Legal

Cookie Policy

Last updated: 7 May 2026 - AgentCore LTD - Company No. 17114811

Draft. This document is an AI-drafted starting point pending counsel review. The operative terms remain those agreed in your subscription contract until this draft is countersigned.

1. What Are Cookies

Cookies are small text files placed on your device when you visit a website. They allow the website to remember information about your visit, such as your sign-in state, language preference, and the contents of any session in progress.

This policy explains which cookies and similar technologies (such as localStorage, IndexedDB, and service-worker caches) Trust Agent uses, why we use them, and how you can control them.

2. Strictly Necessary Cookies

These cookies are required for the site to function. They cannot be disabled without breaking core features such as sign-in and session continuity. We do not require user consent for these cookies under PECR / UK GDPR because they are strictly necessary.

ta_session - HTTP-only, Secure, SameSite=Lax. Stores your authenticated session token. Cleared when you sign out.
ta_csrf - Anti-CSRF token used to protect form submissions.
next-auth.session-token - Session token written by our authentication library.
ta_consent - Records your cookie-consent decision so we don’t ask you again on every page.

3. Functional Storage

These technologies improve the experience but are not strictly necessary. Where applicable they are loaded only after consent.

localStorage - Theme preference (light/dark), language preference, layout state for the chat composer, and last-active role.
IndexedDB - Local cache of conversation history while a session is in progress. Cleared when the tab is closed.
Service-worker cache - Caches static assets (JavaScript, CSS, fonts) to make the app load faster on repeat visits.

4. Analytics Cookies (Consent Required)

If you accept analytics in our consent banner we load Google Analytics 4 to measure aggregate site usage - which roles people search for, which pages they read, where they land from. Google operates under Consent Mode v2: until you accept, no analytics cookies are written and only cookieless pings are sent. Decline at any time from the “Cookie preferences” link in the footer.

_ga - First-party Google Analytics 4 client identifier. Set on the trust-agent.ai domain only. Loaded only after you accept analytics.
_ga_<property> - First-party Google Analytics 4 session token. Same trigger as above.

We have not configured Google Signals, advertising features, or audience export. The data leaves your browser bound for Google’s analytics servers; we do not link it to ad networks.

5. What We Do Not Use

Trust Agent does not use:

Third-party advertising cookies. We do not run ads and we do not embed advertising trackers (Google Ads, Meta Pixel, etc.).
Cross-site tracking pixels. We do not share your browsing behaviour with marketing networks.
Audience export from Google Analytics. We use GA4 to read aggregate site usage; we have not enabled the features that send GA4 audiences to Google Ads.

6. Third-Party Cookies

The following third parties may set cookies when you use specific features. Each is loaded only when you actively use the related feature.

Stripe - When you use the billing or checkout pages, Stripe sets cookies to detect fraud and persist the checkout session. See Stripe’s cookie policy for detail.
Google OAuth - When you sign in with Google, Google sets its own authentication cookies under the google.com domain. We do not control these cookies.

7. How to Control Cookies

You can manage cookies in your browser at any time:

Most browsers let you block all cookies, allow only first-party cookies, or delete cookies on exit. The exact controls live in your browser’s privacy settings.
You can clear localStorage and IndexedDB for trust-agent.ai in your browser’s developer tools (Application tab in Chromium-based browsers, Storage tab in Firefox).
You can revoke cookie consent at any time by clearing the ta_consent cookie - we’ll prompt you again on your next visit.

Blocking strictly necessary cookies will prevent you from signing in or using authenticated features.

8. Changes to This Policy

We may update this policy when we add, remove, or change the cookies we set. Material changes will be flagged via an in-app banner the next time you sign in. The “Last updated” date at the top reflects the most recent change.

9. Contact Us

AgentCore LTD, 20 Wenlock Road, London, England, N1 7GU. For privacy-related questions email info@trust-agent.ai.