Cookie Notice

This Cookie Notice explains how ATO uses cookies and similar storage technologies. It supplements our Privacy Policy.

1. Current state — no cookies

As of the effective date above, agentictool.ai does not set cookies, does not write to your browser’s localStorage or sessionStorage for tracking purposes, does not use fingerprinting, and does not run analytics or advertising scripts.

This includes:

• No Google Analytics, Plausible, Fathom, PostHog, Mixpanel, or other website analytics
• No Sentry, LogRocket, FullStory, or other error/session recording
• No LinkedIn Insight Tag, Meta Pixel, X Conversion Tag, Google Ads pixels, or other marketing/advertising trackers
• No CRM tracking scripts (HubSpot, Segment, Customer.io)
• No chat-widget scripts that set storage on your browser

The only things your browser may store on its own while visiting agentictool.ai are unavoidable technical artifacts: web fonts cached for performance, the page itself cached for return visits, and any preferences your browser saves for the page (such as language). These are not set by us and we do not read them.

2. Cookies set by the product (when signed in)

When you sign in to the ato-cloud product, an authentication token (a JWT) is stored in your browser’s local storage by the application. This is strictly necessary for authentication — without it, the application cannot identify you between requests. It is not used for tracking, is not shared with third parties, and is removed when you sign out or when it expires.

Under the ePrivacy Directive (EU), the LGPD (Brazil), and similar laws, “strictly necessary” storage of this kind does not require prior consent.

3. What we will do when we add cookies or trackers

When ATO begins using cookies or other tracking technologies for analytics, error monitoring, marketing, or any non-essential purpose, we will:

• Update this Notice with the specific cookies, their categories, their providers, their purposes, their lifetimes, and how to opt out.
• Display a consent banner on first visit and on any subsequent visit where you have not yet made a choice. The banner will give you the option to:
  • Accept all categories
  • Reject all non-essential categories (with equal prominence to Accept)
  • Customize your choices by category
• Not fire any non-essential script before you have made a choice. Default state is the most privacy-preserving option (rejection of non-essential).
• Make your preferences easy to change via a persistent footer link on every page.
• Honor the Global Privacy Control (GPC) signal as an opt-out where applicable (currently mandated in California, Colorado, Connecticut; recognized as a best practice elsewhere).
• Record consent choices with timestamp and version of the consent banner so that we can demonstrate compliance if asked.

4. Categories we plan to use (when applicable)

Below is the framework we will apply if and when we introduce cookies. None of these are active today.

Strictly necessary (no consent required)

Storage required for the website or product to function: authentication tokens, security cookies (CSRF protection), session identifiers for signed-in users, language preference. We will keep this category minimal.

Analytics (consent required)

If we adopt analytics in the future, we will favor privacy-friendly options that do not require cookies (e.g., Plausible, Fathom). If we adopt a cookie-based analytics tool (e.g., PostHog or Google Analytics 4), it will be gated behind explicit opt-in consent. We will disclose what is collected (page views, referrer, approximate location, anonymized IP) and the retention period (typically 14 months or less).

Functional (consent required for non-essential)

Cookies that remember your preferences (e.g., dark/light mode selection beyond what is essential, dismissed-banner state). We will keep these minimal.

Error tracking (consent required where browser-side)

If we add a browser-side error tracker (e.g., Sentry in a browser SDK mode), we will gate it behind consent. Server-side error tracking that captures only HTTP-level signals does not require cookie consent because it does not run in your browser.

Marketing (consent required, opt-in)

If we ever adopt marketing pixels (LinkedIn Insight, Meta Pixel, Google Ads conversion), they will be gated behind explicit opt-in. This is the strictest category. We will disclose the purpose, the recipient, the data shared, and the retention.

5. Managing cookies in your browser

Regardless of any consent banner we may add, you can always manage cookies through your browser settings. Each major browser provides controls to:

• Block all cookies
• Block third-party cookies
• Clear cookies on exit
• Review which sites have set cookies on your device

Blocking strictly-necessary cookies may make the signed-in product unusable.

6. Changes to this Notice

We will update this Notice whenever we introduce or remove a cookie or tracking technology. Material changes will be communicated by email to registered users and by an in-banner notification on the website.

7. Contact

Questions about this Cookie Notice can be sent to will@nigri.io.

See also: Privacy Policy · Terms of Service · Subprocessors · Submit a data request