Cookie Policy

How we use cookies and similar technologies

v5.1

8 min read Reviewed: May 1, 2026 | Next: Aug 2026
Email this page EN

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and give website owners useful information.

Similar technologies include:

  • Local Storage: Similar to cookies but can store more data
  • Session Storage: Temporary storage that is cleared when you close your browser
  • Pixels/Web Beacons: Tiny graphics used to track user behavior

GreatLibrary.AI uses cookies and similar technologies for the following purposes:

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be switched off. They are set in response to actions you take, such as logging in or filling out forms. Legal basis: Legitimate interest (service operation). Consent required: No -- these are exempt under the ePrivacy Directive as strictly necessary.

Strictly necessary cookies required for basic site functionality
Cookie Name Purpose Duration Type
session Maintains your authenticated login session. Contains a server-side session identifier (no personal data stored in the cookie itself) Browser session (cleared on close) First-party, HttpOnly, Secure, SameSite=Lax
csrf_token Protects against cross-site request forgery attacks on form submissions Browser session First-party, HttpOnly, Secure
remember_token Keeps you signed in if you select "Remember me" during login 30 days First-party, HttpOnly, Secure, SameSite=Lax
gl_cookie_consent Records your cookie consent preference (essential, all, or custom) 1 year First-party, SameSite=Lax
gl_cookie_prefs Stores your granular cookie category preferences 1 year First-party, SameSite=Lax

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. Legal basis: Consent. Consent required: Yes -- these cookies are only set after you consent via our cookie banner or preference controls.

Analytics cookies used to understand how visitors interact with the site
Cookie Name Purpose Duration Provider
_ga Distinguishes unique visitors using a randomly generated number. No personally identifiable information is stored 2 years Google Analytics
_gid Distinguishes unique visitors for session-level analysis 24 hours Google Analytics
_gat Throttles request rate to limit data collection frequency 1 minute Google Analytics

Google Analytics data is configured with IP anonymization enabled and data sharing with Google products disabled. We do not enable User-ID tracking, remarketing, or advertising features.

Functional Cookies

These cookies enable enhanced functionality and personalization, such as remembering your preferences. Legal basis: Consent. Consent required: Yes -- these cookies are only set after you consent.

Functional cookies that enhance site features and personalization
Cookie Name Purpose Duration Type
theme Remembers your dark/light mode theme preference across visits 1 year First-party
language Stores your preferred display language 1 year First-party

Local Storage Items

In addition to cookies, we use browser Local Storage for the following purposes. Local Storage items persist until explicitly cleared.

Local storage items used by the site and their purposes
Key Purpose Category
gl_cookie_consent Stores your cookie consent choice (essential, all, or custom) Strictly Necessary
gl_cookie_consent_date Records the date you set your cookie preference Strictly Necessary
gl_cookie_prefs Stores granular cookie preferences (functional and analytics toggles) Strictly Necessary

Marketing Cookies

These cookies may be set through our site by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. Legal basis: Consent. Consent required: Yes -- these cookies are only set after you explicitly consent.

Marketing cookies and their current usage status
Cookie Name Purpose Duration Provider
No marketing cookies are currently in use. This category is reserved for future advertising integrations.

If we introduce marketing cookies in the future, this section will be updated and fresh consent will be required before any such cookies are placed on your device.

Third-Party Cookies

Some features use third-party services that may set their own cookies.

Third-party cookies set by external services and their purposes
Service Purpose Privacy Policy
Stripe Payment processing and fraud prevention Stripe Privacy
Google OAuth Login authentication Google Privacy
Microsoft OAuth Login authentication Microsoft Privacy
Sentry Error monitoring and crash reporting (no PII transmitted; error context only) Sentry Privacy
Google Fonts Font delivery (Montserrat, Playfair Display). Standard HTTP request headers (IP, user-agent) are transmitted; Google states font requests are not used for tracking Google Fonts Privacy
Tailwind CSS CDN CSS framework delivery. Standard HTTP request headers (IP, user-agent) are transmitted on each page load Tailwind Privacy

The following table provides a complete inventory of all cookies and storage items used by GreatLibrary.AI, including consent requirements and security attributes.

Full inventory of all cookies with security flags and expiry details
Name Category Purpose Duration Type Consent Required Security Flags
session Necessary Authenticated login session Session First-party cookie No (essential) HttpOnly, Secure, SameSite=Lax
csrf_token Necessary CSRF protection Session First-party cookie No (essential) HttpOnly, Secure
remember_token Necessary Persistent login 30 days First-party cookie No (essential) HttpOnly, Secure, SameSite=Lax
gl_cookie_consent Necessary Cookie consent preference 1 year First-party cookie + Local Storage No (essential) SameSite=Lax
gl_cookie_prefs Necessary Granular cookie preferences 1 year First-party cookie + Local Storage No (essential) SameSite=Lax
gl_cookie_consent_date Necessary Records when consent was given Persistent Local Storage only No (essential) N/A (local storage)
gl_cookie_gpc Necessary Records GPC signal detection Persistent Local Storage only No (essential) N/A (local storage)
theme Functional Dark/light mode preference 1 year First-party cookie Yes SameSite=Lax
language Functional Display language preference 1 year First-party cookie Yes SameSite=Lax
_ga Analytics Distinguish unique visitors 2 years Third-party (Google) Yes Set by Google (SameSite=None, Secure)
_gid Analytics Session-level visitor tracking 24 hours Third-party (Google) Yes Set by Google (SameSite=None, Secure)
_gat Analytics Throttle request rate 1 minute Third-party (Google) Yes Set by Google (SameSite=None, Secure)
Marketing: No marketing cookies are currently in use. Consent would be required if added.

