DRAFT — pending legal review
This page is a starting draft written from standard B2B SaaS templates plus Adoomi-specific facts. It has NOT been reviewed by a qualified lawyer or a paid legal-template service. Do not rely on it for compliance until the draft banner is removed. Karim is in the process of engaging counsel (or a service like Termly / iubenda) to sign these off.
Cookie Policy
Which cookies we set and why
Last updated: 18 May 2026
This page lists the cookies and similar storage mechanisms Adoomi uses on adoomi.ai (the marketing site) and app.adoomi.ai (the dashboard). For background on how cookies fit into our wider data handling, see our Privacy Policy.
We have not yet implemented a consent banner. While we use only essential cookies plus a small amount of first-party analytics, this is a known gap that we’ll close before adding any non-essential cookies (e.g. marketing pixels). See the “Pending” note below.
Categories we use
Strictly necessary. Required for the site to function — sign-in sessions, CSRF protection, cookie consent state (when we ship it), regional preferences. These cannot be switched off without breaking the service.
First-party analytics. Used for aggregated product analytics so we can see what’s working. We do not currently use third-party analytics that fingerprint or track across sites.
Marketing / advertising. Not used today. If we introduce any in future (e.g. retargeting pixels), we will require explicit opt-in consent via a banner before setting them.
Cookies we currently set
The table below lists named cookies set by Adoomi on either domain.
| Name | Set by | Purpose | Retention |
|---|---|---|---|
| sb-*-auth-token | Supabase Auth | Signed-in dashboard session. Strictly necessary. | Session + 1 hour refresh |
| session_token | Adoomi (HttpOnly) | Binds an anonymous onboarding session to its bot. Strictly necessary. | 24 hours |
| anon_session_jwt | Adoomi (HttpOnly) | Lets the demo chat worker authenticate the anonymous session. Strictly necessary. | 24 hours |
| onboarding_pending_email | Adoomi (HttpOnly) | Carries the email address through the 302 to the check-email page. | 10 minutes |
| onboarding_pending_email_sent_at | Adoomi (HttpOnly) | Drives the “expires in 14:32” countdown on the check-email page. | 10 minutes |
| adoomi_funnel_visitor | Adoomi | First-party funnel attribution — pseudo-anonymous visitor ID for product analytics. Not shared with third parties. | 90 days |
Audited 2026-05-18. If we add or remove cookies, this table is updated as part of the change.
Third-party cookies
We do not embed third-party cookies (Google Analytics, advertising pixels, social buttons) on either site today. If you visit pages that embed your own Adoomi chat widget on another site, that visit is governed by that site’s own cookie policy plus our Privacy Policy.
How to control cookies
You can clear cookies for adoomi.ai and app.adoomi.ai from your browser at any time. Clearing the “Strictly necessary” cookies will sign you out of the dashboard and discard any in-progress anonymous demo. Clearing the analytics cookie has no functional impact.
Most browsers also offer a “block third-party cookies” setting which is inert against Adoomi (we don’t set any).
Pending — consent banner
A cookie consent banner is a known follow-up before we add any non-essential cookies. The current cookie set is either strictly necessary or aggregate first-party analytics that we treat as legitimate-interest, but we plan to ship a consent banner anyway to match EU PECR best practice. Watch the GitHub issue tracker for progress.
Questions
Email privacy@adoomi.ai.