Cookie Policy
Effective date: 25 May 2026
This Cookie Policy explains how ContentGrapher ("we", "us", "our") uses cookies and similar storage technologies on contentgrapher.io (the "Site"). For information about how we handle personal data more broadly, see our Privacy Policy.
1. What are cookies
Cookies are small text files that a website places on your device when you visit. They allow the site to recognise your browser across requests and store small pieces of information needed to keep you signed in, maintain security, and remember preferences. Some data we store uses browser-native storage (LocalStorage and SessionStorage) rather than traditional cookies; we disclose those here as well.
2. How we use cookies
ContentGrapher uses strictly necessary, functional, and analytics cookies. We use Google Analytics 4 to understand how the Site is used in aggregate — see Section 5 below. We do not use advertising cookies, Facebook Pixel, Hotjar, FullStory, or other behavioural tracking services.
Our cookies exist solely to:
- Authenticate your session and keep you signed in
- Protect against cross-site request forgery during sign-in
- Maintain short-lived state during the OAuth authentication flow
- Remember your display preferences
- Measure page engagement and usage patterns via Google Analytics 4 (analytics cookies; EEA/UK users are asked for consent before these are set)
3. Cookies set by ContentGrapher
| Name | Type | HttpOnly | Duration | Purpose |
|---|---|---|---|---|
| `session_token` | Strictly necessary | Yes | 7 days | Keeps you authenticated across page loads. |
| `oauth_state` | Strictly necessary | Yes | 10 minutes | A one-time value used to prevent cross-site request forgery (CSRF) during the Google OAuth sign-in flow. Deleted after use. |
| `oauth_next` | Strictly necessary | Yes | 10 minutes | Remembers the page you were on before starting Google sign-in so you can be redirected back after authentication. |
| `device_token` | Strictly necessary | Yes | 10 minutes | Carries a device identifier through the OAuth flow so that analyses you performed before signing in can be associated with your new account. |
| `_ga` | Analytics | No | 2 years | Google Analytics — assigns a random client ID to distinguish users. Only set after you accept analytics. |
|---|---|---|---|---|
| `_gid` | Analytics | No | 24 hours | Google Analytics — distinguishes users across sessions within a 24-hour window. Only set after you accept analytics. |
The first four cookies above are either strictly necessary for the Site to function or are functional cookies that support core features. None are used for advertising, profiling, or cross-site tracking.
Analytics cookies are set by the Google Analytics 4 script loaded on this Site. EEA and UK users must accept analytics via the consent banner before these cookies are set.
4. LocalStorage and SessionStorage
In addition to cookies, we use browser-native storage for the following:
| Name | Storage type | Duration | Purpose |
|---|---|---|---|
| `device_token` | LocalStorage | Persistent until cleared | A pseudonymous UUID that identifies your device so anonymous analyses can be linked to your account if you later sign up. Functional. |
| `site_theme` | LocalStorage | Persistent until cleared | Stores your dark/light mode display preference. Functional. |
LocalStorage and SessionStorage values are not sent to our servers with every request (unlike cookies). They remain in your browser and are accessed only by client-side code on contentgrapher.io.
5. Third-party cookies
ContentGrapher itself does not set any third-party cookies beyond analytics. However, if you choose to sign in using Google OAuth, Google will set its own cookies as part of the authentication flow. These cookies are governed by Google's own policies:
We do not control the cookies Google sets during this process, and we do not receive tracking data from them. The Google OAuth integration is used solely for authentication.
Google Analytics 4. We use Google Analytics 4 (Google LLC, United States). When you accept analytics, GA4 sets the cookies listed in Section 3 above and sends analytics data — including page views, events, approximate location (city level, derived from your IP), device type, browser, and session duration — to Google. This data is governed by Google's Privacy Policy at policies.google.com/privacy. Google processes this data in the United States under Standard Contractual Clauses.
6. Cookie consent
Strictly necessary cookies (`session_token`, `oauth_state`, `oauth_next`, `device_token`) are set without consent — they are required for the Site to function.
Analytics cookies (`_ga`, `_ga_G-KGMX6V2YL4`, `_gid`) are non-essential. EEA and UK users are presented with a consent banner on their first visit and may accept or decline analytics. If you decline, no analytics cookies are set. You may change your choice at any time via the "Cookie settings" link in the site footer.
Non-EEA users have analytics active by default without a banner, consistent with applicable law in those regions.
7. How to manage cookies
Most browsers allow you to view, manage, and delete cookies through their settings. Common instructions:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
You can also clear LocalStorage and SessionStorage via your browser's developer tools (Application tab).
Please note: If you delete or block the `session_token` cookie, you will be signed out and will need to sign in again. If you clear the `device_token` from LocalStorage, any analyses performed before signing in cannot be linked to a future account.
8. Changes to this policy
We may update this Cookie Policy from time to time to reflect changes in technology, regulation, or our practices. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this page periodically.
9. Contact
If you have questions about our use of cookies or this policy, please contact us at:
Daniel K Cheung (ABN: 97 136 392 116) privacy@contentgrapher.io
10. Effective date
This policy is effective as of 25 May 2026.