Total cookies: 12 (5 necessary, 2 functional, 3 analytics, 0 marketing). Total local storage items: 3 (all necessary). This inventory was last audited on April 23, 2026 and is reviewed whenever cookies are added or removed.

The following table clarifies exactly what personal data each cookie category can access. This transparency measure satisfies GDPR Article 13(1)(e) disclosure requirements and helps you make informed consent decisions.

Matrix showing what personal data each cookie category can and cannot access
Cookie Category Data Accessed Data NOT Accessed Data Shared With Retention After Deletion
Strictly Necessary Session identifier (random token), CSRF token, login state, consent preference Email, name, ebook content, browsing history, IP address, payment data No third parties -- processed only by our server Session cookies: deleted on browser close. Persistent: deleted when you withdraw consent or after 1 year
Functional Theme preference (dark/light), language preference Email, name, ebook content, browsing history, IP address, payment data, location No third parties -- stored locally in your browser Deleted immediately when you disable this category
Analytics Anonymized visitor ID, pages viewed, session duration, referral source, browser type, screen resolution Email, name, ebook content, payment data, precise location, account details Google Analytics (with IP anonymization enabled) Google retains aggregate data per their Privacy Policy. Our analytics data is anonymized
Marketing No marketing cookies are currently in use. If introduced, this row will be updated before any marketing cookies are set, and fresh consent will be required.

Your cookie preferences are persisted using the following mechanisms to ensure they survive across sessions and devices:

  • Primary storage: Your choices are saved in the gl_cookie_prefs cookie and gl_cookie_consent local storage entry. Both are set simultaneously for redundancy
  • Fallback behavior: If cookies are cleared but local storage persists (or vice versa), the preference center restores your last known preference from whichever store is available
  • Cross-device limitation: Cookie preferences are per-browser and per-device. If you use multiple browsers or devices, you will need to set your preferences on each one separately. We do not synchronize cookie preferences across devices
  • State display: When you visit this page, the preference panel below reflects your current saved state. If no preference has been set, all non-essential categories default to "Off" (consent-by-default approach per GDPR)
  • Save confirmation: When you toggle a preference, a confirmation message appears confirming the change has been saved. Changes take effect immediately -- no page reload is required

3.1 Browser Settings

Most web browsers allow you to control cookies through their settings. You can:

  • Block all cookies
  • Block third-party cookies only
  • Delete cookies when you close your browser
  • Receive a warning before cookies are stored

Below are step-by-step instructions for managing cookies in the most common desktop browsers. For mobile browsers, see Section 9d.

3.1.1 Google Chrome

  1. Click the three-dot menu in the top-right corner and select Settings
  2. In the left sidebar, click Privacy and security
  3. Click Third-party cookies to control cross-site tracking cookies
  4. To clear existing cookies: click Delete browsing data, select Cookies and other site data, and click Delete data
  5. To manage per-site cookies: under Third-party cookies, scroll to Customized behaviors to add sites that can always or never use cookies

Full guide: Google Chrome cookie settings

3.1.2 Mozilla Firefox

  1. Click the hamburger menu and select Settings
  2. Click Privacy & Security in the left sidebar
  3. Under Enhanced Tracking Protection, choose Standard, Strict, or Custom. Strict mode blocks most third-party cookies automatically
  4. To clear existing cookies: scroll down to Cookies and Site Data and click Clear Data
  5. To manage per-site cookies: click Manage Exceptions to allow or block cookies for specific sites

Full guide: Firefox cookie settings

3.1.3 Apple Safari (macOS)

  1. Open Safari and go to Safari > Settings (or Preferences)
  2. Click the Privacy tab
  3. Check Prevent cross-site tracking to block third-party cookies
  4. To clear existing cookies: click Manage Website Data, search for "greatlibrary" or "omnilib", and click Remove (or Remove All to clear all site cookies)

Full guide: Safari cookie settings

3.1.4 Microsoft Edge

  1. Click the three-dot menu and select Settings
  2. Click Cookies and site permissions in the left sidebar
  3. Click Manage and delete cookies and site data
  4. Toggle Block third-party cookies to prevent tracking cookies
  5. To clear existing cookies: go to Settings > Privacy, search, and services > Clear browsing data, select Cookies and other site data, and click Clear now
  6. To manage per-site cookies: under Cookies and site permissions, use the Allow and Block lists

