airmy.dev/legal/cookie-policy

/ Legal

Cookie Policy

Last updated: 1 March 2026
Version 1.4
Summary
AIRMY uses a small number of strictly necessary cookies to operate the platform, plus optional analytics and marketing cookies that require your consent. We do not sell data collected via cookies to third parties. You can change your cookie preferences at any time using the button in the footer. This policy explains every cookie we set, why, and how to control them.

1. Introduction

This Cookie Policy explains how AIRMY Technologies, Inc. ("AIRMY", "we", "us", or "our") uses cookies and similar tracking technologies when you visit airmy.dev and related subdomains, or when you use the AIRMY dashboard, API, or any other AIRMY-operated digital service (collectively, the "Service").

This policy should be read alongside our Privacy Policy, which provides broader context about how we handle personal data. Where there is a conflict between the two, the Privacy Policy prevails for matters of personal data protection.

We are required to obtain your consent before placing non-essential cookies on your device. We do this through a cookie consent banner that appears on your first visit. You may withdraw or change your consent at any time.

2. What Are Cookies & Similar Technologies

2.1 Cookies

A cookie is a small text file placed on your device by a website you visit. Cookies allow the website to recognise your device on subsequent visits and store small amounts of information — such as your preferences, session state, or a unique identifier. Cookies can be session cookies (deleted when you close your browser) or persistent cookies (stored until they expire or you delete them).

2.2 Local Storage & Session Storage

Local Storage and Session Storage are browser-based key-value stores. Unlike cookies, they are not sent to the server with every HTTP request. We use localStorage in limited cases (e.g., to store user interface preferences) and note where this occurs in the inventory below.

2.3 Pixel Tags & Web Beacons

A pixel tag (also known as a web beacon or clear GIF) is a tiny, typically invisible image embedded in a web page or email. When your browser or email client loads the image, it makes a request to a server, which can record information such as your IP address, browser type, and whether you opened an email. We use pixel tags sparingly and only with consent where required.

2.4 Fingerprinting

AIRMY does not use browser fingerprinting or any technique that attempts to identify or track you based on a combination of device attributes without your knowledge.

3. How We Use Cookies

We classify our use of cookies into five categories, each serving a distinct operational or business purpose:

3.1 Strictly Necessary

These cookies are essential for the Service to function. Without them, you cannot log in, navigate the dashboard, or use any secure features. They do not require your consent under the ePrivacy Directive because they are necessary to fulfil a service you have explicitly requested. They include session management, CSRF protection, and rate-limiting tokens.

3.2 Functional (Preference)

Functional cookies remember choices you make — such as your preferred UI layout, recently visited agents, or language settings — so you do not have to reconfigure the Service every time you visit. Disabling these cookies means the Service will not remember your preferences between sessions.

3.3 Analytics & Performance

Analytics cookies help us understand how visitors interact with the Service so we can improve it. We use Plausible Analytics, which is privacy-friendly and cookie-free (it uses a daily-rotating hash rather than persistent identifiers). Where we do set analytics storage (e.g., Sentry for error tracking), we only do so after obtaining your consent. We use this data in aggregate to identify performance bottlenecks and usage patterns.

3.4 Marketing & Targeting

Marketing cookies are placed by us or third-party advertising partners to deliver relevant advertising, measure the effectiveness of campaigns, and understand which channels bring users to AIRMY. These cookies are only set after you give explicit consent. You can decline or withdraw consent at any time.

3.5 Third-Party Strictly Necessary

Some third-party services that are integral to the operation of the platform — notably our payment processor, Stripe — set their own strictly necessary cookies for fraud prevention and security purposes. These are not controlled by AIRMY, but we document them here for full transparency.

4. Cookie Inventory

The table below lists every cookie (or storage entry) set by AIRMY or by third parties we embed. We review this inventory quarterly; last reviewed 1 March 2026.

