Policy

cookie-policy

Last updated: 2026-04-23

AlphaGen sets only cookies that are strictly necessary for the

Services to function. We do not use analytics cookies, advertising

cookies, or third-party tracking pixels.

Cookies we set

| Name | Purpose | Category | Lifetime | Scope |

|---|---|---|---|---|

| alphagen_session | Authentication — holds your logged-in JWT bearer token so you don't have to re-authenticate on every request. HttpOnly + Secure + SameSite=Lax. | Strictly necessary | 30 days rolling expiry; cleared on explicit logout | .alpha-gen.ai |

| alphagen_csrf | CSRF protection — a paired cookie + request header value that's checked on every state-changing request. SameSite=Strict. | Strictly necessary | Session (deleted when browser closes) | .alpha-gen.ai |

| alphagen_region | Remembers which regional backend you're paired to (EU / UK / US), set at login, so cross-region requests are routed correctly without requiring a DNS round-trip. | Strictly necessary | 1 year | .alpha-gen.ai |

Strictly-necessary cookies do not require consent under UK PECR / EU

ePrivacy rules.

Cookies we do NOT set

  • Google Analytics / Analytics 4.
  • Facebook Pixel / Meta tracking.
  • Any advertising network tag.
  • Mixpanel / Amplitude / PostHog analytics.
  • Third-party font or CDN cookies (we serve fonts locally).
  • Social widgets (share buttons, embeds, etc.).

The mobile application

The AlphaGen mobile app does not use cookies. Authentication uses

Expo Secure Store (userToken, userUuid, userId keys). These are

stored in the platform's native encrypted keychain / Keystore — not

HTTP cookies — and are wiped on logout or uninstall.

Browser-level Do Not Track

Our Services honour the Sec-GPC header (Global Privacy Control)

where operationally possible. Because we don't run third-party

trackers, the signal has no effect on the strictly-necessary cookies

above; we surface it only in the audit log for transparency.

Changes to this policy

Changes are logged in docs/legal/privacy/policy-changelog.md and

the date above is updated. Because only necessary cookies are set,

changes are unlikely to affect you meaningfully — but you'll see

the updated date next time you visit.

Questions

Contact privacy@alpha-gen.ai.