Full guide: Edge cookie settings

3.1.5 Brave

  1. Click the hamburger menu and select Settings
  2. Click Shields in the left sidebar
  3. Under Trackers & ads blocking, select Aggressive for maximum cookie protection
  4. Brave blocks third-party cookies by default and supports Global Privacy Control (GPC) natively -- see Section 4
  5. To clear existing cookies: go to Settings > Privacy and security > Clear browsing data

3.2 Opt-Out Tools

You can opt out of certain tracking:

3.3 Impact of Disabling Cookies

The following table shows the specific impact of disabling each cookie category:

What happens to site functionality when each cookie category is disabled
Cookie Category Can Be Disabled? Impact of Disabling
Essential No Without essential cookies, you cannot log in, submit forms, or use any authenticated features. The site will not function.
Functional Yes Your theme preference (dark/light mode) and language preference will not be remembered between sessions. You will need to set them each time you visit.
Analytics Yes No impact on site functionality. We will have less data about how users interact with the site, which may slow our ability to identify and fix usability issues.
Marketing Yes No impact. We do not currently use marketing cookies. This category is reserved for future use.

If you block all cookies through your browser settings (including essential cookies), you will not be able to sign in to your account or use authenticated features of the Service.

Our recommendation: For the best balance between privacy and functionality, we recommend keeping essential cookies enabled (they are strictly necessary and contain no tracking data), enabling functional cookies if you want your display preferences remembered, and disabling analytics and marketing cookies if you prefer not to be measured. You can configure this exact setup using the preference center below.

We recognize the following browser-level privacy signals:

4.1 Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) signal as a valid opt-out request. When your browser sends a GPC signal (Sec-GPC: 1 header or navigator.globalPrivacyControl === true):

  • We treat it as a request to opt out of the sale or sharing of personal data, as required by the CCPA/CPRA, Colorado CPA, Connecticut CTDPA, and other applicable state privacy laws
  • Analytics cookies and functional cookies that are not strictly necessary will not be set, equivalent to selecting "Reject Non-Essential" on our cookie banner
  • The cookie consent banner will not appear, as your browser-level preference takes precedence
  • This preference applies to the browsing session in which GPC is detected; if you later disable GPC, the standard cookie banner will reappear

You can enable GPC in supported browsers (Firefox, Brave, DuckDuckGo) or through browser extensions. For more information, visit globalprivacycontrol.org.

4.2 Do Not Track (DNT)

The legacy "Do Not Track" (DNT) browser header does not have a universally agreed-upon standard. While we do not modify our behavior based on the DNT header alone, we encourage users who wish to limit tracking to:

  • Use GPC instead, which has clear legal backing and is honored by our platform
  • Use the cookie preference controls in Section 9 below to granularly control which cookies are active
  • Use browser settings to block third-party cookies (see Section 3.1)

4.3 DNT vs. GPC Comparison

The following table compares the two browser privacy signals and how GreatLibrary.AI responds to each.

Side-by-side comparison of DNT and GPC signal handling by GreatLibrary.AI
Aspect Do Not Track (DNT) Global Privacy Control (GPC)
Technical mechanism DNT: 1 HTTP header Sec-GPC: 1 header + navigator.globalPrivacyControl API
Legal backing No binding legal standard; voluntary Recognized by CCPA/CPRA, Colorado CPA, Connecticut CTDPA, and EU regulators
Our response Acknowledged but does not trigger automatic cookie changes Honored as a binding opt-out; non-essential cookies automatically blocked
Cookie banner behavior Banner still appears; you must choose manually Banner suppressed; essential-only mode activated automatically
Supported browsers Most browsers (often disabled by default) Firefox, Brave, DuckDuckGo; extensions available for Chrome, Edge, Safari
Recommendation Use GPC instead for enforceable privacy Recommended -- provides the strongest privacy protection on our platform

4.4 Your Privacy Signal Status

The following shows the privacy signals currently detected from your browser.

Global Privacy Control (GPC): Checking...

Do Not Track (DNT): Checking...

Our use of cookies is based on the following legal frameworks:

  • EU ePrivacy Directive (Directive 2002/58/EC): Strictly necessary cookies are placed without consent as they are essential for the service you have requested. All other cookies require your prior consent before being placed on your device
  • GDPR (Article 6): Where cookies process personal data, our legal basis is either your consent (for analytics and functional cookies) or legitimate interest (for strictly necessary cookies required for service operation)
  • CCPA/CPRA: We do not sell personal information collected through cookies. California residents may exercise their rights under the CCPA as described in our Privacy Policy
  • UK PECR: For UK users, we comply with the Privacy and Electronic Communications Regulations 2003, requiring consent for non-essential cookies
  • EU Digital Services Act (DSA): As required by the DSA, we do not use dark patterns in our cookie consent interface. The option to reject non-essential cookies is presented with equal visual prominence to the option to accept all cookies, and no pre-ticked checkboxes or misleading button colors are used to steer consent
  • ePrivacy Regulation preparedness: Although the proposed EU ePrivacy Regulation has not yet been adopted, our cookie consent implementation is designed to meet its anticipated requirements, including browser-signal-based consent (we already honor GPC) and granular consent management. We will update this policy when the Regulation is finalized

Withdrawing consent is as easy as giving it (GDPR Art. 7(3)). You may withdraw your consent to non-essential cookies at any time using the same cookie preference controls you used to grant consent -- either the cookie banner (click "Reject Non-Essential") or the preference toggles in Section 9 of this page. You may also contact us at privacy@greatlibrary.ai. No additional steps or justification are required to withdraw consent.

