Cookie Policy
This Cookie Policy explains what cookies and similar technologies the Genitor platform ("Genitor", the "Platform", "we", "our", "us") stores in your browser, why we use them, and how you can manage them.
It applies to the genitor.net root domain and all *.genitor.net subdomains, including websites that users build on the Platform. For broader information about how we handle personal data, please read our Privacy Policy; the rules for using the Platform are described in the Terms of Service.
Genitor is a SaaS service that lets you build production websites by writing prompts to an AI. We do not use cookies for advertising or cross-site behavioural tracking.
1. Introduction
This Policy gives you transparent information about how cookies and similar technologies work on Genitor. We explain which cookies we set, why we set them, how long they last, and what control you have over them.
By using the Platform (for example, by signing in to your account, creating a project, or saving settings) you are taken to consent to the placement of strictly necessary cookies as described below. The Platform does not currently use any non-essential (analytics or marketing) cookies; if such cookies are introduced in the future, your prior consent will be requested in line with applicable law.
This Policy forms part of our Privacy Policy. In case of conflict, the Privacy Policy prevails for matters of personal-data processing in general, and this Policy prevails specifically for cookies and similar technologies.
2. What cookies are
A cookie is a small text file that a website stores in your browser when you visit. The next time you visit the same site, your browser sends the cookie back so the site can recognise you, restore your session, or remember your preferences.
Technically, cookies hold a small piece of data such as a session identifier, a language code, or a security token. They do not contain executable code themselves and they cannot access other files on your device.
By lifetime, there are two kinds of cookies: (a) session cookies, which are erased when you close the browser, and (b) persistent cookies, which remain on the device until a predefined expiration date. By origin there are two kinds: (i) first-party cookies set by our own domain (genitor.net) and (ii) third-party cookies set by other domains (e.g. accounts.google.com).
Genitor also uses similar browser technologies such as localStorage and sessionStorage. They are not technically cookies but serve comparable purposes; section 7 covers them separately.
3. Why we use cookies
We use cookies only to make the Platform work and to provide essential functionality. In particular, cookies allow us to:
- keep you signed in across page loads, so you do not have to re-enter your password on every navigation;
- remember the interface language you chose (az, en, ru, tr or uz) and present the same language on every visit;
- remember UX state such as whether you have already dismissed the language-picker modal, so it does not reappear on every visit;
- protect against CSRF (cross-site request forgery) during Google sign-in and form submissions;
- let Cloudflare distinguish bot traffic from human traffic and apply security mechanisms to keep the service reliable.
3.1. What we do not use cookies for
For clarity: Genitor does not use cookies to track you across other websites, build behavioural profiles, deliver targeted advertising, or share data with third-party ad networks. No analytics provider (Google Analytics, Mixpanel, Plausible, etc.) is currently integrated into the Platform.
4. Categories of cookies
The cookies that may appear in your browser while using Genitor fall into four broad categories.
4.1. Strictly necessary cookies
These cookies are essential to the operation of the Platform. They keep you authenticated, preserve your session, and protect security-sensitive flows. Without them you cannot sign in, create projects, or save settings.
You can block strictly necessary cookies through your browser, but the Platform will not work properly. They do not require prior consent under applicable law because they are required to deliver a service you have explicitly requested.
4.2. Functional / preference cookies
These cookies remember preferences such as your chosen language and the dismissed-state of certain UI elements. Without them the Platform still works, but it will be less convenient (for instance, your language might reset on each visit).
All cookies in this category are first-party cookies set by Genitor and used only inside the Platform.
4.3. Analytics cookies
Analytics cookies help operators understand how users interact with their service (for example, which pages are visited, how long sessions last, which errors occur). Genitor does not currently set any analytics cookies.
If we add analytics in the future, we will update this Policy and request prior consent in jurisdictions that require it. If you do not consent, no analytics cookies will be set.
4.4. Marketing / advertising cookies
Marketing cookies are used to display personalised advertising, measure ad-campaign effectiveness, or track behaviour across websites. Genitor does not set any marketing or advertising cookies and does not integrate with third-party ad networks.
Our business model is based on paid subscriptions rather than advertising, so we do not anticipate adding cookies of this category.
5. The specific cookies we set
Below is a complete list of cookies and similar tokens that Genitor sets directly, with their name, purpose, attributes, and lifetime.
5.1. session
Purpose: authentication. Set when you sign in to your account; tells the server who you are on every request, so you do not have to re-enter your password on every page load.
Attributes: HTTP-only (not readable from JavaScript), Secure (only sent over HTTPS), SameSite=Lax (protection against cross-site form submissions). Lifetime: approximately 30 days; cleared on sign-out or when invalidated.
Type: first-party, strictly necessary.
5.2. locale
Purpose: store your chosen interface language (az, en, ru, tr, uz). Updated whenever you change the language.
Attributes: Secure, SameSite=Lax. Lifetime: 1 year.
Type: first-party, functional / preference.
5.3. locale_picked
Purpose: record that you have seen and dismissed the language-picker modal at least once, so it does not appear again on every visit.
Attributes: Secure, SameSite=Lax. Lifetime: 1 year.
Type: first-party, functional / preference.
5.4. oauth_state
Purpose: CSRF protection during the Google sign-in flow. Set when you are redirected to Google, compared on the way back, and cleared once the flow completes (or is cancelled).
Attributes: HTTP-only, Secure, SameSite=Lax. Lifetime: approximately 10 minutes (short-lived, only for the OAuth flow).
Type: first-party, strictly necessary (security).
