Cookie Notice
Last updated: 9 May 2026
This page explains how Chattriix Colab uses cookies and similar storage technologies.
TL;DR
- We use only strictly-necessary cookies to keep you signed in and the service working.
- We do not use advertising, marketing, or cross-site tracking cookies.
- We do not use third-party analytics that build profiles of you.
Because all our cookies are strictly necessary, we don't need to ask for your consent under UK PECR (Privacy and Electronic Communications Regulations) and the UK GDPR. There's no banner — there's nothing to opt out of.
What we use, exactly
On messenger.chattriix.com (the web app)
| Cookie / storage | Purpose | Type | Lifetime |
|---|---|---|---|
access_token | Keeps you signed in within a session | HttpOnly cookie | ~15 minutes (rotated automatically) |
refresh_token | Lets us re-issue a fresh access_token without re-prompting for OTP | HttpOnly cookie | ~30 days |
csrf_token | Protects against cross-site request forgery on state-changing requests | HttpOnly cookie | Session |
messenger-auth-storage (localStorage) | Stores non-sensitive UI state (your user ID, device ID) | Browser localStorage | Until sign-out |
| Encryption keys (IndexedDB) | Stores your device's private keys so the browser can decrypt messages | Browser IndexedDB | Until sign-out / clear-data |
All of these are necessary for the app to function. There is no version of "Chattriix Colab without these" that still works.
On chat.chattriix.com (this marketing site)
No cookies. No localStorage. No tracking pixels. This site is fully static.
What we don't do
- No Google Analytics, Mixpanel, Amplitude, or similar profiling analytics.
- No Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel, or any other advertising tracker.
- No A/B testing tools that fingerprint your browser.
- No "session replay" tools (e.g., Hotjar, FullStory).
- No third-party fonts that track via the network (Inter is loaded from rsms.me, which doesn't track).
Browser-level controls
Even though all our cookies are strictly necessary, you can:
- Clear them at any time via your browser settings — you'll be signed out and need to sign in again.
- Block them entirely in browser settings — the web app will not function. The mobile apps (iOS, Android) don't use browser cookies and aren't affected.
Sign-out clears local data
When you sign out of the web app:
- All cookies are invalidated.
- localStorage entries are removed.
- IndexedDB encryption keys are deleted.
- A fresh sign-in re-creates everything.
To go further (clear cached message previews etc.), use Settings → Storage → Clear local history.
Changes
If we ever introduce optional cookies (e.g., for analytics or feature experiments), we will:
- Add a proper consent banner before any such cookie is set.
- Update this page to describe the new categories.
- Allow opt-out without disabling the strictly-necessary cookies above.
We have no current plans to add optional cookies.
Contact
For questions about cookies or any other data-protection matter:
privacy@chattriix.com
See also the full Privacy Policy.