Cookie Policy
How we use cookies.
Version 1.0.0 · Last updated: 2026-05-03
This Cookie Policy explains how ADS uses cookies and similar technologies. It supplements our Privacy Policy.
1. What are cookies?
Cookies are small text files placed on your device when you visit a website. We also use similar technologies including localStorage, sessionStorage, and pixel tags. References to "cookies" below include these.
2. Strictly necessary (cannot be disabled)
| Name | Purpose | Duration |
|---|---|---|
ads_sid | Anonymous session ID for free-tier metering | 30 days |
ads_id_token | Cognito JWT — proves your identity | 1 hour |
ads_access_token | Cognito API access token | 1 hour |
ads_refresh_token | Lets you stay signed in | 30 days |
ads_cookie_consent | Records your cookie choices | 12 months |
__Secure-… | AWS WAF anti-bot challenge | 24 hours |
3. Analytics — opt-in (default OFF in EU/UK)
| Name | Purpose | Duration |
|---|---|---|
cwr_s | CloudWatch RUM session ID | 30 minutes |
cwr_u | CloudWatch RUM user ID | 30 days |
Operator: AWS (us-east-1). Used for page-load times, error rates, and UX metrics. We do not use cross-site tracking.
4. Marketing
We do not currently set marketing cookies. If we add them, this policy will be updated and your re-consent will be obtained.
5. Third-party cookies
- Stripe Checkout — set only when you initiate a purchase. See stripe.com/cookies.
- Google Fonts — font loading only, no tracking. See policies.google.com.
- Cognito Hosted UI — set during sign-in. AWS-controlled.
6. How to manage cookies
- In-platform: Click Cookie Preferences at any time, or via the footer link.
- Browser: Chrome → Settings → Privacy and Security → Cookies. Firefox → Settings → Privacy & Security. Safari → Settings → Privacy. Edge → Settings → Cookies and Site Permissions.
7. Consent mechanism
We display a cookie banner on first visit from EU/UK/EEA-detected IPs. Until you make a choice, only strictly-necessary cookies are set. Your choice is stored in ads_cookie_consent for 12 months. You can change your choice at any time.
8. Do Not Track & Global Privacy Control
We honor Global Privacy Control (GPC) signals as a valid opt-out for state privacy laws (CA, CO, CT, etc.). We do not respond to legacy "Do Not Track" headers because no consensus standard exists.
9. Changes
We will post material changes here and update the "Last updated" date.
10. Contact
privacy@adslaw.ai