Cookie Policy

Last updated: 5 May 2026

This page explains what cookies and similar storage technologies Gundur uses, why, and how to control them.

What we use

Gundur uses only strictly necessary storage — the minimum needed to keep you signed in and protect the service from abuse. We do not use analytics cookies, advertising trackers, or third-party marketing pixels.

Under the Dutch Telecommunications Act (Telecommunicatiewet, art. 11.7a) and the EU ePrivacy framework, strictly necessary cookies do not require a consent banner. We list them here for transparency.

What is stored

1. Authentication (Firebase Auth)

  • Where: your browser's IndexedDB (firebaseLocalStorageDb) and localStorage.
  • What: a session ID token and a refresh token issued by Firebase Authentication (a Google service).
  • Why: to keep you signed in across page reloads and to call the server on your behalf.
  • Retention: until you sign out or clear browser data; refresh tokens expire after extended inactivity.

2. Abuse protection (Firebase App Check)

  • Where: your browser's IndexedDB.
  • What: a short-lived App Check attestation token (via reCAPTCHA Enterprise) proving the request comes from a real browser, not an automated bot.
  • Why: to prevent abuse of our API endpoints and AI generation features.
  • Retention: tokens are refreshed automatically and typically live under an hour.
  • Note: Google's reCAPTCHA may set additional first-party cookies on Google domains as part of bot scoring. See Google's privacy policy.

3. Session preferences

  • Where: your browser's localStorage / sessionStorage.
  • What: small UI state markers — for example, whether you have an active tree open, draft input that has not yet been saved, and similar transient values.
  • Why: to remember context as you navigate between pages within a session.
  • Retention: until you close the tab (session) or clear browser data (local).

What we do not use

  • No Google Analytics, Plausible, Mixpanel, or comparable analytics tools.
  • No advertising or remarketing tags (no Meta Pixel, no Google Ads tags).
  • No social-network "share" widgets that load tracking code.
  • No cross-site fingerprinting.

If this changes (for example, if we add server-side privacy-preserving analytics), we will update this page and, where the law requires it, ask for your consent first.

How to control or remove cookies

Because all of the above are essential to the service, blocking them will prevent you from signing in. You can still:

  • Sign out of your account — this clears your session tokens.
  • Clear site data via your browser's settings (Chrome / Safari / Firefox all expose this under "Site settings" or "Privacy").
  • Use private / incognito mode — storage is cleared when the window closes.
  • Delete your account, which removes server-side data as described in our Privacy Policy.

Questions

For anything related to cookies or storage on Gundur, email privacy@gundur.ai.

Gundur — sole proprietorship (eenmanszaak) operated by Pedro Neves, registered in the Netherlands. KvK 95247718 · VAT NL005140265B92.