Cookie & Tracking Policy
Last updated May 29, 2026
Roundtable AI keeps tracking lightweight. We use cookies only where necessary to keep you signed in, store your consent preferences, and (with your permission) measure marketing performance.
1. Essential Cookies (Always Active)
These cookies are necessary for the website and app to function. They cannot be disabled. When you use the chat app, you sign in with short-lived access tokens rather than a long-lived session cookie — the only sign-in cookie we set is the one-time handoff below.
| Cookie | Purpose | Duration |
|---|---|---|
__Host-rt_session | Carries your sign-in securely from signup into the chat app. | Up to 30 days |
rt_consent | Stores your cookie consent preferences and the policy version you agreed to. | 1 year |
rt_dns | Records your "Do Not Sell or Share" opt-out preference. Set when you opt out of advertising and data sharing via "Your Privacy Choices." | 1 year |
2. Analytics Cookies
Note: We also use Plausible Analytics for consent-free audience measurement. Plausible does not set any cookies, does not access local storage, and retains no persistent personal data. It is not listed in the cookie table because it uses no cookies. See our Privacy Policy for details.
The following cookies help us understand how visitors interact with our marketing site and attribute signups to marketing campaigns.
- Regions where consent is not legally required (such as the US, Australia, and New Zealand): Analytics and advertising cookies may be set by default, and we may transmit conversion data to third-party advertising platforms (including Meta) via server-side integrations. In the United States, this reflects the opt-out model established by CCPA/CPRA and equivalent state laws. You can opt out at any time using "Your Privacy Choices" in the website footer or by enabling Global Privacy Control (GPC) in your browser. We honor GPC as a legally binding opt-out signal.
- Regions where opt-in consent is required (such as the EU, UK, Canada, and Brazil): These cookies are set only after you grant consent.
| Cookie | Purpose | Duration |
|---|---|---|
_ga | Google Analytics 4 client identifier. Assigns a pseudonymous ID to distinguish unique visitors. | 2 years |
_ga_* | GA4 session cookie. Tracks page views and session duration within a single property. | 2 years |
_cioanonid | Customer.io anonymous identifier. Used to track anonymous activity (page views) before signup and merge it with your account after you sign up. | 1 year |
_cioid | Customer.io identified user cookie. Set after you sign up or identify yourself (e.g., email capture). Links your activity to your account. | 1 year |
rt_attribution | First-touch and last-touch marketing attribution (UTM parameters, click IDs like gclid/fbclid, referrer). | 1 year |
_fbc | Meta (Facebook) click identifier. Set server-side when you arrive via a Facebook ad (fbclid URL parameter). Used by Meta Pixel to attribute conversions. | 1 year |
_fbp | Meta (Facebook) browser identifier. Set by Meta Pixel to distinguish unique browsers for conversion attribution. | 90 days |
3. Cross-Domain Attribution
When you click from our marketing site (round-table.ai) to our application (chat.round-table.ai), we pass attribution data via URL parameter (rt_attr) to maintain campaign attribution across domains. This includes:
- Marketing attribution (UTM parameters, click IDs, referrer)
- Customer.io anonymous identifier (to merge pre-signup activity with your account)
This data is sanitized to remove any potential PII and is validated for freshness when it arrives. In regions where consent is not legally required, attribution data may be persisted and used for analytics based on legitimate interest. In regions where consent is required, attribution data is held in browser memory until you grant consent, at which point it is persisted to cookies and used for analytics.
4. Local Storage
| Technology | Purpose | Retention |
|---|---|---|
localStorage | Persists UI preferences such as dark mode, agent sorting, and compact-mode settings. | Until cleared |
sessionStorage | Temporarily holds attribution data before consent is granted. Written in non-regulated regions or if you have previously granted consent; otherwise, attribution is held in memory only until consent is granted. | Session |
5. Managing Your Preferences
- Consent Banner: When visiting from a region that requires opt-in consent (such as the EU, UK, Canada, and Brazil), you'll see a consent banner. Your choice is stored in the
rt_consentcookie. - Global Privacy Control (GPC): We honor GPC signals as a legally binding opt-out per California regulations. If your browser sends a GPC signal, we automatically deny consent for cookie-based analytics (Google Analytics 4, Google Tag Manager, Customer.io) and no analytics cookies are set. Plausible Analytics continues to operate because it uses no cookies and retains no persistent personal data. See our Privacy Policy for details on how GPC affects each analytics layer.
- Your Privacy Choices: You can withdraw consent at any time using the "Your Privacy Choices" link in the website footer. We will immediately stop cookie-based analytics processing (Google Analytics 4, Customer.io) and delete analytics cookies. Consent-free audience measurement (Plausible Analytics) continues as described above.
- Browser Settings: You can block or delete cookies at any time. Clearing browser data will sign you out of the app.
6. Data Retention
- Consent preferences are retained for 1 year unless you withdraw consent.
- Attribution data persists until you delete your account or clear the associated cookies.
- When you withdraw consent, we stop processing but retain minimal identifiers for compliance auditing as permitted under GDPR Article 17(3)(b).
Questions about this policy can be sent to privacy@round-table.ai.