NameCategoryPurposeDurationProvider / Domain
Strictly Necessary
airmy_sessionNecessaryMaintains your authenticated session. Contains an encrypted reference to your server-side session record; no personal data is stored in the cookie value itself.Session (deleted on browser close)airmy.dev
_csrf_tokenNecessaryCross-Site Request Forgery protection token. Paired with a per-form hidden field to prevent malicious sites from submitting requests on your behalf.Sessionairmy.dev
airmy_authNecessaryStores a short-lived refresh token that allows seamless re-authentication without requiring you to log in on every visit. The token is rotated on each use.14 daysairmy.dev
cookie_consentNecessaryRecords your cookie consent choices (accepted/declined categories and the timestamp) so we do not show the consent banner on every page load.12 monthsairmy.dev
airmy_ratelimitNecessaryA server-set token used to enforce per-user API rate limits on the public API gateway. Prevents abuse without requiring a full server-side session lookup on every call.1 hourapi.airmy.dev
Functional (Preference)
airmy_prefsFunctionalStores dashboard preferences including notification settings, default agent sort order, and table column visibility configuration.12 monthsairmy.dev
airmy_layoutFunctionalRemembers your preferred UI layout mode (compact / comfortable / spacious) and sidebar collapsed/expanded state.6 monthsairmy.dev
airmy_recentFunctionalStores a list of recently accessed agents and deployment configurations (up to 10 items) to populate the "Recently used" quick-access panel.30 daysairmy.dev
Analytics & Performance
No cookie — localStorage onlyAnalyticsPlausible Analytics — our primary analytics provider. Plausible is cookie-free and does not use persistent identifiers. Page views are counted using a daily-rotating hash of IP + User-Agent. No personal data leaves your browser in a persistent form. No consent is required for Plausible. See Plausible's data policy.N/A — session onlyplausible.io
sentry-scAnalyticsSentry error and performance monitoring. This cookie stores a Sentry session ID used to correlate client-side JavaScript errors and performance traces across page navigations within a single browser session. Only set when analytics cookies are accepted.Sessionsentry.io
localStorage: airmy_perfAnalyticsInternal performance beacon. Stores timing data (page load, LCP, FID, CLS) locally and batches it for periodic upload to our telemetry endpoint. Used to monitor real-user performance. Data is anonymised before transmission. Only active when analytics cookies are accepted.Session (cleared on tab close)telemetry.airmy.dev
Marketing & Targeting
_seg_idMarketingSegment customer data platform. Assigns an anonymous visitor ID to stitch together browsing events (page views, sign-up button clicks, pricing page visits) for funnel analysis and personalised onboarding messages. Only set with marketing consent.1 yearsegment.io / airmy.dev
li_fat_idMarketingLinkedIn Insight Tag — measures conversions from LinkedIn ad campaigns and enables retargeting audiences on LinkedIn. Only set if you have given marketing consent. LinkedIn acts as an independent data controller for data collected through this tag.30 dayslinkedin.com
Third-Party Strictly Necessary (Stripe)
__stripe_midNecessaryStripe fraud prevention. Identifies the device/browser combination to help Stripe's fraud-detection systems distinguish legitimate transactions from potentially fraudulent ones. Required for payment processing.1 yearstripe.com
__stripe_sidNecessaryStripe session identifier. Maintains continuity of the payment session during the checkout flow. Without this cookie, card payments cannot be processed securely.30 minutesstripe.com

5. Third-Party Services & Their Policies

When third-party code runs on our pages, those providers may set their own cookies subject to their own privacy policies. The table below lists the third-party services embedded in our Service, their purpose, and where you can read their privacy/cookie policies.

ServicePurposeConsent required?Policy
StripePayment processing and fraud preventionNo — strictly necessarystripe.com/privacy
Plausible AnalyticsCookie-free website analyticsNo — cookie-freeplausible.io/privacy
SentryError monitoring and performance tracingYes — analytics consentsentry.io/privacy
SegmentCustomer data platform, funnel analyticsYes — marketing consenttwilio.com/legal/privacy
LinkedIn InsightAd conversion measurement and retargetingYes — marketing consentlinkedin.com/legal/privacy
Note
Third-party providers operate as independent data controllers for data they collect through their own tools. AIRMY is not responsible for the practices of these third parties; please review their policies directly for details of how they use data.

6.1 How the Consent Banner Works

When you visit airmy.dev for the first time (or after clearing your cookies), a consent banner appears at the bottom of the screen. The banner presents three options:

  • Accept all — enables strictly necessary, functional, analytics, and marketing cookies.
  • Reject non-essential — enables strictly necessary cookies only; functional, analytics, and marketing cookies are not set.
  • Manage preferences — opens a preference centre where you can toggle each category individually.

Your choice is saved in the cookie_consent cookie for 12 months. If you do not interact with the banner, only strictly necessary cookies are set.

6.2 Changing Your Preferences

You can change your cookie preferences at any time by clicking "Manage cookie preferences" in the footer of any page on airmy.dev. This reopens the preference centre and allows you to change, add, or withdraw consent for any category. Changes take effect immediately; analytics or marketing scripts that were previously loaded will be stopped on subsequent page loads.

6.3 Withdrawing Consent

Withdrawing consent does not affect the lawfulness of any processing that occurred before withdrawal. It also has no effect on strictly necessary cookies, which do not require consent. After withdrawal, the relevant third-party scripts will not be loaded on your next visit.

6.4 Consent Records

We store a timestamped record of each consent event (the choices made, the version of the cookie policy at the time, and the approximate date) for our compliance records. This data is processed on the basis of our legal obligation to demonstrate consent under the GDPR.

7. Managing Cookies in Your Browser

In addition to our preference centre, you can control and delete cookies through your browser settings. Note that blocking all cookies — including strictly necessary ones — will prevent the Service from functioning correctly. Instructions for the most common browsers are below.

