:

Storage Key Storage Type Duration Purpose
guest_project_data LocalStorage 7 days Stores temporary guest project data (Steps 1–8) for offline recovery. Cleared upon guest session expiration or account conversion.
analysis_step_progress SessionStorage Session Tracks current position in the 12-step analysis pipeline during a browser session.
form_draft_data SessionStorage Session Temporarily saves in-progress form data (clarification answers, persona edits) to prevent data loss.
ui_preferences LocalStorage Persistent Stores user interface preferences (collapsed sections, sorting preferences).
notification_state LocalStorage Persistent Tracks which notifications have been dismissed.

5. How to Manage Cookies

5.1 Cookie Consent

When you first visit the Platform, we present a cookie consent banner that allows you to:

  • Accept all cookies β€” Enable all categories of cookies.
  • Accept necessary only β€” Enable only strictly necessary cookies.
  • Customize preferences β€” Choose which categories to enable or disable.

Your preferences are stored and respected across sessions.

5.2 Browser Settings

You can also manage cookies through your browser settings. Here's how for common browsers:

Browser Instructions
Google Chrome Settings > Privacy and Security > Cookies and other site data
Mozilla Firefox Settings > Privacy & Security > Cookies and Site Data
Microsoft Edge Settings > Cookies and site permissions > Manage and delete cookies
Safari (macOS) Preferences > Privacy > Manage Website Data
Safari (iOS) Settings > Safari > Block All Cookies

5.3 Disabling Cookies

  • Strictly Necessary cookies cannot be disabled β€” They are required for the Platform to function correctly.
  • Disabling Functional cookies may result in a less personalized experience (e.g., you will need to re-enter preferences each session).
  • Disabling Analytics cookies will not affect your ability to use the Platform, but it will limit our ability to improve the service based on usage patterns.
  • Disabling Third-Party cookies may affect certain features, such as Google SSO login and Stripe payment processing.

5.4 Opt-Out Links for Third Parties

Third Party Opt-Out Mechanism
Google Analytics https://tools.google.com/dlpage/gaoptout
Google (Privacy) https://policies.google.com/technologies/cookies
Stripe Cookies are essential for payment processing and cannot be opted out independently.
Google (SSO) Manage at https://myaccount.google.com/privacy

6. Cookie Duration

6.1 Summary

Category Typical Duration Auto-Expiry
Session Cookies Until browser is closed Yes
Authentication Tokens 24 hours (access) / 7 days (refresh) Yes
Guest Session Data 7 days Yes
Rate Limit Tracking 24 hours (UTC midnight reset) Yes
Functional Preferences Up to 1 year Yes
Analytics Identifiers Up to 2 years Yes
Third-Party (Stripe) 30 minutes β€” 1 year Yes
Third-Party (Google) Up to 2 years Yes

6.2 Guest Session Expiration

  • Guest session cookies and local storage data expire automatically after 7 days.
  • After expiration, all guest session data is deleted from our servers and from your browser.
  • Creating an account converts guest data to permanent user data.

7. Do Not Track (DNT)

Some browsers support a "Do Not Track" (DNT) feature that signals to websites that you do not wish to be tracked. There is currently no industry consensus on how to interpret DNT signals. We respond to DNT signals as follows:

  • Analytics cookies: If DNT is enabled and you have not explicitly consented to analytics cookies, we will not set analytics cookies.
  • Strictly Necessary cookies: DNT does not affect strictly necessary cookies, as they are essential for Platform operation.
  • Third-party cookies: Third parties may have their own DNT policies. Please refer to their privacy policies.

8. Cookie Updates

We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for legal, regulatory, or operational reasons. Material changes will be communicated via:

  • Updated "Last Updated" date at the top of this Policy.
  • A prominent notice on the Platform.
  • Re-requesting cookie consent where legally required.

9. Contact Us

If you have any questions about our use of cookies or this Cookie Policy, please contact us:

This Cookie Policy was last updated on April 23, 2026.