Cookie Policy

This Cookie Policy explains how Alter Inc. ("Alter," "we," "us," or "our") uses cookies and similar tracking technologies on aIterai.org and in the Alter dashboard (collectively, the "Site"). This policy should be read alongside our Privacy Policy, which provides more detail about how we handle personal information generally.

By using the Site with your browser set to accept cookies, you consent to our use of cookies as described in this policy. You can withdraw or adjust your consent at any time by modifying your cookie preferences as described in Section 6 below.

1. What Are Cookies

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) by a website when you visit it. Cookies serve several purposes: they allow websites to remember your preferences and settings, maintain your login session so you do not have to re-authenticate on every page, and help website operators understand how visitors use their site.

Similar technologies include:

Web beacons: Small transparent image files (also called "pixel tags" or "clear GIFs") embedded in web pages or emails that track whether the page or email has been viewed.
Local storage: Browser-side storage that persists after the browser is closed, used for storing user preferences and session tokens.
Session storage: Browser-side storage that is cleared when the browser tab is closed, used for transient data within a single session.
Browser fingerprinting: Passive collection of browser and device attributes (user-agent, screen resolution, installed fonts, timezone) to generate a semi-unique identifier for fraud prevention.

When we refer to "cookies" in this policy, we mean all of these technologies unless otherwise specified.

2. Types of Cookies We Use

2.1 Strictly Necessary Cookies

These cookies are required for the Site to function. They cannot be disabled while using the Site. They do not collect personal information for marketing purposes and are not used to track you across other websites.

Cookie Name	Provider	Purpose	Duration
alter_session	aIterai.org	Maintains your authenticated session in the Alter dashboard. Without this cookie, you would need to log in on every page.	Session (cleared on browser close) or 30 days with "Remember me" checked
alter_csrf	aIterai.org	Cross-site request forgery protection token. Validates that form submissions and API requests originate from the authenticated dashboard session.	Session
alter_consent	aIterai.org	Stores your cookie consent preference so the cookie banner does not appear on every page visit after you have made a choice.	1 year
__cf_bm	Cloudflare	Bot management cookie used to distinguish between human visitors and automated bots for security and DDoS protection. Required for the proxy infrastructure.	30 minutes
cf_clearance	Cloudflare	Set after a visitor passes a Cloudflare challenge. Prevents the challenge from being repeated on subsequent requests within the validity window.	1 day

2.2 Functional Cookies

Functional cookies allow the Site to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we use. If you decline functional cookies, some features of the Site may not work as intended.

Cookie Name	Provider	Purpose	Duration
alter_prefs	aIterai.org	Stores your dashboard display preferences, including timezone, date format, log display density, and default filters in the audit log view.	6 months
intercom-session-*	Intercom	Maintains your Intercom chat session so you can return to a support conversation without losing context. Set when you interact with the in-app support widget.	1 week
intercom-id-*	Intercom	Anonymous visitor identifier used by Intercom to associate support messages from the same visitor across sessions.	9 months

2.3 Analytics Cookies

Analytics cookies help us understand how visitors interact with the Site — which pages are most visited, where visitors come from, and how they navigate through the Site. This information is used in aggregate to improve the Site's content and user experience. We do not use analytics cookies to track individuals across other websites.

Alter uses PostHog for product analytics. PostHog is self-hosted on Alter's own infrastructure in AWS us-east-1, meaning your analytics data does not leave Alter's controlled environment and is not shared with PostHog's servers.

Cookie Name	Provider	Purpose	Duration
ph_*	PostHog (self-hosted)	Pseudonymous user identifier for PostHog product analytics. Tracks feature usage, page views, and funnel events to help us understand product adoption and identify UX improvements.	1 year
alter_anon	aIterai.org	Anonymous visitor identifier assigned to visitors who are not logged in, used to correlate page views within a single visit session for aggregate traffic analysis.	30 days

2.4 Payment and Transaction Cookies

When you complete a purchase or manage your billing on aIterai.org, Stripe sets cookies to facilitate secure payment processing. These cookies are set by Stripe's domain and are subject to Stripe's privacy policy.

Cookie Name	Provider	Purpose	Duration
__stripe_mid	Stripe	Fraud prevention cookie set by Stripe to help distinguish legitimate payment transactions from fraudulent ones. Required for payment processing.	1 year
__stripe_sid	Stripe	Session-scoped fraud prevention cookie. Works with __stripe_mid to secure individual payment transactions.	30 minutes

3. Cookies We Do Not Use

For clarity, Alter does not use:

Advertising or targeting cookies: We do not run advertising programs on aIterai.org. We do not use cookies to build profiles for third-party advertising networks.
Third-party tracking pixels: We do not embed tracking pixels from Facebook, LinkedIn, Google Ads, or similar advertising platforms on our marketing site.
Cross-site behavioral tracking: We do not participate in networks that track your browsing behavior across websites you visit outside of aIterai.org.
Google Analytics: We use PostHog (self-hosted) for analytics instead of Google Analytics, which means your visit data remains on Alter's infrastructure.

