← Oktra · Privacy Policy · Service Disclaimer · Data Retention
Version 1.0 (2026-07-06) · Applies to app.oktra.ai and all Oktra application surfaces · Contact: privacy@oktra.ai
Cookies are small text files a website stores on your device. Similar technologies (localStorage, session storage, pixels) are covered by this policy under the same rules.
Oktra uses only strictly necessary cookies - the ones required to sign you in securely and protect your session. We currently use no analytics cookies, no advertising or marketing cookies, and no third-party tracking of any kind.
If we ever introduce a non-essential cookie category, it will be off by default and set only after you explicitly opt in through a consent banner that:
| Cookie | Category | Purpose | Duration | Consent |
|---|---|---|---|---|
Session cookie (e.g. oktra_session) | Strictly necessary | Keeps you signed in; Secure, HttpOnly, SameSite | Session / short-lived | Not required (exempt: strictly necessary for the service you request) |
| CSRF/security token | Strictly necessary | Protects forms and connection flows against cross-site request forgery | Session | Not required (exempt) |
| Hosting/security cookies set by our platform (e.g. deployment access protection on non-production environments) | Strictly necessary | Infrastructure security | Short-lived | Not required (exempt) |
| Analytics | - | None in use | - | Would require prior opt-in |
| Marketing / advertising | - | None in use, none planned | - | Would require prior opt-in |
This table is updated whenever the service's cookie usage changes, before the change goes live.
Strictly necessary cookies are exempt from consent (ePrivacy Art. 5(3)). For any other category we rely on consent meeting the GDPR standard: freely given, specific, informed, and unambiguous, given before the cookie is set, and withdrawable at any time without detriment. Consent records are retained as evidence.
We do not sell personal information and do not share it for cross-context behavioral advertising (as defined by CCPA/CPRA). Because no such sale/sharing occurs, no "Do Not Sell or Share" mechanism is currently required - but we honor Global Privacy Control (GPC) signals: where a GPC signal is present, non-essential cookies (if any existed) are treated as refused.
You can also control cookies in your browser (block, delete, or restrict them). Blocking strictly necessary cookies will prevent sign-in from working - they are the mechanism that keeps your session secure.
Changes are posted on this page with a new version number; material changes are announced in the application. Non-essential categories are never enabled without the opt-in flow of §2.
Oktra - privacy@oktra.ai