Cookies notice

What we set, and why.

Version 1.0 · Effective May 15, 2026

Cookies are small text files set by your browser when you visit a website. Cruma uses a small, deliberate set. No advertising cookies. No social-media retargeting pixels. No cross-site tracking.

1 · What we use

Essential (always on)

Required to make Cruma work. Includes session cookies that keep you signed in, CSRF protection, and load-balancer affinity.

cruma_session — session identifier, expires on logout or after inactivity.
cruma_csrf — cross-site request forgery token, expires at end of session.

Functional (optional but useful)

Remember preferences (theme, sidebar collapsed state, last-visited workspace) so the app feels like you left it.

cruma_prefs — UI preferences, expires in 12 months.

Analytics (privacy-respecting)

We use a privacy-respecting product-analytics tool (PostHog or Plausible) to understand which features get used and where users get stuck. These do not build advertising profiles, do not sell data, and respect Do Not Track / Global Privacy Control signals.

ph_* (if PostHog) or plausible_* — anonymous event identifiers, retention configurable.

2 · What we don't use

Third-party advertising cookies (Facebook Pixel, Google Ads, LinkedIn Insight, etc.).
Cross-site tracking cookies.
Browser-fingerprinting or device-fingerprinting beyond standard user-agent strings in request logs.
Session replay tools that capture keystrokes or form input.

3 · How to opt out

Browser settings. Every modern browser lets you block third-party cookies, clear cookies on close, or block specific domains. We recommend setting "Block third-party cookies" by default.
Do Not Track / GPC. If you send the Do Not Track header or the Global Privacy Control signal, we disable analytics for you.
Disable analytics directly. When the cookie banner ships (with the first paid plan), you'll be able to toggle analytics off from there. Until then, GPC or DNT covers it.

Note that disabling essential cookies will break the app — you won't stay signed in.

4 · Third-party cookies on connected providers

When you connect Gmail, Google Calendar, or other third-party services, those providers set their own cookies according to their own policies. Cruma doesn't control those, and revoking the integration in the provider's account settings immediately stops Cruma's access.

5 · Changes

We update this page when our cookie practices change. The current version is at the top.

6 · Contact

Questions: privacy@cruma.ai