5.5. CSRF token
Purpose: protect form submissions and state-changing API requests against CSRF attacks. Set on a short-term basis on pages where such protection applies.
Attributes: Secure, SameSite=Strict or Lax depending on the context. Lifetime: per session.
Type: first-party, strictly necessary (security).
6. Third-party cookies
In some cases your browser interacts directly with third-party domains while using the Platform, and those parties may set their own cookies. We do not control those cookies; they are governed by the privacy policies of the respective providers.
6.1. Google (OAuth)
When you use "Sign in with Google", your browser is redirected to accounts.google.com and oauth.googleusercontent.com. Google sets its own authentication, security, and preference cookies on those domains.
These cookies are managed by Google and are subject to Google's Privacy Policy (https://policies.google.com/privacy) and the Google Technologies Policy. Genitor does not have visibility into their content and cannot delete them — to manage them you must use your Google account and browser settings.
6.2. Cloudflare
Genitor uses Cloudflare for CDN, DDoS protection, and SSL. Cloudflare may set a cookie called __cf_bm on our domain to distinguish bot traffic from human traffic.
__cf_bm cookie: purpose — bot management; lifetime — approximately 30 minutes; does not store personal data. The cookie is set by Cloudflare and is subject to Cloudflare's privacy policy (https://www.cloudflare.com/privacypolicy/).
Without Cloudflare's bot management the Platform would be exposed to abuse, so this cookie is in practice necessary for the service.
7. Local storage and similar technologies
In addition to cookies, Genitor uses HTML5 localStorage and sessionStorage. These are not technically cookies but they serve similar purposes: they let the browser store small pieces of data on the client side.
Unlike cookies, localStorage is not automatically transmitted to our server with every HTTP request — the data lives only in your browser and can only be read by Platform code. We use it for the following UX purposes:
- sidebar collapsed / expanded state;
- recently used editor settings (such as the last selected model or temperature);
- recent searches in the search box (kept on your device only);
- dark / light theme choice (where available).
7.1. How to clear local storage
You can clear local storage together with cookies via your browser settings. In most browsers it is available under "Clear site data" or "Clear browsing data".
8. How long cookies stay on your device
The table below summarises typical lifetimes of the main cookies that Genitor sets or that may appear in your browser. Actual durations may vary slightly depending on the browser and its settings.
- session — approximately 30 days (cleared on sign-out);
- locale — 1 year;
- locale_picked — 1 year;
- oauth_state — approximately 10 minutes (only during the OAuth flow);
- CSRF token — per session (cleared when the browser closes);
- __cf_bm (Cloudflare) — approximately 30 minutes;
- Google OAuth cookies — durations defined by Google (managed via your Google account).
9. Cookie consent
Strictly necessary cookies do not require prior consent under applicable law because they are required for the Platform to function. They are therefore set automatically as soon as you load the Platform.
Genitor does not currently set any analytics or marketing cookies, so you will not see a consent banner on the Platform. If we introduce non-essential cookies in the future, we will display a clear and meaningful consent banner before placing them, in line with applicable law (for example ePrivacy / GDPR in the EU).
If you have given consent, you may withdraw it at any time (see section 10.3).
10. How to control cookies
You have meaningful control over cookies. We recommend the three approaches below.
10.1. Browser settings
All modern browsers let you view, block, and delete cookies. Below are pointers for the major browsers:
- Google Chrome — Settings → Privacy and security → Cookies and other site data;
- Mozilla Firefox — Settings → Privacy & Security → Cookies and Site Data;
- Apple Safari — Settings → Privacy → Manage Website Data;
- Microsoft Edge — Settings → Cookies and site permissions → Manage and delete cookies and site data.
10.2. Warning about blocking strictly necessary cookies
If you block strictly necessary cookies such as session, oauth_state, or the CSRF token, you will not be able to sign in, edit your projects, or use other interactive functionality. The Platform will be effectively unusable.
If you attempt to block them, your browser will typically not give you detailed feedback about the consequences. We therefore recommend that you allow strictly necessary cookies.
10.3. Do Not Track signals
Some browsers support a "Do Not Track" (DNT) preference. Because Genitor does not currently use behavioural-tracking cookies, sending a DNT signal has no behavioural effect on your experience on Genitor — we already do not track you.
If we add non-essential analytics in the future, we will document in this Policy how we honour DNT signals or other opt-out mechanisms.
10.4. Withdrawing consent
Because the Platform does not currently set non-essential cookies that would require consent, there is no consent-withdrawal mechanism to use. If a consent banner is introduced in the future, a "Cookie preferences" link will appear in the Platform footer so you can change your choice at any time.
You can always delete first-party cookies from your browser manually; that effectively resets all preferences set by us.
11. Updates to this Policy
As we add new features (for example product analytics, A/B-testing tools, or new authentication providers) we may update this Cookie Policy. The updated version will be published with the "Last updated" date above.
Material changes (for example introducing a new category of cookies or changing the consent regime) will be communicated in advance via an in-product banner and/or by email.
Previous versions of this Policy are available on request from [email protected].
12. Related documents
This Cookie Policy should be read together with the following documents:
- Privacy Policy — general information about how we process personal data;
- Terms of Service — rules for using the Platform and the corresponding mutual obligations;
- Acceptable Use Policy (where applicable) — rules about content created on the Platform.
13. Contact
If you have questions about cookies or about this Policy, please get in touch:
- Privacy and cookies: [email protected]
- General support: [email protected]
- Jurisdiction: State of Delaware, USA