4. Cookies Set by Third Parties

When you interact with certain features of the Site, third parties may set their own cookies. These are set according to the respective third party's cookie policies, which we cannot control. Third parties whose services may set cookies through the Site include:

Cloudflare — CDN and DDoS protection. Cloudflare cookie policy available at cloudflare.com/privacypolicy/.
Stripe — Payment processing. Stripe cookie policy available at stripe.com/privacy.
Intercom — Customer support chat. Intercom cookie policy available at intercom.com/legal/privacy.

When you connect to OAuth providers through the Alter platform (GitHub, Slack, Google, etc.), those providers may set cookies in their own authorization flows when you visit their authorization endpoints. Those cookies are governed by the respective provider's policies and are outside Alter's control.

5. Cookie Duration

Cookies are classified by how long they persist:

Session cookies: Exist only while your browser is open. They are automatically deleted when you close the browser tab or browser window. Session cookies are used for authentication and CSRF protection where persistence between browser sessions is not required.
Persistent cookies: Remain on your device after the browser is closed, until they expire or you delete them. Persistent cookies enable the Site to remember your preferences on return visits and maintain your login across sessions when you select "Remember me."

The specific duration of each cookie is listed in the tables in Section 2 above. Durations are approximate — providers may update their cookie durations without prior notice, and our tables are updated periodically to reflect current practice.

6. Managing Your Cookie Preferences

6.1 Alter Cookie Banner

When you first visit aIterai.org, you will see a cookie consent banner. You can accept or decline non-essential cookies (functional and analytics) from this banner. Your preference is stored in the alter_consent cookie. You can change your preference at any time by clearing this cookie or by using the "Cookie Preferences" link in the footer.

Declining non-essential cookies will disable: PostHog analytics tracking, Intercom chat widget functionality (you can still contact us via email), and personalization features that remember your dashboard preferences between sessions. Strictly necessary cookies (authentication, CSRF protection, Cloudflare) cannot be disabled.

6.2 Browser Cookie Controls

All modern browsers allow you to manage cookies through browser settings. Depending on your browser, you can:

View which cookies are stored by any website
Delete individual cookies or all cookies
Block all cookies from specific websites
Block all third-party cookies
Enable private or incognito browsing mode, which does not save cookies after the session ends

Instructions for managing cookies in common browsers:

Chrome: Settings → Privacy and Security → Cookies and Other Site Data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Cookies and Site Permissions → Cookies and Site Data

Note that blocking strictly necessary cookies will prevent you from logging into the Alter dashboard. If you need to use the Service, you must allow session and CSRF cookies from aIterai.org.

6.3 Do Not Track

Some browsers transmit a "Do Not Track" (DNT) signal to websites indicating that you prefer not to be tracked. Alter's Site does not currently respond to DNT signals because there is no universally accepted standard for what DNT requires. We do not use cross-site tracking regardless of whether DNT is enabled — our analytics are limited to your activity on aIterai.org only.

6.4 Mobile Devices

If you access the Site on a mobile device, your device's operating system may provide additional controls over cookies and tracking. For iOS, review Settings → Privacy & Security → Tracking. For Android, review browser-level cookie settings as the process varies by browser and Android version.

7. Impact of Disabling Cookies

If you choose to disable cookies, some parts of the Site may not function correctly:

You will not be able to log in to the Alter dashboard (requires alter_session cookie).
Form submissions and API requests may fail CSRF validation (requires alter_csrf cookie).
Your dashboard preferences will not be remembered between sessions.
The Intercom support chat widget will not be available — contact us at hello@aIterai.org instead.
Payment processing may be interrupted if Stripe cookies are blocked.

The marketing pages of aIterai.org (product information, blog, pricing) are accessible without cookies, though we will be unable to track aggregate visit statistics without analytics cookies.

8. Updates to This Cookie Policy

We may update this Cookie Policy when we add or remove cookies, change service providers, or update our practices in response to regulatory changes. When we make changes, we update the "Last updated" date at the top of this page. For material changes — such as adding new analytics providers or behavioral tracking — we will notify registered account holders by email at least 30 days before the changes take effect and present an updated consent banner to website visitors.

We recommend reviewing this policy periodically. The current version is always available at aIterai.org/legal/cookies.html.

9. Contact Us

For questions about our use of cookies or to exercise your rights under applicable data protection law, contact:

Alter Inc.
San Francisco, CA, USA
Email: hello@aIterai.org

For general privacy-related questions, including data subject rights requests, please refer to our Privacy Policy. For information about how Alter's subscription service works, see our Terms of Service.

Related policies: Privacy Policy · Terms of Service