5.1 Consent Withdrawal and Cookie Deletion

When you withdraw consent for non-essential cookies (by using the preference controls on this page, clicking "Reject Non-Essential" on the cookie banner, or contacting us):

  • Immediate effect: Your updated consent preference is recorded and no new non-essential cookies will be set on subsequent page loads
  • Existing cookies: Cookies already placed on your device before withdrawal are not automatically deleted by our server. To remove existing cookies, you must clear them through your browser settings (see Section 3.1 for browser-specific instructions)
  • Local storage: Items associated with withdrawn categories (for example, theme preference if functional cookies are disabled) will no longer be actively used by the site, though they may persist in your browser until manually cleared
  • Third-party cookies: Withdrawal of consent on our site does not delete cookies set directly by third parties (such as Google Analytics). Use the opt-out tools in Section 3.2 or your browser settings to manage these

Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before withdrawal.

In accordance with the GDPR principle of accountability (Art. 5(2)), we maintain records of cookie consent to demonstrate compliance. The following information is recorded when you make a consent choice:

What information we record when you make a cookie consent choice
Record Element Details Retention
Consent choice Which categories you accepted or rejected (essential only, all, or custom selection) 1 year from date of consent
Date and time of consent ISO 8601 timestamp when you made your cookie choice 1 year from date of consent
Version of cookie policy The version of this Cookie Policy that was in effect when consent was given 1 year from date of consent
Method of consent Whether consent was given via the cookie banner, the preference controls on this page, or inferred from a GPC signal 1 year from date of consent

Consent records are stored locally in your browser (via Local Storage) and are not transmitted to our servers unless required for compliance verification. You may request a copy of your consent record by contacting privacy@greatlibrary.ai.

Your cookie consent preference expires and must be renewed after 12 months. When your consent expires:

  • The cookie consent banner will reappear on your next visit
  • No non-essential cookies will be set until you make a new choice
  • Your previous preference is not automatically restored -- you must actively consent again

This renewal requirement ensures that your consent remains informed and up-to-date, particularly if our cookie practices have changed since you last consented. This approach aligns with guidance from the European Data Protection Board (EDPB Guidelines 05/2020 on Consent) and the UK ICO.

Cookies on GreatLibrary.AI fall into two categories based on how long they persist on your device:

Session Cookies

Session cookies are temporary and exist only while your browser is open. They are created when you visit the site and are automatically deleted when you close your browser (or browser tab, depending on your browser's session handling). On our platform, session cookies include:

  • session -- Created when you log in or visit any page. Stores a server-side session identifier. Deleted when you close your browser or after server-side timeout (typically 12 hours of inactivity).
  • csrf_token -- Created when any page with a form loads. Used to validate form submissions against cross-site request forgery. Deleted when you close your browser.

Persistent Cookies

Persistent cookies remain on your device for a set period or until you manually delete them. They are re-read each time you return to the site. On our platform, persistent cookies include:

Lifecycle details for persistent cookies including creation triggers and expiry
Cookie Created When Expires After Renewed When
remember_token You select "Remember me" during login 30 days Each successful login with "Remember me" checked
gl_cookie_consent You interact with the cookie consent banner 1 year Each time you update your cookie preferences
gl_cookie_prefs You set granular cookie category preferences 1 year Each time you update category preferences
theme You switch between dark and light mode 1 year Each time you change theme preference
_ga First page load after analytics consent is given 2 years Each new visit (expiry timer resets)
_gid First page load after analytics consent is given 24 hours Each new visit within 24 hours

How to delete persistent cookies: You can delete persistent cookies at any time through your browser settings. See Section 3 (desktop) or Section 9d (mobile) for browser-specific instructions. Deleting cookies will sign you out and reset your preferences.

