Cookie & Local Storage Policy
1. Introduction
This policy explains how Sci-pilot ("the Software", "the App") and the Sci-pilot website (scipilot.app) use cookies, localStorage, and similar storage technologies.
2. Desktop Application
2.1 No Cookies
The Sci-pilot desktop application does not use browser cookies. The app runs as a native desktop application powered by Tauri and does not set or read HTTP cookies.
2.2 localStorage Usage
The application uses browser localStorage (within its embedded WebView) to store application settings and preferences. This data never leaves your device.
The application uses localStorage entries to persist your settings, including provider configuration, UI preferences, selected models, and advanced options. These entries are internal to the app and are not accessible by external websites.
2.3 Characteristics of localStorage
- Local only: Data is stored on your device's filesystem within the application's WebView data directory
- No transmission: This data is never sent to any external server
- No tracking: localStorage is not used for analytics, tracking, or advertising
- User-controlled: You can clear localStorage through the application settings or by deleting the WebView data directory
- No expiration: Unlike cookies, localStorage data persists until explicitly deleted
2.4 Configuration Files
In addition to localStorage, the application stores settings in local configuration files on your device. These files serve the same purpose — persisting your preferences. See the Privacy Policy for full details.
3. Website (scipilot.app)
3.1 Current Status
The Sci-pilot website uses Supabase for authentication and is hosted on Cloudflare Pages. As of the effective date of this policy:
- The website uses Google Analytics 4 for anonymous usage analytics (consent-based — see Section 3.5)
- The website does not use advertising cookies
- The website does not use social media tracking pixels
3.2 Cloudflare Cookies
As the website is hosted on Cloudflare, the following cookies may be set automatically by Cloudflare for security and performance purposes:
| Cookie | Purpose | Duration |
|---|---|---|
__cf_bm | Bot management — distinguishes humans from bots | 30 minutes |
__cflb | Load balancing — routes requests to the same server | Session |
These are strictly necessary cookies set by Cloudflare's infrastructure. We do not control their content. See Cloudflare's Cookie Policy for details.
3.3 Supabase Authentication
When you sign in on the website, Supabase stores authentication tokens in your browser's localStorage (not cookies). This includes:
- Access token and refresh token for your session
- User metadata (email, user ID)
This data remains in your browser and is only sent to Supabase's authentication servers. You can clear it by signing out or clearing your browser data.
3.4 Essential Cookies (Future)
If the website introduces additional interactive features in the future, we may use strictly necessary cookies for:
- Security (CSRF protection)
- User preferences (e.g., language, theme)
These would be functional cookies required for the website to operate correctly.
3.5 Google Analytics
We use Google Analytics 4 (measurement ID: G-J67P8J292Z) to understand how visitors use our website. Google Analytics uses cookies to collect anonymous usage data.
| Cookie | Purpose | Duration |
|---|---|---|
_ga | Distinguishes unique visitors | 2 years |
_ga_* | Maintains session state | 2 years |
Consent required: Google Analytics cookies are only set after you accept the cookie consent banner. If you decline, no analytics cookies are set and no data is sent to Google.
We have enabled IP anonymization so your full IP address is never stored by Google. We do not use analytics data for advertising or share it with third parties. See Google's Privacy Policy for details on how Google processes analytics data.
3.6 Third-Party Cookies
The website only uses third-party cookies from Cloudflare (security, always active) and Google Analytics (analytics, consent-based). We do not allow any other third-party cookies on our website.
4. Third-Party Services Within the App
When you use Sci-pilot to interact with third-party services (LLM providers, Discord, GitHub, etc.), those services may use their own cookies and tracking mechanisms on their platforms. Sci-pilot has no control over third-party cookie practices. Refer to each service's own cookie policy for details.
5. Managing Your Data
5.1 Clearing localStorage (Desktop App)
You can clear the application's localStorage by:
- Using the application's settings UI (if available)
- Deleting the application's data directory on your system (located in your OS's standard app data folder)
5.2 Clearing Website Data
Use your browser's standard cookie/storage management tools to clear any data from scipilot.app.
6. Do Not Track
Sci-pilot respects Do Not Track (DNT) browser signals. The desktop application does not perform any tracking. On the website, Google Analytics cookies are only set with your explicit consent via the cookie banner — if you decline or have DNT enabled, no analytics data is collected.
7. Changes to This Policy
We may update this policy as the Software and website evolve. Changes will be reflected by updating the "Last Updated" date. Material changes will be communicated through the Software or website.
8. Contact
For questions about this policy, contact:
Email: contact@scipilot.app