7.1 Google Chrome

  1. Open Chrome and click the three-dot menu () in the top-right corner.
  2. Select Settings → Privacy and security → Cookies and other site data.
  3. Choose your preferred setting, or click See all site data and permissions to manage cookies for individual sites.
  4. To delete existing cookies: Settings → Privacy and security → Clear browsing data → Cookies and other site data.

Full reference: support.google.com/chrome/answer/95647

7.2 Mozilla Firefox

  1. Open Firefox and click the hamburger menu () → Settings.
  2. Select Privacy & Security.
  3. Under Enhanced Tracking Protection, choose Standard, Strict, or Custom.
  4. To manage individual cookies: Privacy & Security → Cookies and Site Data → Manage Data.

Full reference: support.mozilla.org

7.3 Safari (macOS & iOS)

  1. On macOS: Safari → Settings → Privacy. Check "Prevent cross-site tracking" and optionally "Block all cookies".
  2. On iOS: Settings → Safari → Privacy & Security → Block All Cookies.
  3. To delete cookies: Safari → Settings → Privacy → Manage Website Data → Remove All.

Full reference: support.apple.com

7.4 Microsoft Edge

  1. Open Edge and click the three-dot menu () → Settings.
  2. Select Cookies and site permissions → Cookies and data stored.
  3. Toggle "Block third-party cookies" or manage per-site exceptions.
  4. To clear existing cookies: Settings → Privacy, search, and services → Clear browsing data → Choose what to clear.

Full reference: support.microsoft.com

7.5 Opt-Out Tools

For advertising-related cookies, you may also use industry opt-out tools:

8. Do Not Track & Global Privacy Control

Do Not Track (DNT) is a browser signal (HTTP header) that indicates a user's preference not to be tracked across websites. There is currently no agreed standard for how websites should respond to DNT signals. AIRMY does not alter its cookie behaviour based on DNT signals alone.

Global Privacy Control (GPC) is an emerging standard that communicates an opt-out of the sale or sharing of personal data. AIRMY honours GPC signals as follows: if your browser sends a GPC signal (Sec-GPC: 1), we treat it as equivalent to declining marketing and analytics cookies on your first visit. You do not need to interact with the consent banner — your GPC preference will be detected and respected automatically. The cookie_consent cookie will record this choice.

GPC is supported in browsers including Brave, Firefox (with the setting enabled), and some DuckDuckGo browsers. For more information, visit globalprivacycontrol.org.

9. Impact of Disabling Cookies

The following table summarises what happens if you disable each cookie category:

CategoryImpact if disabled
Strictly NecessaryThe Service will not function. You will not be able to log in, submit forms, or use any authenticated features. You cannot disable these cookies through our preference centre (they do not require consent), but you can block them via browser settings — however, doing so will break the Service entirely.
FunctionalThe Service will still work, but your preferences (layout, theme, recently used agents) will not be saved between sessions. You will need to re-configure your dashboard on each visit.
AnalyticsWe will have reduced visibility into how the Service is being used and which areas have performance or usability issues. Error tracking (Sentry) will also be disabled, which may slow our ability to identify and fix bugs. No impact on your experience.
MarketingYou will not see targeted AIRMY advertisements on third-party platforms (LinkedIn, etc.). You may still see generic AIRMY ads. Campaign conversion tracking will be disabled, affecting our marketing attribution data. No impact on your experience.
Stripe (Third-Party Necessary)Payment processing may fail or be flagged by Stripe's fraud-prevention systems. If you need to make a payment and are experiencing issues, please ensure Stripe's cookies are not being blocked by your browser or a browser extension.

10. Updates to This Policy

We review this Cookie Policy at least quarterly and whenever we add, remove, or materially change a cookie. When we make changes:

  • We update the "Last updated" date at the top of this page.
  • If the changes are material (e.g., we add a new marketing cookie category), we will re-present the consent banner to existing users and ask them to review and reconfirm their preferences.
  • For minor changes (e.g., a cookie duration adjustment), we update the inventory table without requiring renewed consent.

We recommend reviewing this page periodically. The current version is always available at airmy.dev/cookie-policy.

11. Contact

If you have questions about this Cookie Policy or about how we use cookies, please contact our Privacy team:

  • Email: privacy@airmy.dev
  • Data Protection Officer: dpo@airmy.dev
  • Post: AIRMY Technologies, Inc., 340 Pine Street, Suite 800, San Francisco, CA 94104, United States
  • EU/UK Representative: AIRMY Europe Ltd., 71 Queen Victoria Street, London, EC4V 4AY, United Kingdom

For rights requests under GDPR or CCPA (access, deletion, portability, objection), please see Section 10 of our Privacy Policy or contact dpo@airmy.dev directly.