When you first visit GreatLibrary.AI (or after your consent expires), a cookie consent banner appears at the bottom of the screen. Here is exactly what happens at each step:

  1. Banner appears: A non-intrusive banner slides up from the bottom of the page. At this point, only strictly necessary cookies are active. No analytics, functional, or marketing cookies have been set.
  2. Your options:
    • "Manage Preferences" -- Opens a granular preference panel directly within the banner. You can toggle individual cookie categories (essential, functional, analytics, marketing) independently without leaving the page. Essential cookies are always active and cannot be disabled. Click "Save Preferences" to apply your choices.
    • "Accept All" -- Consents to all cookie categories. Functional, analytics, and marketing cookies are activated immediately. Google Analytics begins collecting anonymized usage data.
    • "Reject Non-Essential" -- Only strictly necessary cookies remain active. No third-party cookies are set. Your browsing data is not shared with analytics providers.
    • "Customize" -- Links to this Cookie Policy page (Section 9) where you can view detailed descriptions and toggle individual categories using the preference controls below.
  3. Choice is recorded: Your preference is stored in the gl_cookie_consent cookie (value: "all", "essential", or "custom") and the timestamp is stored in localStorage as gl_cookie_consent_date. Your per-category choices are stored in localStorage as gl_cookie_categories (JSON object with boolean values for each category).
  4. Banner disappears: The banner is hidden for the duration of your consent (1 year). It will not reappear unless you clear your cookies or your consent expires.
  5. Changing your mind: You can update your preferences at any time by: (a) visiting this page (/cookies, Section 9) and using the cookie preference controls; or (b) going to Settings and clicking "Manage Cookies" in the Legal section to reopen the consent banner with your current selections pre-filled. Changes take effect immediately -- if you revoke analytics consent, analytics cookies are deleted and no further data is collected.

Technical note: Our implementation follows the "consent-before-cookies" model required by the EU ePrivacy Directive and UK PECR. Non-essential cookie scripts are not loaded until explicit consent is received, rather than being loaded and then deleted upon rejection.

We may update this Cookie Policy from time to time. When we make material changes to the cookies we use or how we use them:

  • We will update the "Last updated" date at the top of this page
  • We will reset your cookie consent preference so that the consent banner reappears, allowing you to make an informed choice based on the updated policy
  • If we introduce new cookie categories or new third-party cookies, we will seek fresh consent before setting them

We encourage you to review this policy periodically.

If you have questions about our use of cookies, please contact us:

Company: Alexandria AI Systems

For more information about cookies and how to manage them, visit:

8.1 Cookie Audit Schedule

We conduct regular audits of all cookies and similar technologies used on our platform to ensure accuracy of this policy and compliance with applicable regulations. Our audit schedule is as follows:

  • Last full audit: April 14, 2026 -- all cookies and local storage items were verified against this policy
  • Next scheduled audit: July 2026
  • Audit frequency: Quarterly, or whenever we add a new third-party integration or cookie
  • Audit scope: All first-party cookies, third-party cookies, local storage items, and session storage items are reviewed for accuracy of purpose description, duration, and consent classification
  • Audit findings: Any discrepancies found during an audit result in immediate correction of this policy and, if the change is material, a consent reset requiring users to re-consent

You can change your cookie preferences at any time using the controls below. Essential cookies cannot be disabled as they are required for the website to function. You may toggle functional and analytics cookies independently.

9.1 Consent Mechanism

When you first visit our website, a cookie consent banner appears at the bottom of the screen. This banner gives you two immediate options:

  • Accept All: Enables all cookie categories (strictly necessary, functional, analytics, and marketing)
  • Reject Non-Essential: Enables only strictly necessary cookies. No functional, analytics, or marketing cookies are set

For more granular control, visit this page to toggle individual cookie categories using the preference panel below. Your consent choice is stored in your browser via a gl_cookie_consent cookie and gl_cookie_consent_date local storage entry, and remains valid for 1 year unless you change it. You may withdraw or modify your consent at any time by returning to this page.

9.2 Cookie Preference Controls

Cookie Categories
Always On

Login session, CSRF protection, cookie consent storage. Required for the site to function. Cannot be disabled.

5 cookies: session, csrf_token, remember_token, gl_cookie_consent, gl_cookie_prefs

Off

Theme preference and language settings. Remembers your display choices across visits.

2 cookies: theme_preference, language

Off

Google Analytics -- helps us understand site usage patterns. IP anonymization enabled, no remarketing or cross-site tracking.

3 cookies: _ga, _ga_*, _gid | Provider: Google LLC

Off

Reserved for future advertising partners. No marketing cookies are currently set.

0 cookies currently active

GDPR Art. 7(3): You have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawing consent is as easy as giving it -- use the "Withdraw Consent" button above or the "Reject Non-Essential" button on the cookie banner on any page.

This tool scans your browser and shows which cookies are currently set by GreatLibrary.AI on your device. It runs entirely in your browser -- no data is sent to our servers. Use this to verify which cookies are active and confirm that your preferences are being respected.

Cookies Found: --

Necessary Functional Analytics Marketing Unknown/Third-party

Click "Rescan" to scan your browser for cookies.

Note: HttpOnly cookies (such as session and csrf_token) are not visible to JavaScript for security reasons. They are set by the server and cannot be read or modified by client-side scripts. Local storage items are shown separately below the cookie list.

