Skip to main content

Cookie Policy

SymaOS keeps cookies to the minimum required to keep you signed in and the product functional. We do not run advertising or cross-site tracking cookies.

Draft document

This text is an engineering placeholder pending review by qualified legal counsel. It is published so SymaOS can be evaluated end-to-end before public launch, but it is not legal advice and must not be relied upon for production decisions. The launch gate (SYMAOS_LEGAL_APPROVED=false) keeps public signup, paid plan activation, and App Store submission blocked until lawyer-reviewed versions ship.

Effective date

June 12, 2026

1. What we set

  • symaos_session— HttpOnly, Secure, SameSite=Lax cookie holding the rotating session token hash. This is strictly necessary; the product cannot function without it.
  • oauth_state— short-lived CSRF nonce set during the OAuth round-trip with a provider. Removed immediately once the callback completes.
  • Local storage: the web app stores a small UI preferences blob (sidebar collapsed state, last viewed tab) in the browser. No personal data is persisted in local storage.

2. What we do not set

  • No advertising or retargeting cookies.
  • No cross-site tracking pixels.
  • No third-party analytics cookies that fingerprint visitors.

3. Analytics

SymaOS may run privacy-preserving, cookie-less product analytics to understand usage in aggregate (page views, feature usage, performance). These payloads contain no personal identifiers and are not joined with any third-party advertising graph.

4. Managing cookies

You can clear cookies and local storage at any time through your browser settings. Doing so will sign you out of SymaOS. Deleting your account from Settings → Account → Delete account removes the corresponding server-side session records as well.

5. Contact

Cookie questions: privacy@symaos.com.