This Cookie Policy explains how JARAI STUDIO Ltd ("JARAI", "we", "us") uses cookies and similar technologies on jarai.studio and the JARAI STUDIO platform. We have designed our cookie usage to be as privacy-preserving as possible.
1. What are cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work correctly, to remember your preferences, and to provide site owners with information about how their sites are used.
Similar technologies include local storage, session storage, and browser fingerprinting. Our position on each of these is described below.
2. Cookies and storage we use
We classify everything we store on your device into three buckets: Strictly Necessary (required for the service to function), Functional (remembers preferences that improve the experience), and Analytics (aggregate, anonymous usage). We do not use advertising or cross-site tracking storage on either surface. Under PECR and UK GDPR, strictly necessary storage does not require consent.
Marketing site (www.jarai.studio)
| Name | Type | Purpose | Duration | Classification |
|---|---|---|---|---|
jarai_ref | Cookie (first-party, .jarai.studio) | Stores a 6-character referral code from a ?ref= URL parameter so we can attribute new sign-ups to the friend who referred you. Set only when you arrive with a ?ref= link. | 30 days | Functional |
The jarai_ref cookie stores only a non-personal, opaque 6-character code.
It does not identify you, track your browsing across sites, or enable advertising. You can
opt out of attribution by visiting jarai.studio without a
?ref= parameter, or by clearing the cookie at any time using your browser
settings.
Studio Console (console.jarai.studio)
When you sign in to the Studio Console, the application stores authentication and session state on your device so you don't have to re-authenticate on every page load and so the UI can rehydrate quickly after a reload. Everything below is strictly necessary for the service to function.
| Name | Type | Purpose | Duration | Classification |
|---|---|---|---|---|
Microsoft Entra External ID session cookies (x-ms-cpim-*, esctx, buid, others set by Microsoft) | Cookie (third-party, scoped to login.microsoftonline.com) | Maintain the OAuth sign-in state correlation. Set by Microsoft Entra External ID when you click "Sign in" and complete the authentication redirect. | Session and persistent cookies set by Microsoft (durations controlled by Microsoft) | Strictly Necessary |
MSAL session cache (multiple keys, prefix msal.* and per-application identifier) | sessionStorage | Holds the active access token, account record, and request state during the OAuth redirect. Used by the Microsoft Authentication Library (MSAL) on the Studio Console. | Until you close the browser tab | Strictly Necessary |
jarai_identity_type | localStorage | Records which sign-in path you used (entra / externalId / google) so we can rehydrate the right authentication provider after a page reload. | Persistent (until you sign out or clear site data) | Strictly Necessary |
jarai_cached_roles | localStorage | Caches the role array assigned to your account so the UI can hide / show role-restricted features without a network round-trip on reload. Cleared on sign-out. | Persistent (until you sign out or clear site data) | Strictly Necessary |
jarai_google_token, jarai_google_token_expires_at, jarai_google_user | localStorage | Stores your Google OAuth access token, its expiry timestamp, and your Google profile (sub, email, name). Set only when you choose "Continue with Google" sign-in; not present otherwise. Cleared on sign-out. | Persistent until expiry or sign-out | Strictly Necessary (Google sign-in path only) |
jarai_install_dismissed | sessionStorage | Records that you've dismissed the "Install JARAI as an app" PWA install banner during this browser session so we don't keep prompting. | Until you close the browser tab | Functional |
JARAI_QUERY_CACHE_v2 | localStorage | Offline cache for the Studio Console's React Query data layer. Lets the application show stale-but-recent data when your network drops out, with an "offline" indicator. Capped to 24h and tied to the build version so it auto-invalidates on each deploy. | 24 hours | Strictly Necessary (offline support) |
If you sign in with "Continue with Google", Google's own session cookies are set in the
accounts.google.com domain scope by Google itself, as part of the OAuth flow
you initiated. We do not control those cookies; see
Google's cookies policy
for details.
Analytics — Cloudflare Web Analytics
We use Cloudflare Web Analytics to understand how visitors use www.jarai.studio. Cloudflare Web Analytics is a privacy-first analytics tool that is fully compliant with GDPR, UK GDPR, PECR, and CCPA.
Cloudflare Web Analytics does not use cookies and does not store personal data. Specifically:
- No cookies are set, on any domain
- No IP addresses are stored
- No device fingerprints or persistent identifiers are created
- No cross-site or cross-session tracking occurs
- Cloudflare does not track individual visitors
- Data is stored only as aggregate, anonymised statistics (page views, referrer sources, geographic region at country level, browser type)
Because Cloudflare Web Analytics does not use cookies or personal data, no cookie consent banner is required for analytics under GDPR, UK GDPR, or PECR. You can read more about Cloudflare's approach at cloudflare.com/web-analytics.
3. What we do not use
JARAI does not use:
- Advertising or targeting cookies — we run no ad campaigns that require retargeting pixels
- Third-party tracking cookies — we do not embed tracking from Facebook, Google Ads, Twitter/X, or any other advertising network
- Social media buttons or embeds — no Facebook, Twitter, or LinkedIn widgets that set third-party cookies
- Browser fingerprinting — we do not use fingerprinting as a cookie-less tracking alternative
4. Managing cookies
You can control and delete cookies through your browser settings. Most modern browsers allow you to:
- View all cookies stored on your device and delete specific cookies
- Block cookies from specific websites
- Block all third-party cookies while allowing first-party cookies
- Clear all cookies when you close the browser
Browser cookie settings
- Google Chrome: Settings → Privacy and security → Cookies and other site data
- Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
- Apple Safari: Preferences → Privacy → Manage Website Data
- Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies
Note that clearing site data for console.jarai.studio (cookies +
localStorage + sessionStorage) will sign you out of the Studio Console immediately, and
MSAL will need to re-authenticate you against Microsoft Entra External ID on next visit.
You can sign back in at any time; no production data is lost.
Third parties used by the service
The following third parties may set storage in their own domain scope as a strictly necessary part of the integration. None of these are advertising or cross-site tracking third parties.
- Microsoft Entra External ID (
login.microsoftonline.com) — OAuth sign-in provider for the Studio Console. Sets session and persistent cookies in its own domain scope as part of the sign-in flow you initiate. - Google OAuth (
accounts.google.com) — only when you choose "Continue with Google" sign-in. Google's own cookies, set by Google. - Cloudflare Web Analytics — cookieless by design (see § 2 above).
5. Changes to this policy
We will update this Cookie Policy if we introduce new cookies or tracking technologies. We will notify you of material changes by email and by a notice on jarai.studio before changes take effect. The "last updated" date at the top of this page reflects the most recent revision.
6. Contact
For any questions about our use of cookies or similar technologies:
- Privacy enquiries: privacy@jarai.studio
For how we handle your personal data more broadly, see our Privacy Policy.