Your cookie consent preference is stored for a period of 1 year from the date you set it. After this period expires:

  • Automatic re-prompt: When your consent preference expires, the cookie consent banner will reappear on your next visit, giving you the opportunity to review and update your choices
  • No assumption of consent: Expired consent is treated the same as no consent -- only strictly necessary cookies will be active until you make a new selection
  • Preference preservation: Your previous preference settings are retained in local storage as a convenience, so if you choose to accept the same settings again, they will be pre-selected in the preference panel
  • Policy changes: If we make material changes to our cookie practices (such as adding new cookie categories or third-party providers), we will reset consent records and re-prompt all users, even if their consent has not yet expired

You do not need to wait for consent to expire to update your preferences -- you can change them at any time using the controls in Section 9.2 above.

In compliance with Google's EU User Consent Policy and the Digital Markets Act (DMA), our implementation of Google Analytics respects consent signals through the following mechanisms:

  • Default state: Google Analytics tags are configured to default to a denied consent state for analytics_storage and ad_storage. No analytics cookies are set until the user provides explicit consent
  • Consent update: When a user accepts analytics cookies (via the cookie banner or preference controls), the consent state is updated to allow analytics_storage, enabling Google Analytics to function with full measurement capabilities
  • Cookieless pings: When analytics consent is denied, Google may still receive cookieless pings (without personal identifiers) for basic measurement modeling. These pings do not set cookies on the user's device and do not contain personally identifiable information
  • Ad storage: We do not use Google Ads or remarketing features. The ad_storage consent signal remains denied at all times
  • Region-specific behavior: Consent defaults are applied globally, not just for EEA/UK users, as a privacy-protective measure

For more information about how Google processes data with consent mode, see Google's Consent Mode documentation.

The following third-party services may set cookies on your device when you use GreatLibrary.AI. We provide details about each service, what data they collect, and how to manage their cookies independently.

9c.0 Third-Party Data Flow Summary

When third-party cookies are active on GreatLibrary.AI, the following data may leave your browser and be transmitted to third-party servers. This table is provided for transparency under GDPR Article 13(1)(e) and the ePrivacy Directive.

Summary of data transmitted from your browser to third-party services via cookies
Third Party Data Transmitted Destination Country Transfer Safeguard Your Control
Google Analytics Anonymized visitor ID, page URL, referral source, screen size, browser language. IP address is truncated before storage (anonymize_ip enabled) United States / EU EU-US DPF + SCCs Disable analytics cookies via preference center or GA Opt-out Add-on
Stripe Device fingerprint (for fraud prevention), payment session ID. No payment card data is stored in cookies United States EU-US DPF + SCCs + PCI DSS Level 1 Essential for payment processing; cannot be disabled during checkout. No cookies are set outside payment flows
Google OAuth Authentication session token (temporary, during sign-in flow only). No persistent tracking data United States / EU EU-US DPF + SCCs Only triggered when you choose to sign in with Google. Use email/password login to avoid entirely
Microsoft OAuth Authentication session token (temporary, during sign-in flow only). No persistent tracking data United States / EU EU-US DPF + SCCs Only triggered when you choose to sign in with Microsoft. Use email/password login to avoid entirely

Sentry and Redis/Upstash do not set cookies on your device and are not included in this table. Sentry receives server-side error data with PII automatically scrubbed. Redis stores only ephemeral rate-limiting counters with no PII. See sections 9c.5 and 9c.6 below for details.

CDN services (no cookies): Google Fonts (fonts.googleapis.com) and Tailwind CSS CDN (cdn.tailwindcss.com) are loaded on every page to deliver fonts and styling. These services receive standard HTTP request headers (IP address, user-agent, referrer URL) but do not set cookies on your device. Google states that font requests are not logged or used for tracking (Google Fonts Privacy FAQ).

For the full details of our international data transfer safeguards, see our Privacy Policy, Section 8 (International Data Transfers).

9c.1 Google Analytics

Google Analytics cookie details
Cookie Domain Data Collected Retention Opt-Out
_ga .greatlibrary.app Anonymized visitor ID, page views, session duration, referral source 2 years Google Analytics Opt-out Browser Add-on
_gid .greatlibrary.app Session-level visitor distinction 24 hours
_gat .greatlibrary.app None (rate limiting only) 1 minute

Data processing location: Google servers (US and EU). Google is certified under the EU-US Data Privacy Framework. See Google's Privacy Policy.

IP anonymization: We use Google Analytics with IP anonymization enabled (anonymize_ip: true), which truncates the last octet of your IP address before storage.

9c.2 Stripe (Payment Processing)

Stripe may set cookies when you interact with payment forms (checkout, subscription management, customer portal). These cookies are classified as strictly necessary for payment processing and do not require consent.

Stripe cookie details
Cookie Domain Purpose Retention
__stripe_mid .stripe.com Fraud detection and prevention 1 year
__stripe_sid .stripe.com Session identifier for payment forms 30 minutes

See Stripe's Privacy Policy and Stripe's Cookie Settings.

9c.3 Google OAuth

If you sign in using Google, Google may set temporary cookies during the OAuth authentication flow. These are strictly necessary for the login process and expire when the authentication is complete.

See Google's Cookie Policy.

