Legal
  Cookie Policy
  Last updated: {lastUpdated}

## 1. What this is

This policy describes the cookies and similar technologies AgentBundle uses on its marketing website (www.agentbundle.dev) and dashboard, why we use them, and how you can manage them.

It complements our Privacy Policy. Read both together.

## 2. What is a cookie

A cookie is a small text file a website stores on your device. Cookies allow a site to remember things about you between requests — for example, that you are signed in, or what you have in a shopping cart. Similar technologies (local storage, session storage, pixels) work the same way at a high level. We refer to all of them as "cookies" in this policy.

## 3. Cookies we use

We try to use as few cookies as we can. The categories below describe what runs on AgentBundle today.

### 3.1 Strictly necessary cookies

These cookies are required for the Service to function. They cannot be disabled without breaking core functionality.

| Cookie | Purpose | Duration | Set by |
| --- | --- | --- | --- |
| Session cookies (NextAuth) | Authenticate signed-in users; carry the session token between requests | Session-bound, cleared on sign-out or expiry | AgentBundle |
| CSRF token cookie | Prevent cross-site request forgery on form submissions | Per-request | AgentBundle |
| Theme / preference cookie | Remember small UI preferences (e.g. dark mode if applicable) | 1 year or until cleared | AgentBundle |

### 3.2 Functional cookies

We do not currently set any non-essential functional cookies.

### 3.3 Analytics

We use **Vercel Web Analytics** to measure traffic patterns (page views, referrers, top pages, country-level location). Vercel Web Analytics is cookie-less by default: it does not set tracking cookies, does not fingerprint visitors, and does not track users across sites. No personal data is collected. See Vercel's analytics privacy documentation.

We will not adopt invasive cross-site tracking or advertising-network analytics. If we ever change this, this page will be updated first.

### 3.4 Advertising cookies

We do not run advertising. We do not set advertising cookies. We do not allow third-party advertising networks to set cookies on the Service.

### 3.5 Third-party cookies

When you reach our billing pages (operated by Stripe), Stripe may set cookies in its embedded iframes for fraud detection and to maintain its own session state. Those cookies are governed by Stripe's cookie policy, not this one. We do not have access to those cookies.

When you visit pages that embed external content (such as Microsoft's APM specification documentation linked from /security, or our X account from the footer), the operator of that content may set cookies under its own policy.

## 4. Your choices

### Manage cookies in your browser

Modern browsers let you accept, reject, and delete cookies. The exact controls depend on your browser:
- **Chrome:** Settings → Privacy and security → Cookies and other site data
- **Firefox:** Settings → Privacy & Security → Cookies and Site Data
- **Safari:** Settings → Privacy → Manage Website Data
- **Edge:** Settings → Cookies and site permissions → Cookies and site data

Blocking strictly-necessary cookies will sign you out and prevent most account functionality from working. Functional and analytics cookies (when present) can be safely blocked without affecting core access.

### Do Not Track

Some browsers send a "Do Not Track" (DNT) or "Global Privacy Control" (GPC) signal. We honor GPC where applicable law requires it. We do not separately track users for cross-site advertising, so DNT signals do not change our behavior in a meaningful way today.

## 5. Changes to this policy

We will update this policy when our cookie usage changes. The "Last updated" date at the top reflects the most recent revision. Material changes (for example, adding analytics) will be communicated by an in-product banner or email.

## 6. Contact

Email hello@agentbundle.dev with any question about cookies on AgentBundle.