Cookie Policy.
A short, honest list of every cookie we set — and what each one does. No tracking pixels, no advertising cookies, no surprises. Last updated April 2026.
Five things, then a cookie list:
- We set 3 essential cookies on aivachat.io and our dashboard — to keep you signed in and prevent CSRF.
- We don't use Google Analytics or any other cross-site tracker. We use Plausible — a cookie-less analytics tool.
- We have no Facebook pixel, no LinkedIn Insights tag, no advertising remarketing. Ever.
- If you embed the AIVA widget on your site, it sets 1 cookie on your visitors' browsers (only if they actually open the chat).
- You can clear or block all our cookies in your browser settings — nothing critical breaks beyond having to sign in again.
What cookies are.
Cookies are small text files that websites store on your device. They have valid uses (keeping you signed in, remembering preferences) and invalid ones (tracking you across the internet for advertising). We use the valid kind.
We also use related browser-storage technologies — localStorage and sessionStorage — for similar essential purposes. We treat them the same way as cookies in this policy.
This policy applies to:
- aivachat.io — our marketing site.
- app.aivachat.io — your AIVA dashboard.
- The AIVA widget — when embedded on customer websites.
Cookies we set.
The complete list. If a cookie isn't here, we don't set it.
Essential cookies
| Cookie | Purpose & lifetime |
|---|---|
aiva_session | Keeps you signed in. 30 days of inactivity then expires. |
aiva_csrf | Cross-site request forgery protection. Session only (deletes on browser close). |
aiva_prefs | Remembers your dashboard preferences (theme, layout). 1 year, easy to clear. |
Analytics cookies
We use Plausible Analytics — a privacy-respecting alternative to Google Analytics. Plausible doesn't set cookies. It uses anonymous, server-side aggregation only.
Advertising cookies
None. We don't run ads. No Google Ads, no Facebook pixel, no LinkedIn Insights, no Twitter pixel, no remarketing.
Third-party cookies.
A few third-party services we use may set their own cookies — strictly for security or session purposes:
| Service | What & why |
|---|---|
| Stripe | Payment fraud prevention. Cookie set on the billing checkout page only. |
| Cloudflare | Bot detection. Set on every page request, lasts 30 minutes. |
| YouTube (embedded videos) | Only if you click play on an embedded video. We use privacy-enhanced mode by default. |
We don't share data with these services beyond what's needed to provide the function. Stripe doesn't know what plan you're on. Cloudflare doesn't know who you are. YouTube doesn't track you across our site.
The AIVA widget.
When our web widget is embedded on a customer's website (e.g., northwind.in), it doesn't set any cookies until a visitor actually opens the chat.
Once opened, the widget sets one cookie:
aiva_widget_session— preserves the conversation across page navigations on the same site. Session only (deletes when browser closes). Stores no personal information beyond a random conversation ID.
If you're a customer embedding our widget, this cookie is yours to declare in your cookie policy. We provide model language at aivachat.io/docs/widget/cookies.
Consent & controls.
Because all our cookies are strictly essential, we don't show a cookie banner. EU regulators specifically allow this — banners are required for tracking cookies, not for cookies that are necessary to provide the requested service.
You can still control cookies in your browser:
- Block all cookies — most browsers let you do this. AIVA's marketing site still works. The dashboard requires login cookies, so you'd be signed out on every visit.
- Block third-party cookies — fine for AIVA. Doesn't affect anything user-facing.
- Clear cookies — totally fine. You'll be signed out and need to sign in again. Preferences reset to defaults.
Browser-level Do Not Track (DNT) signals are honored where applicable — though since we don't track, there's not much to honor.
Changes to this policy.
If we add or change a cookie, we'll:
- Update the table in Section 02 above.
- Update the “Last updated” date at the top.
- Email all account holders at least 30 days in advance if the change is material.
- Keep a public changelog of every revision.
We will never silently add tracking or advertising cookies. If we ever introduce one, it'll require explicit consent first.
How to reach us.
Questions about cookies? Email privacy@aivachat.io — we reply within four hours during business hours.
Attn: Privacy Officer
3rd Floor, Race Course Road
Rajkot, Gujarat 360001 · India
Legal documents
Other things to read.
Have a legal question that's not covered? Email legal@aivachat.io or contact our Privacy Officer.