9c.4 Microsoft OAuth

If you sign in using Microsoft, Microsoft may set temporary cookies during the OAuth authentication flow. These are strictly necessary for the login process.

See Microsoft's Privacy Statement.

9c.5 Sentry (Error Monitoring)

Sentry does not set cookies on your device. Sentry collects error reports server-side and may receive the following anonymized metadata when application errors occur:

  • Browser metadata: Browser type and version, operating system, device type (desktop/mobile/tablet)
  • Error context: Stack traces, error messages, and request URLs that triggered the error (with PII automatically scrubbed)
  • Session context: Anonymized session identifiers to correlate errors within a single browsing session

PII scrubbing: Our Sentry configuration uses custom data scrubbing rules that automatically redact email addresses, IP addresses, authentication tokens, and other personally identifiable information from error reports before transmission. We have configured Sentry with send_default_pii = False and additional custom scrubbing rules for breadcrumb data.

See Sentry's Privacy Policy.

9c.6 Redis / Upstash (Rate Limiting)

Redis (provided by Upstash) does not set cookies on your device. Redis is used server-side for rate limiting and session caching. It stores only ephemeral request counters (keyed by anonymized identifiers) to enforce API rate limits and prevent abuse. No personally identifiable information, user content, or browsing history is stored in Redis. Rate limiting data expires automatically within minutes.

Managing cookies on mobile devices works differently from desktop browsers. Below are instructions for the most common mobile browsers.

9d.1 iOS Safari

  1. Open Settings on your iPhone or iPad
  2. Scroll down and tap Safari
  3. Under Privacy & Security:
    • Toggle Prevent Cross-Site Tracking to block third-party cookies
    • Toggle Block All Cookies to block all cookies (note: this may prevent login)
  4. To clear existing cookies: tap Clear History and Website Data
  5. To delete cookies for GreatLibrary.AI only: go to Settings > Safari > Advanced > Website Data, search for "greatlibrary" or "omnilib", and swipe to delete

9d.2 Android Chrome

  1. Open Chrome on your Android device
  2. Tap the three-dot menu and select Settings
  3. Tap Privacy and security then Third-party cookies
  4. Choose Block third-party cookies or Block all cookies
  5. To clear existing cookies: go to Settings > Privacy and security > Clear browsing data, select Cookies and site data, and tap Clear data
  6. To manage per-site cookies: go to Settings > Site settings > Cookies, then search for "greatlibrary" or "omnilib"

9d.3 Samsung Internet

  1. Open Samsung Internet and tap the menu icon
  2. Go to Settings > Privacy and security
  3. Tap Accept cookies to toggle cookie acceptance
  4. Tap Delete browsing data to clear cookies

9d.4 Firefox Mobile (iOS and Android)

  1. Open Firefox and tap the menu icon
  2. Go to Settings > Privacy (iOS) or Settings > Enhanced Tracking Protection (Android)
  3. Set the protection level to Strict to block most third-party cookies
  4. To clear cookies: Settings > Data Management > Clear Private Data (iOS) or Settings > Delete browsing data (Android)

Note: Blocking all cookies may prevent you from logging in to GreatLibrary.AI. We recommend keeping essential cookies enabled (which are set by our domain) while blocking third-party cookies if you prefer minimal tracking.

