Cookie Policy — Llorut

We use minimal, privacy-first storage

This Cookie Policy explains what cookies and local storage technologies Llorut uses when you visit llorut.com or interact with an AI chat powered by Llorut.

Short version: We use only essential session cookies for login. We do not use advertising cookies, tracking pixels, or third-party analytics (e.g. Google Analytics). We do not run a cookie consent banner because we don't use non-essential cookies.

1. What Is a Cookie?

A cookie is a small text file stored in your browser by a website you visit. Cookies have many uses — from keeping you logged in, to remembering your preferences, to tracking you across websites for advertising. Llorut uses cookies only for the former: keeping you logged in.

2. Cookies We Use

Cookie Name	Purpose	Duration	Third-Party?
`LLORUT_SES`	Session authentication — keeps you logged in to the dashboard as a Company, Agent, or System Admin	30 days (or until you sign out)	No

This cookie is:

HttpOnly — cannot be read by JavaScript (protects against XSS attacks)
SameSite=Lax — not sent on cross-site requests except navigation links (protects against CSRF)
Secure — only transmitted over HTTPS
Strictly necessary — the platform cannot function without it for logged-in users

Visitors who only chat with an AI (without logging in) do not receive any session cookie. Their interaction is identified by a randomly generated session token that exists only in the request body, not in any cookie.

3. What We Do Not Use

Llorut does not use:

Google Analytics or any other analytics cookies
Facebook Pixel or any advertising/retargeting pixels
Any third-party cookie-based tracking
Fingerprinting technologies
A/B testing or marketing automation cookies

4. Local Storage (PWA)

The AI Contacts PWA (llorut.com/app) uses your browser's localStorage — not cookies — to store:

The list of AI contacts you have saved (company names, tokens, branding)
Your chat history with each saved contact
A per-contact session identifier (randomly generated)

This data is stored entirely on your own device. It is never transmitted to our servers except when you send a chat message. You can clear this data at any time by clearing your browser storage or removing the PWA from your device.

5. Service Worker Cache

Llorut uses a Service Worker to enable fast loading. The Service Worker does not cache any personal data. It caches only static assets (CSS, JavaScript, icons). The cache is network-only for API calls, meaning your chat messages are never cached locally by the Service Worker.

6. Embedded Widget (Third-Party Sites)

When a Llorut widget is embedded on a third-party website, it loads a script from llorut.com. The widget:

Does not set any cookies on the third-party site
Does not track visitors across sites
Does not read any cookies from the page it is embedded on
Sends chat messages and the page URL to Llorut's API only when a visitor types a message

If you are a website owner embedding a Llorut widget, you should disclose this in your own privacy policy and cookie notice.

7. Google Fonts

Our website loads fonts from Google Fonts (fonts.googleapis.com). Google may log the request with your IP address for performance metrics. This request does not result in any tracking cookie on llorut.com. See Google's Privacy Policy for details. If you prefer, we recommend using a browser extension that blocks Google Fonts requests.

8. QR Code Generation

QR codes displayed in the admin dashboard are generated server-side by our platform using a third-party QR code generation service. Only the URL to encode is transmitted to that service — no personal data. The generated image is cached on our servers; your browser communicates solely with llorut.com when viewing QR codes.

9. Managing Cookies

You can control and delete cookies through your browser settings. Note that deleting the session cookie will log you out of the Llorut dashboard.

10. Changes to This Policy

If we introduce new cookies or storage mechanisms in the future, we will update this policy and notify registered users before the changes take effect. We commit to maintaining our privacy-first approach.

11. Contact

Questions about our cookie practices? Email privacy@llorut.com.