01 — DefinitionsCookies, local storage & similar
A cookie is a small text file a website stores on your device so it can recognise you on subsequent requests. The same legal framework — Article 5(3) of the ePrivacy Directive 2002/58/EC and the GDPR — also covers localStorage, sessionStorage, IndexedDB and similar techniques. In this policy "cookies" means all of them.
Cookies can be classified by source (first-party, set by ailabrix.com, vs third-party, set by an external service) and by duration (session, deleted when you close the browser, vs persistent, with an explicit expiry date).
02 — Legal basis & consentWhen we need your opt-in
Strictly necessary cookies are loaded without prior consent under Art. 5(3) ePrivacy and Recital 66, because the service cannot work without them and you have explicitly requested the service by opening the page.
All other cookies — including privacy-friendly analytics and Core Web Vitals beacons — are loaded only after an unambiguous, granular, freely given and revocable opt-in (Art. 4(11) and Art. 7 GDPR). Refusing them does not reduce site functionality.
You give consent through the cookie banner the first time you visit. You can update or withdraw it at any time by clicking Cookie preferences in the footer of every page. The choice is stored in a first-party cookie named ailabrix_cc for 6 months.
03 — Strictly necessary cookiesAlways on — exempt from consent
| Name | Provider | Purpose | Expiration |
|---|---|---|---|
session | ailabrix.com | Server-side Flask session reference (login state, CSRF, language). | Session |
csrf_token | ailabrix.com | Cross-Site Request Forgery protection on every form (Flask-WTF). | 1 hour |
ailabrix_cc | ailabrix.com | Stores your cookie consent choice (per category). | 6 months |
ailabrix_lang | ailabrix.com (localStorage) | Remembers your preferred interface language (en / it / es / de / fr). | Persistent |
Required These four entries cannot be disabled because, without them, you could not log in, submit a form safely or even keep your language choice.
04 — Analytics & performanceOptional — only with your opt-in
| Provider | Endpoint | Purpose | Country |
|---|---|---|---|
| Mindys | statistics.mindys.ai |
Privacy-friendly, cookieless page-view analytics (aggregate visitor counts, referrers, country at country level). No fingerprinting, no cross-site tracking. | EU |
| Cloudflare | static.cloudflareinsights.com |
Cookieless Core Web Vitals beacon (page load, LCP, INP, CLS). Helps us keep the site fast. No identifiers stored on your device. | USA (SCCs) |
Optional Both providers operate in cookieless mode and process only aggregated, non-identifying signals. Cloudflare is established in the USA: the transfer relies on the EU Standard Contractual Clauses (Decision 2021/914) and a documented Transfer Impact Assessment — see the Privacy Policy, §7.
05 — Cookies we do not useWhat you will not find here
- No advertising or remarketing cookies.
- No cross-site tracking pixels (Meta, LinkedIn, X, TikTok, Google Ads).
- No fingerprinting libraries.
- No social-media share widgets that load third-party cookies before consent.
- No video-embed cookies before consent (videos are click-to-load).
06 — Managing your consentWithdraw or change at any time
Withdrawing consent is as easy as giving it. You can:
- Click Cookie preferences in the footer to reopen the granular panel.
- Delete the
ailabrix_cccookie from your browser — the banner reappears on the next visit. - Use your browser's settings to block or wipe cookies for ailabrix.com.
Browser-specific guides: Chrome · Firefox · Safari · Edge.
07 — Do Not Track & GPCHow we treat browser signals
If your browser sends a Global Privacy Control (GPC) signal, we treat it as a refusal of all non-essential cookies and the analytics category is forced off, regardless of any previous click. The classic Do Not Track (DNT) header is non-standard and is no longer honoured by most platforms; GPC is the supersession we follow.
08 — International transfersWhere data goes
Cookie-related data stays in the EU when possible. The only transfer outside the EU/EEA in this policy is the Cloudflare Core Web Vitals beacon (USA), covered by the EU Standard Contractual Clauses, a Transfer Impact Assessment and supplementary measures (TLS in transit, no identifiers stored, in-region routing where Cloudflare allows it).
09 — ChangesUpdates to this policy
If we add a new cookie category — for example a new analytics or chat provider — we will list it here, ask for a fresh consent (the banner reappears) and update the effective date at the top. Removed cookies are kept in a changelog appendix on request.
10 — ContactQuestions, complaints, rights
For any cookie or privacy question, write to the privacy team at [email protected]. For general contact see /contact. The full privacy notice (legal bases, recipients, retention, rights) is at /privacy. Compliance posture and per-control evidence: /trust.