Cookie Notice
Effective: 2026-05-04 Last updated: 2026-05-04
This Cookie Notice explains how AIGI uses cookies and similar storage on your device.
1. What is a Cookie?
A cookie is a small text file stored on your device by your browser when you visit a website. We also use related browser technologies such as localStorage and sessionStorage. For brevity, this notice refers to all of them as "cookies."
2. Cookies We Use
Strictly Necessary (always on; no consent required)
These are required for the Service to function. Disabling them will break sign-in.
| Cookie | Purpose | Lifetime |
|---|---|---|
aigi_session |
JWT session cookie. Identifies your authenticated session after sign-in. HttpOnly, SameSite=Strict, Secure. | 7 days, rolling |
aigi_csrf |
CSRF token for state-changing requests | Session |
Analytics (cookieless server-hash mode pre-consent; full analytics post-consent)
We use PostHog (self-hosted on our own EU infrastructure) to understand which pages and briefs are most useful. Before you grant consent, PostHog runs in cookieless server-hash mode — it counts unique visitors using a hash of your IP and user agent that resets daily. No persistent identifier is set on your device pre-consent. This mode complies with EDPB Guidelines 2/2023 and the UK ICO 2024 cookies guidance.
Once you grant analytics consent, PostHog sets a single first-party identifier cookie (ph_*) so we can build session funnels (landing → signup → trial → first charge) and product feature usage analytics.
| Cookie | Set when | Purpose | Lifetime |
|---|---|---|---|
ph_<id> |
After analytics consent | PostHog distinct ID for funnel + product analytics | 365 days |
Performance / Web Vitals (always on, no PII)
We collect anonymous performance metrics (LCP, FID, CLS, TTFB) via OpenTelemetry browser SDK. These are aggregated and never tied to an individual user. No cookies are set; data is sent directly to our self-hosted SigNoz instance.
3. Third-Party Cookies
The pages where you provide payment information are served by Stripe. Stripe sets its own fraud-prevention cookies on its checkout pages. Those cookies are governed by Stripe's privacy policy: https://stripe.com/privacy.
We do not use third-party advertising cookies, social-media tracking pixels, or remarketing tags.
4. Managing Cookies
Browser controls: All major browsers let you block or delete cookies. Be aware that blocking the strictly-necessary cookies will break sign-in.
Withdrawing analytics consent: Visit /account/privacy while signed in, or email privacy@aigovbrief.com. We will purge the cookies and any associated PostHog identifier within 24 hours.
Do Not Track: We honor the "Global Privacy Control" (GPC) signal. If your browser sends GPC, we treat it as a consent withdrawal for analytics cookies.
5. Changes
If we change cookie usage materially, we will update this Notice and the consent banner at least 30 days before the change takes effect.
6. Contact
Questions: privacy@aigovbrief.com.