Cookies + browser storage
Status: living document. Updated alongside the privacy policy. Last updated: 26 April 2026.
What this page is
This page explains every cookie and localStorage entry the
kirimana.io website may set in your browser, why, and how to
control it. The cookie banner you see on first visit is the
primary control surface.
Categories
| Category | Default | Purpose |
|---|---|---|
| Necessary | always on | Required for sign-in + security |
| Personalization | off | Reorder the site for your role |
| Analytics | off | (Reserved — currently unused) |
| Marketing | off | (Reserved — currently unused) |
You cannot disable Necessary — without it, the site cannot keep you signed in or protect the early-access form against abuse. You can disable any other category at any time.
What’s set in each category
Necessary
| Name | Type | Lifetime | What it does |
|---|---|---|---|
better-auth.session_token | HttpOnly cookie | 30 days | Keeps you signed in (after invitation) |
better-auth.csrf_token | HttpOnly cookie | session | Cross-site request forgery protection on auth endpoints |
Personalization (off until you accept)
| Name | Type | Lifetime | What it does |
|---|---|---|---|
kirimana.persona.slug | cookie (non-HttpOnly) | 1 year | Tells the server which role to render content for |
kirimana.persona | localStorage | until cleared | Stores your full persona profile (role, stack, pain) so the Kiri interview doesn’t repeat |
kirimana.consent | localStorage | until cleared | Records which cookie categories you’ve accepted |
When you revoke Personalization consent, both the cookie and the two localStorage entries are cleared immediately.
Analytics (reserved)
We don’t run analytics today. When we do, we’ll choose a privacy-respecting provider that:
- Honors Do-Not-Track / Global Privacy Control
- Doesn’t fingerprint visitors
- Stores aggregate data only
- Hosts data in the EU
We’ll update this page before turning anything on.
Marketing (reserved)
We don’t run marketing pixels today. When we add a newsletter, we’ll add an explicit opt-in to the cookie banner.
What we DO NOT use
- ❌ Google Analytics
- ❌ Meta Pixel
- ❌ Hotjar / FullStory / session-replay tools
- ❌ Cross-site tracking pixels of any kind
- ❌ Browser fingerprinting
Manage your preferences
Use the cookie banner (re-open it from any page footer link when we add the trigger). Or:
- Sign out to remove the session cookie
- Visit
/account→ Consent to revoke Personalization - Clear site data in your browser to remove everything
Questions
privacy@kirimana.io — we respond within 30 days.