Cookie Policy

Q: Can I use SquidHub without cookies?

Not fully. The essential session cookie keeps you signed in, so blocking it will log you out and break core features. You can block non-essential storage and still use the product.

Last updated 8 June 2026

This policy explains how SquidHub uses cookies and similar storage technologies on squidhub.ai and in the app. We keep this short on purpose. We use cookies for two things only: keeping you signed in, and understanding which features get used so we can make the product better. We do not run advertising cookies, and we do not track you across other websites.

It sits alongside our Privacy Policy and Security documentation, which describe how the rest of your data is handled. For the wider picture, see our Trust Center.

What a cookie is

A cookie is a small text file that a website asks your browser to store. On a later visit the browser sends it back, which lets the site recognise your session or remember a preference. "Similar technologies" — local storage, session storage, and pixels — do related jobs and are covered by this policy too. A cookie can be a first-party cookie (set by squidhub.ai) or a third-party cookie (set by another service we use). Cookies can be session cookies, which disappear when you close the browser, or persistent cookies, which last a set period.

The cookies we use

Essential — keeping you signed in

When you sign in, we set a single first-party session cookie so the app knows it is you on each request. This is strictly necessary: without it you cannot stay logged in, and the product does not work. A few notes on how it is built, because the detail matters:

The cookie is HttpOnly, so JavaScript cannot read it; Secure, so it travels only over HTTPS; and SameSite=Lax, which blunts cross-site request forgery.
We store only a SHA-256 hash of the session token in our database, never the raw token. A database leak therefore cannot be replayed as a login.
The cookie carries no message content, no squid prompts, and no profile data — just an opaque session reference.
You can list and revoke your sessions, including "log out everywhere," from your account settings. Signing out clears the cookie.

Because this cookie is essential to a service you have asked to use, it does not require separate consent. Blocking it will sign you out and break the app.

Analytics — understanding what to improve

We use privacy-respecting product analytics to see which features are used, where flows break, and whether a change helped. This tells us, for example, that people created a squid but never opened a room — the kind of signal that decides what we build next.

No message content, ever. Analytics events carry product actions and coarse context, never the text of your conversations, your squids' instructions, your memory, or your files. That content is encrypted at rest and is out of scope for analytics by design — see Security.
No ad profiles, no cross-site tracking. We do not build advertising profiles and we do not follow you onto other sites.
Our analytics are provided by a privacy-respecting third-party analytics processor acting on our instructions. Any storage it sets is used solely for the product analytics described here.

Anti-abuse

On a few abuse-prone surfaces — chiefly sign-up and contact forms — we may run a privacy-preserving anti-bot challenge (Cloudflare Turnstile). It sets short-lived storage to tell a human from a bot. It carries no account information and is not used for advertising or profiling. This challenge is enabled only when the relevant key is configured.

What we do not use

We want to be explicit, because most cookie banners exist precisely for the things we have chosen not to do:

No advertising or targeting cookies. We do not serve ads, so we have no ad cookies.
No cross-site tracking and no data brokers. We do not sell or share your personal information for advertising.
No social media trackers embedded across the app.

Third-party context

A handful of services we rely on may set their own cookies in the narrow contexts where they appear — for example, signing in with Google sets cookies on Google's domain under Google's policy, and our analytics processor sets storage as described above. The full list of services that process data for SquidHub, and exactly what each sees, is in our Privacy Policy and Security documentation. We do not control the cookies set on a third party's own domain; those are governed by that party's policy.

How to control cookies

You are in charge of cookies in your browser. Every major browser lets you view stored cookies, delete them, and block some or all of them:

Chrome, Edge, Brave — Settings, then Privacy and security, then Cookies and site data.
Safari — Settings, then Privacy, then Manage Website Data.
Firefox — Settings, then Privacy & Security, then Cookies and Site Data.

You can also browse SquidHub in a private or incognito window, which discards cookies when you close it. Bear in mind that blocking our essential session cookie will prevent you from staying signed in. A general guide to managing cookies across browsers is available at allaboutcookies.org.

Do Not Track and Global Privacy Control

Some browsers can send a "Do Not Track" (DNT) signal or a Global Privacy Control (GPC) signal. There is no industry-agreed standard for how a site must respond to DNT, so most sites — ours included — do not change behaviour based on it. We have nothing to do here either way: we do not run advertising or cross-site tracking that a DNT or GPC signal is designed to stop. Our analytics are confined to first-party product measurement that never carries your conversations.

Changes to this policy

As the product changes, we may update this policy. When we do, we will revise the "Last updated" date above. Material changes — for instance, introducing a new category of cookie — will be communicated more prominently. Continued use of SquidHub after an update means the current policy applies.

Contact

Questions about cookies or your data can go to hello@squidhub.ai, or support@squidhub.ai for help with your account.

Frequently asked questions

Does SquidHub use advertising cookies

No. We do not serve ads and we do not run advertising, targeting, or cross-site tracking cookies. We use one essential sign-in cookie and privacy-respecting product analytics, nothing more.

Can I use SquidHub without cookies

Not fully. The essential session cookie is what keeps you signed in, so blocking it will log you out and break core features. You can block non-essential storage and still use the product.

Do your analytics see my messages

No. Analytics events record product actions, never the content of your conversations, squid instructions, memory, or files. That content is encrypted at rest and is out of scope for analytics by design. See our Security documentation.

How do I delete the cookies SquidHub has set

Use your browser's cookie settings to view and delete cookies for squidhub.ai, or sign out to clear the session cookie. You can also revoke any active session from your account settings.

Does SquidHub honour Do Not Track

There is no agreed standard for Do Not Track, so like most sites we do not alter behaviour based on it. It does not matter for your privacy here: we run no advertising or cross-site tracking for such a signal to disable.