Version history showing date and summary of changes for each revision
Version Date Summary of Changes
5.1 May 2, 2026 Third-party services disclosure (Section 2): added Sentry (error monitoring), Google Fonts (font delivery CDN), and Tailwind CSS CDN (CSS framework delivery) to the Third-Party Cookies table. All three services make network requests on page load that transmit standard HTTP headers (IP address, user-agent). Disclosure required under GDPR Art. 13 and ePrivacy Directive for transparency about all external data recipients
4.9 April 30, 2026 Compliance review cycle: updated version badge and review date to April 30, 2026. Verified cookie inventory accuracy (12 cookies, 3 local storage items). Confirmed cookie consent banner meets GDPR granular consent requirements with separate accept/reject controls and cookie policy link
4.8 April 23, 2026 Fixed heading hierarchy for WCAG 1.3.1 compliance: converted browser-specific cookie management sub-sections (3.1.1-3.1.5) from h3 to proper h4 elements, eliminating heading level skips under h3 parent. Added h4 styling for screen and print
4.7 April 23, 2026 Added DNT vs GPC comparison table (Section 4.3) showing signal mechanisms, legal backing, platform response, and recommendations. Added live privacy signal status indicator (Section 4.4) detecting GPC and DNT signals from the user's browser in real time. Updated TOC with sub-entries for Section 4
4.6 April 23, 2026 Enhanced browser-specific cookie management instructions (Section 3.1) with step-by-step guides for Chrome, Firefox, Safari, Edge, and Brave including per-site cookie controls and clearing procedures. Added Brave browser with GPC cross-reference
4.5 April 23, 2026 Added EU Digital Services Act (DSA) compliance disclosure confirming no dark patterns in cookie consent interface. Added ePrivacy Regulation readiness statement documenting forward-looking compliance with anticipated requirements including browser-signal-based consent. Updated cookie inventory audit date to April 23, 2026
4.4 April 15, 2026 Final compliance review: synchronized review badge date, updated cookie inventory audit date, verified preference center toggle states (on/off/disabled) and cookie disable impact table accuracy. Confirmed all cookie names listed match actual implementation
4.3 April 15, 2026 Added accessible table captions (sr-only) to all 12 cookie tables for WCAG 1.3.1 compliance. Added focus-visible styling for toggle switches to improve keyboard navigation. Updated version badge to v4.3
4.2 April 15, 2026 Added Cookie Data Access Matrix (2b) documenting exactly what personal data each cookie category can and cannot access, third-party data sharing per category, and retention after deletion. Added Preference Center State Persistence section (2b.1) documenting primary/fallback storage mechanisms, cross-device limitations, default consent state (off), and save confirmation behavior. GDPR Art. 13(1)(e) transparency enhancement
4.1 April 15, 2026 Added Third-Party Data Flow Summary table (9c.0) showing exactly what data each third-party service receives from your browser, destination countries, transfer safeguards (EU-US DPF, SCCs, PCI DSS), and user control options. GDPR Art. 13(1)(e) transparency enhancement. Cross-referenced Privacy Policy Section 8 for transfer framework details
4.0 April 15, 2026 Added cross-references to Terms of Service, Privacy Policy, DMCA Policy, and Acceptable Use Policy in closing reference box. Cross-policy consistency review ensuring company name, contact information, and legal definitions align with all companion policies
3.9 April 15, 2026 Enhanced Sentry error monitoring disclosure (9c.5) with detailed PII scrubbing configuration, browser metadata categories, and link to Sentry privacy policy. Added Redis/Upstash rate limiting disclosure (9c.6) clarifying server-side ephemeral data handling with no PII storage
3.8 April 15, 2026 Added Cookie Lifecycle section (5c) with session vs. persistent cookie comparison table covering creation triggers, expiry periods, and renewal behavior for all cookies. Added How the Consent Banner Works section (5d) with step-by-step walkthrough of the consent flow: banner appearance, user options (Accept All, Reject Non-Essential, Cookie Settings), choice recording, and preference change process
3.7 April 15, 2026 Added Third-Party Cookie Details section (9c) with per-provider breakdown: Google Analytics with IP anonymization and opt-out link, Stripe fraud detection cookies, Google and Microsoft OAuth session cookies, Sentry no-cookie disclosure. Added Mobile Cookie Management section (9d) with step-by-step instructions for iOS Safari, Android Chrome, Samsung Internet, and Firefox Mobile
3.6 April 15, 2026 Added Consent Record Keeping section (5a) documenting what consent records are maintained per GDPR accountability principle (Art. 5(2)), including consent choice, timestamp, policy version, and consent method. Added Cookie Lifespan and Renewal section (5b) with 12-month renewal requirement aligned with EDPB Guidelines 05/2020 on Consent. Enhanced Updates to This Policy (6) with consent reset mechanism and fresh consent requirement for new cookie categories. Added DPO contact to Contact Us section (7)
3.5 April 14, 2026 Added interactive cookie scanner (9.3) that lists all cookies currently set in the browser with category classification, delete non-essential button, and localStorage scanning. Redesigned preference center UI with category icons, on/off status badges, cookie count details per category, and improved visual hierarchy. Added review schedule badges and enhanced print stylesheet with page-break rules
3.4 April 14, 2026 Enhanced cookie inventory table with consent-required and security-flags columns, added cookie count summary, added "Customize" button to consent banner for granular control access, improved banner accessibility with min-height touch targets, updated all link colors for WCAG contrast compliance
3.3 April 14, 2026 Added Global Privacy Control (GPC) signal recognition with automatic opt-out (4.1), renamed DNT section to include GPC, implemented GPC detection in consent JavaScript, strengthened DNT guidance to recommend GPC over legacy DNT
3.2 April 9, 2026 Added consent renewal mechanism documentation (9a), Google Consent Mode v2 disclosure (9b) covering default denied state, cookieless pings, and region-specific behavior
3.1 April 8, 2026 Added collapsible/expandable sections, reading time indicator, email page link, floating back-to-top button, enhanced print stylesheet
3.0 April 8, 2026 Added interactive toggle switch UI for cookie preferences, Marketing cookie category, Cookie Inventory Summary table (2a), print button, saved-confirmation feedback
2.0 April 8, 2026 Added consent withdrawal and cookie deletion guidance (5.1), version history (10), expanded legal basis section with UK PECR
1.0 March 2026 Initial Cookie Policy

10.1 Document Changelog

Select a version transition below to see a summary of what changed:

You can manage your cookie preferences at any time using the controls above or your browser settings. Essential cookies cannot be disabled as they are required for the website to function. This Cookie Policy works in conjunction with our Privacy Policy, Terms of Service, DMCA Policy, and Acceptable Use Policy.

Back to top