This Cookie Policy explains how ExoChat, operated by Stamina AI OÜ ("ExoChat", "we", "us", or "our"), uses cookies and similar technologies when you access or use our websites, applications, dashboards, APIs, documentation, and related services (collectively, the "Services").
This Cookie Policy should be read together with our Privacy Policy and Terms of Use.
Where required by applicable law, we obtain your consent before placing or using non-essential cookies and similar technologies. Strictly necessary cookies required for operation, security, and service delivery may be used without consent where permitted by law.
1. Scope of This Cookie Policy
This Cookie Policy applies to cookies and similar technologies used by ExoChat on:
- exochat.ai website and related domains
- product dashboard and platform
- documentation portal
- demo environments
- support portal
- authentication pages
- hosted agent interfaces operated by ExoChat
This Cookie Policy does not automatically apply to cookies implemented independently by customers using ExoChat to build their own applications, chatbots, or agent interfaces. Customers are responsible for their own cookie disclosures where applicable.
3. Why We Use Cookies
We use cookies for the following purposes:
Strictly Necessary Operation
To provide core functionality:
- Authentication and login sessions
- Security and abuse prevention
- Load balancing and routing
- API request validation
- Session integrity
- Consent preference storage
These cookies are essential for the Services to function.
Functional Preferences
To remember:
- Language settings
- Interface preferences
- Dashboard configuration
- UI state
- Feature toggles
Analytics and Performance
To improve reliability and usability:
- Page usage
- Feature interaction
- Performance metrics
- Error tracking
- Service diagnostics
Analytics cookies are only used with consent where required by law.
Security and Fraud Prevention
To detect:
- Suspicious login attempts
- Bot activity
- Abuse or scraping
- Token misuse
- Rate limit violations
These cookies are necessary for security.
Infrastructure and Service Delivery
To support:
- Authentication providers
- Payment processing
- Logging infrastructure
- Monitoring systems
- Consent management
4. Categories of Cookies
4.1 Strictly Necessary Cookies
Purpose: Platform functionality and security
Examples:
- Session authentication
- CSRF protection
- Login state
- Security tokens
- Consent preference storage
Legal basis: Legitimate interest / contract performance
These cookies cannot be disabled.
4.2 Functional Cookies
Purpose: Remember user preferences
Examples:
- Theme settings
- Language preference
- Dashboard layout
- UI configuration
Legal basis: Legitimate interest
4.3 Analytics Cookies
Purpose: Improve product performance
Examples:
- Page interaction tracking
- Feature usage metrics
- Performance monitoring
- Aggregate analytics
Legal basis: Consent (where required)
Analytics cookies are disabled until consent is given where applicable.
4.4 Security Cookies
Purpose: Protect platform integrity
Examples:
- Bot detection
- Login protection
- Abuse prevention
- Session validation
Legal basis: Legitimate interest
4.5 Third-Party Cookies
We may use third-party providers for:
- Authentication
- Payments
- Monitoring
- Error tracking
- Analytics
- Infrastructure
These providers may set cookies as part of their services.
Examples of providers that may be used:
- Stripe (payments)
- Sentry (error monitoring)
- PostHog (analytics)
- Cloud infrastructure providers
- Authentication providers (OAuth / SSO)
Third-party cookies are governed by their respective privacy policies.
5. Cookie Duration
Cookies may be stored for different periods:
- Session cookies — deleted when browser closes
- Short-lived cookies — expire within 24 hours
- Persistent cookies — stored up to 12 months
- Consent cookies — stored up to 12 months
- Security cookies — stored only as long as necessary
Users may delete cookies anytime via browser settings.
6. Consent Management
Where required by law, ExoChat displays a cookie consent banner allowing users to:
- Accept all cookies
- Reject non-essential cookies
- Customize cookie preferences
Non-essential cookies are not activated until consent is given.
Users can withdraw consent at any time using:
- Footer link: "Cookie Settings"
- Account settings (if logged in)
- Browser cookie controls
Rejecting cookies does not prevent use of core platform functionality.
7. Cookie Inventory
Below is the cookie inventory for ExoChat core platform.
| Name | Provider | Purpose | Category | Duration | Type |
|---|---|---|---|---|---|
| exochat_session | ExoChat | Authentication session | Necessary | Session | First-party |
| exochat_csrf | ExoChat | CSRF protection | Necessary | Session | First-party |
| exochat_consent | ExoChat | Consent preferences | Necessary | 12 months | First-party |
| exochat_pref | ExoChat | UI preferences | Functional | 12 months | First-party |
| exochat_auth | ExoChat | Authentication token | Necessary | Session | First-party |
| exochat_lb | ExoChat | Load balancing | Necessary | Session | First-party |
| posthog | PostHog | Product analytics | Analytics | 12 months | Third-party |
| sentry | Sentry | Error monitoring | Security | 30 days | Third-party |
| stripe | Stripe | Payment processing | Necessary | Session | Third-party |
Actual cookies may vary depending on deployment.
8. Third-Party Providers
ExoChat may use the following categories of providers:
- Analytics provider
- Error monitoring provider
- Payment provider
- Authentication provider
- Infrastructure provider
- Consent management provider
These providers may process data outside your country.
Data transfers are handled in accordance with our Privacy Policy.
9. Browser Controls
You can manage cookies using your browser:
- Chrome
- Safari
- Firefox
- Edge
Options include:
- Block cookies
- Delete cookies
- Block third-party cookies
- Clear site data
Blocking necessary cookies may affect functionality.
10. Do Not Track
Some browsers support "Do Not Track" signals.
There is no consistent industry standard.
ExoChat handles cookies as described in this policy regardless of DNT signals.
11. Cookies in Customer Deployments
Customers using ExoChat may deploy:
- Embedded agents
- Chat widgets
- White-labeled portals
- Hosted applications
These deployments may use additional cookies controlled by the customer.
Customers are responsible for:
- Consent collection
- Cookie disclosure
- Compliance with applicable laws
ExoChat acts as processor in such cases.
12. Updates to This Cookie Policy
We may update this Cookie Policy periodically.
Changes will be reflected in the "Last Updated" date.
Material updates may be communicated via:
- Website banner
- Email notification
- Platform notice
13. Contact Information
ExoChat
Stamina AI OÜ
Keemia tn 4
10616 Tallinn
Estonia
Email: info@exo-chat.com
Website: https://exo-chat.com
If you are located in the EU/EEA, you may contact your local data protection authority regarding cookie-related concerns.
For questions about this Cookie Policy, contact info@exo-chat.com. Please also review our Privacy Policy and Terms of Use. Last updated April 10, 2026.
