Skip to content
JARAI STUDIO
How It WorksWhat You ProduceFAQ
Log inGet started free
Get started free

Legal

Cookie Policy

Last updated: 25 May 2026

This Cookie Policy explains how JARAI STUDIO Ltd ("JARAI", "we", "us") uses cookies and similar technologies on jarai.studio and the JARAI STUDIO platform. We have designed our cookie usage to be as privacy-preserving as possible.

1. What are cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work correctly, to remember your preferences, and to provide site owners with information about how their sites are used.

Similar technologies include local storage, session storage, and browser fingerprinting. Our position on each of these is described below.

2. Cookies and storage we use

We classify everything we store on your device into three buckets: Strictly Necessary (required for the service to function), Functional (remembers preferences that improve the experience), and Analytics (aggregate, anonymous usage). We do not use advertising or cross-site tracking storage on either surface. Under PECR and UK GDPR, strictly necessary storage does not require consent.

Marketing site (www.jarai.studio)

Name Type Purpose Duration Classification
jarai_ref Cookie (first-party, .jarai.studio) Stores a 6-character referral code from a ?ref= URL parameter so we can attribute new sign-ups to the friend who referred you. Set only when you arrive with a ?ref= link. 30 days Functional

The jarai_ref cookie stores only a non-personal, opaque 6-character code. It does not identify you, track your browsing across sites, or enable advertising. You can opt out of attribution by visiting jarai.studio without a ?ref= parameter, or by clearing the cookie at any time using your browser settings.

Studio Console (console.jarai.studio)

When you sign in to the Studio Console, the application stores authentication and session state on your device so you don't have to re-authenticate on every page load and so the UI can rehydrate quickly after a reload. Everything below is strictly necessary for the service to function.

Name Type Purpose Duration Classification
Microsoft Entra External ID session cookies (x-ms-cpim-*, esctx, buid, others set by Microsoft) Cookie (third-party, scoped to login.microsoftonline.com) Maintain the OAuth sign-in state correlation. Set by Microsoft Entra External ID when you click "Sign in" and complete the authentication redirect. Session and persistent cookies set by Microsoft (durations controlled by Microsoft) Strictly Necessary
MSAL session cache (multiple keys, prefix msal.* and per-application identifier) sessionStorage Holds the active access token, account record, and request state during the OAuth redirect. Used by the Microsoft Authentication Library (MSAL) on the Studio Console. Until you close the browser tab Strictly Necessary
jarai_identity_type localStorage Records which sign-in path you used (entra / externalId / google) so we can rehydrate the right authentication provider after a page reload. Persistent (until you sign out or clear site data) Strictly Necessary
jarai_cached_roles localStorage Caches the role array assigned to your account so the UI can hide / show role-restricted features without a network round-trip on reload. Cleared on sign-out. Persistent (until you sign out or clear site data) Strictly Necessary
jarai_google_token, jarai_google_token_expires_at, jarai_google_user localStorage Stores your Google OAuth access token, its expiry timestamp, and your Google profile (sub, email, name). Set only when you choose "Continue with Google" sign-in; not present otherwise. Cleared on sign-out. Persistent until expiry or sign-out Strictly Necessary (Google sign-in path only)
jarai_install_dismissed sessionStorage Records that you've dismissed the "Install JARAI as an app" PWA install banner during this browser session so we don't keep prompting. Until you close the browser tab Functional
JARAI_QUERY_CACHE_v2 localStorage Offline cache for the Studio Console's React Query data layer. Lets the application show stale-but-recent data when your network drops out, with an "offline" indicator. Capped to 24h and tied to the build version so it auto-invalidates on each deploy. 24 hours Strictly Necessary (offline support)

If you sign in with "Continue with Google", Google's own session cookies are set in the accounts.google.com domain scope by Google itself, as part of the OAuth flow you initiated. We do not control those cookies; see Google's cookies policy for details.

Analytics — Cloudflare Web Analytics

We use Cloudflare Web Analytics to understand how visitors use www.jarai.studio. Cloudflare Web Analytics is a privacy-first analytics tool that is fully compliant with GDPR, UK GDPR, PECR, and CCPA.

Cloudflare Web Analytics does not use cookies and does not store personal data. Specifically:

  • No cookies are set, on any domain
  • No IP addresses are stored
  • No device fingerprints or persistent identifiers are created
  • No cross-site or cross-session tracking occurs
  • Cloudflare does not track individual visitors
  • Data is stored only as aggregate, anonymised statistics (page views, referrer sources, geographic region at country level, browser type)

Because Cloudflare Web Analytics does not use cookies or personal data, no cookie consent banner is required for analytics under GDPR, UK GDPR, or PECR. You can read more about Cloudflare's approach at cloudflare.com/web-analytics.

3. What we do not use

JARAI does not use:

  • Advertising or targeting cookies — we run no ad campaigns that require retargeting pixels
  • Third-party tracking cookies — we do not embed tracking from Facebook, Google Ads, Twitter/X, or any other advertising network
  • Social media buttons or embeds — no Facebook, Twitter, or LinkedIn widgets that set third-party cookies
  • Browser fingerprinting — we do not use fingerprinting as a cookie-less tracking alternative

4. Managing cookies

You can control and delete cookies through your browser settings. Most modern browsers allow you to:

  • View all cookies stored on your device and delete specific cookies
  • Block cookies from specific websites
  • Block all third-party cookies while allowing first-party cookies
  • Clear all cookies when you close the browser

Browser cookie settings

  • Google Chrome: Settings → Privacy and security → Cookies and other site data
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Apple Safari: Preferences → Privacy → Manage Website Data
  • Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies

Note that clearing site data for console.jarai.studio (cookies + localStorage + sessionStorage) will sign you out of the Studio Console immediately, and MSAL will need to re-authenticate you against Microsoft Entra External ID on next visit. You can sign back in at any time; no production data is lost.

Third parties used by the service

The following third parties may set storage in their own domain scope as a strictly necessary part of the integration. None of these are advertising or cross-site tracking third parties.

  • Microsoft Entra External ID (login.microsoftonline.com) — OAuth sign-in provider for the Studio Console. Sets session and persistent cookies in its own domain scope as part of the sign-in flow you initiate.
  • Google OAuth (accounts.google.com) — only when you choose "Continue with Google" sign-in. Google's own cookies, set by Google.
  • Cloudflare Web Analytics — cookieless by design (see § 2 above).

5. Changes to this policy

We will update this Cookie Policy if we introduce new cookies or tracking technologies. We will notify you of material changes by email and by a notice on jarai.studio before changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

6. Contact

For any questions about our use of cookies or similar technologies:

  • Privacy enquiries: privacy@jarai.studio

For how we handle your personal data more broadly, see our Privacy Policy.

← Back to JARAI STUDIO
Privacy policyTerms of serviceCookie policyAcceptable useAI transparencyTakedown procedure

© 2026 JARAI STUDIO Ltd. All rights reserved.