Legal

Cookie Policy

How we use cookies and similar technologies across our sites and app — in plain language, with clear categories and retention rules.

[ Registry: DE-BN-2026 ][ Version: 1.0.4 ][ Updated: 29 March 2026 ]
EU-focusedEnterprise-readyRegularly reviewed
Web consent and privacy controls interface

Review flow

ScopeInterpretValidateOperationalize

What are cookies?

Cookies are small text files stored on your device when you visit a site. Similar technologies include local storage, session storage, and pixels that help us recognize your browser, remember choices, and measure whether pages load reliably. We use them only where needed to run the Service securely, remember your preferences, and — where you consent — understand aggregated usage.

Necessary
Preferences
Analytics
Marketing

Categories we use

  • Strictly necessary: authentication and session continuity, security controls, load balancing, and abuse prevention. Without these, login and core application flows cannot function.
  • Preferences: language, accessibility choices, UI density, and consent records so we do not ask you for the same preference on every visit.
  • Analytics: aggregated metrics (e.g., error rates, performance timings) to improve reliability. Where consent is required, these run only after you opt in.
  • Marketing: limited attribution and, if enabled, retargeting pixels. You can withdraw consent through the banner or browser controls where applicable.

Workspace session: when you sign in, we set a single host-scoped cookie agentmai_session (HTTP-only, SameSite=Lax, Secure on HTTPS) to keep you authenticated. It is strictly necessary and is not readable by page scripts. Duration: up to seven days per successful login unless you log out sooner.

Necessary

Required for login, fraud prevention, and core page operation.

Preferences

Stores language, UI behavior, and recorded consent state.

Analytics

Aggregated interaction and performance data for improvement.

Marketing

Campaign measurement and attribution where you have allowed it.

Managing cookies

You can control cookies through your browser (block, delete, or alert before set) and through our consent interface where we present one. Blocking strictly necessary cookies may prevent sign-in, security checks, or session continuity; preference and analytics cookies can usually be refused without losing core functionality.

Consent controls

Where regional law requires it, non-essential categories stay off until you actively accept. You can change your mind at any time; updates apply on the next page load except where a short-lived session cookie is required to remember your choice.

Retention

Session vs. persistent storage

Typical durations

Session cookies are deleted when you close the browser (or when the session ends on our side). Persistent cookies may remain for up to twelve months from the last interaction, unless you clear them sooner or we shorten the window for security reasons.

Preference and consent records may be stored in a durable cookie so we do not re-prompt you on every visit; resetting them through the banner or browser starts a fresh consent timeline.

Renewal and overrides

Operational

Any new visit or consent action can refresh the expiry clock. If we materially change what a cookie does, we will align retention with the updated purpose and, where required, ask for consent again before non-essential cookies are set.

Updates

When we change this policy

Notice

We may update this page when we introduce new tooling, change third-party vendors, or adapt to regulatory guidance (e.g., ePrivacy interpretations). The "Updated" date at the top of the page reflects the latest revision.

How we tell you

Stay informed

For material changes, we will provide notice through the Service (banner, in-app message, or email to administrators where appropriate). Please review this policy periodically — especially after product or analytics stack changes — so your organization's consent records stay aligned with actual practice.

Structured for legal, security, and operations review. For enterprise assurance requests, contact your account owner.

Web consent and privacy controls interface

Need a cross-functional legal readiness review?

Coordinate legal, security, and product stakeholders using one consistent policy and evidence workflow.

Open compliance workflow