Cookie Policy
Effective Date: March 16, 2026
1. What Are Cookies
Cookies are small text files that a website places on your device when you visit. They are widely used to make websites work, improve efficiency, and provide information to site operators. Local storage is a similar browser technology that allows websites to store data on your device without an expiration date.
This policy explains what cookies and local storage Heurista uses, why we use them, and how you can manage them.
2. How We Use Cookies
Heurista uses only strictly necessary cookies and functional browser storage. We do not use any tracking, analytics, or advertising cookies. We do not use any third-party cookie services.
Our cookie footprint is minimal by design. Every item listed below exists because the platform cannot function properly without it or because it directly improves your experience.
3. Cookies and Storage We Use
| Name | Type | Purpose | Duration | Data Stored |
|---|---|---|---|---|
| survey-session | Strictly Necessary | Maintains your authenticated session so you stay logged in as you navigate the platform. | 7 days | Login status, user role, username, organization ID and name |
| oauth_state | Strictly Necessary | Prevents cross-site request forgery (CSRF) during OAuth login flows (Google, Microsoft, GitHub). | 10 minutes | Random state token |
| oauth_code_verifier | Strictly Necessary | Part of the PKCE security protocol for OAuth authentication. | 10 minutes | Random code verifier |
| hue-state | Functional (localStorage) | Preserves your Hue AI assistant conversation and panel state between page navigations. | Until cleared | Panel open/close state, chat history (up to 30 messages) |
| heurista-welcome-seen | Functional (localStorage) | Remembers that you have already seen the welcome modal so it is not shown again. | Until cleared | Boolean flag |
4. Strictly Necessary Cookies
The survey-session, oauth_state, and oauth_code_verifier cookies are required for the platform to function. They handle authentication and security during login. These cookies are encrypted using AES-256 (iron-session) and set with httpOnly and secure flags, meaning they cannot be read by JavaScript and are only transmitted over HTTPS in production.
Because these cookies are essential to authentication and security, they cannot be opted out of while using the platform.
5. Functional Storage
Heurista uses browser local storage (not cookies) for two items that improve your experience: preserving your AI assistant conversation history and remembering that you have dismissed the welcome modal.
These items never leave your browser. They are not sent to our servers and are not used for tracking. You can clear them at any time through your browser's developer tools or storage settings. Chat history stored in browser localStorage is automatically cleared when you sign out. We recommend using private/incognito browsing when accessing the platform on shared devices.
These browser storage items improve your experience but are not essential for the core service to function. Under strict interpretations of the ePrivacy Directive, such functional storage may require consent. We minimize our use of browser storage and do not use it for tracking or advertising purposes.
6. Third-Party Cookies
We do not use any third-party cookies. We do not use Google Analytics, Mixpanel, PostHog, Segment, or any other analytics service. We do not use advertising or retargeting cookies. We do not embed third-party trackers of any kind.
When you sign in using Google, Microsoft, or GitHub, those providers may set their own cookies on their respective domains during the authentication redirect. These cookies are governed by each provider's own cookie and privacy policies and are not set or controlled by Heurista.
If you proceed to payment checkout, Stripe (our payment processor) may set cookies on the stripe.com domain to process your payment securely. These cookies are governed by Stripe's privacy policy.
7. Your Choices
Most browsers allow you to manage cookies through their settings. You can typically find these options under “Privacy,” “Security,” or “Cookies” in your browser preferences.
If you block or delete the survey-session cookie, you will be unable to log in to Heurista. The OAuth cookies are temporary and only exist for 10 minutes during the login process.
Clearing local storage will reset your Hue AI conversation history and cause the welcome modal to appear again, but will not affect your account or data.
8. Do Not Track
Heurista honors Do Not Track (DNT) browser signals. Because we do not perform any tracking, there is no tracking behavior to disable — your experience is the same regardless of your DNT setting.
9. Changes to This Policy
We may update this Cookie Policy from time to time. If we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically.
10. Contact
If you have questions about this Cookie Policy, contact us at privacy@heurista.com.
Heurista LLC, 1834 Connecticut Ave NW, Washington, DC 20002, United States.