Cookie Policy
Effective date: 17 May 2026
This Cookie Policy explains how ContentGrapher ("we", "us", "our") uses cookies and similar storage technologies on contentgrapher.io (the "Site"). For information about how we handle personal data more broadly, see our Privacy Policy.
1. What are cookies
Cookies are small text files that a website places on your device when you visit. They allow the site to recognise your browser across requests and store small pieces of information needed to keep you signed in, maintain security, and remember preferences. Some data we store uses browser-native storage (LocalStorage and SessionStorage) rather than traditional cookies; we disclose those here as well.
2. How we use cookies
ContentGrapher uses only strictly necessary and functional cookies. We do not use advertising cookies, analytics tracking cookies, or any form of third-party behavioural tracking. There are no Google Analytics, Facebook Pixel, Hotjar, FullStory, or similar services operating on this Site.
Our cookies exist solely to:
- Authenticate your session and keep you signed in
- Protect against cross-site request forgery during sign-in
- Maintain short-lived state during the OAuth authentication flow
- Remember your display preferences
3. Cookies set by ContentGrapher
| Name | Type | HttpOnly | Duration | Purpose |
|---|---|---|---|---|
| `session_token` | Strictly necessary | Yes | 7 days | Stores your signed JWT session token, keeping you authenticated across page loads. |
| `oauth_state` | Strictly necessary | Yes | 10 minutes | A one-time value used to prevent cross-site request forgery (CSRF) during the Google OAuth sign-in flow. Deleted after use. |
| `oauth_next` | Strictly necessary | Yes | 10 minutes | Remembers the page you were on before starting Google sign-in so you can be redirected back after authentication. |
| `device_token` | Strictly necessary | Yes | 10 minutes | Carries a device identifier through the OAuth flow so that analyses you performed before signing in can be associated with your new account. |
All four cookies listed above are either strictly necessary for the Site to function or are functional cookies that support core features. None are used for advertising, profiling, or cross-site tracking.
4. LocalStorage and SessionStorage
In addition to cookies, we use browser-native storage for the following:
| Name | Storage type | Duration | Purpose |
|---|---|---|---|
| `device_token` | LocalStorage | Persistent until cleared | A pseudonymous UUID that identifies your device so anonymous analyses can be linked to your account if you later sign up. Functional. |
| `site_theme` | LocalStorage | Persistent until cleared | Stores your dark/light mode display preference. Functional. |
LocalStorage and SessionStorage values are not sent to our servers with every request (unlike cookies). They remain in your browser and are accessed only by client-side code on contentgrapher.io.
5. Third-party cookies
ContentGrapher itself does not set any third-party cookies. However, if you choose to sign in using Google OAuth, Google will set its own cookies as part of the authentication flow. These cookies are governed by Google's own policies:
We do not control the cookies Google sets during this process, and we do not receive tracking data from them. The Google OAuth integration is used solely for authentication.
6. Cookie consent
All cookies set directly by ContentGrapher are either strictly necessary for the Site to function or are functional cookies that do not track you across sites. Under the ePrivacy Directive, strictly necessary cookies do not require consent.
Because the Google OAuth sign-in flow causes Google to set its own cookies on your device, we display a notice informing you of this before you initiate Google sign-in.
7. How to manage cookies
Most browsers allow you to view, manage, and delete cookies through their settings. Common instructions:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
You can also clear LocalStorage and SessionStorage via your browser's developer tools (Application tab).
Please note: If you delete or block the `session_token` cookie, you will be signed out and will need to sign in again. If you clear the `device_token` from LocalStorage, any analyses performed before signing in cannot be linked to a future account.
8. Changes to this policy
We may update this Cookie Policy from time to time to reflect changes in technology, regulation, or our practices. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this page periodically.
9. Contact
If you have questions about our use of cookies or this policy, please contact us at:
Daniel K Cheung (ABN: 97 136 392 116) privacy@contentgrapher.io
10. Effective date
This policy is effective as of 17 May 2026.