← Oktra · Privacy Policy · Service Disclaimer · Data Retention

Oktra Cookie Policy

Version 1.0 (2026-07-06) · Applies to app.oktra.ai and all Oktra application surfaces · Contact: privacy@oktra.ai

1. What cookies are

Cookies are small text files a website stores on your device. Similar technologies (localStorage, session storage, pixels) are covered by this policy under the same rules.

2. Our approach: essentials only, everything else is opt-in

Oktra uses only strictly necessary cookies - the ones required to sign you in securely and protect your session. We currently use no analytics cookies, no advertising or marketing cookies, and no third-party tracking of any kind.

If we ever introduce a non-essential cookie category, it will be off by default and set only after you explicitly opt in through a consent banner that:

3. Cookies we use

CookieCategoryPurposeDurationConsent
Session cookie (e.g. oktra_session)Strictly necessaryKeeps you signed in; Secure, HttpOnly, SameSiteSession / short-livedNot required (exempt: strictly necessary for the service you request)
CSRF/security tokenStrictly necessaryProtects forms and connection flows against cross-site request forgerySessionNot required (exempt)
Hosting/security cookies set by our platform (e.g. deployment access protection on non-production environments)Strictly necessaryInfrastructure securityShort-livedNot required (exempt)
Analytics-None in use-Would require prior opt-in
Marketing / advertising-None in use, none planned-Would require prior opt-in

This table is updated whenever the service's cookie usage changes, before the change goes live.

4. EU/EEA/UK (ePrivacy Directive and GDPR)

Strictly necessary cookies are exempt from consent (ePrivacy Art. 5(3)). For any other category we rely on consent meeting the GDPR standard: freely given, specific, informed, and unambiguous, given before the cookie is set, and withdrawable at any time without detriment. Consent records are retained as evidence.

5. United States (state privacy laws)

We do not sell personal information and do not share it for cross-context behavioral advertising (as defined by CCPA/CPRA). Because no such sale/sharing occurs, no "Do Not Sell or Share" mechanism is currently required - but we honor Global Privacy Control (GPC) signals: where a GPC signal is present, non-essential cookies (if any existed) are treated as refused.

6. Managing cookies yourself

You can also control cookies in your browser (block, delete, or restrict them). Blocking strictly necessary cookies will prevent sign-in from working - they are the mechanism that keeps your session secure.

7. Changes

Changes are posted on this page with a new version number; material changes are announced in the application. Non-essential categories are never enabled without the opt-in flow of §2.

8. Contact

Oktra - privacy@oktra.ai