Skip to content
grantlock
Download
Skip to legal content

Legal

Cookie Policy

Last updated:

GrantLock does not use marketing or advertising cookies on the marketing site (grantlock.ai). The Cloud product (app.grantlock.ai) uses authentication cookies set by our identity provider so that you can stay signed in. There are no analytics cookies enabled by default.

What are cookies?

Cookies are small pieces of data a website asks your browser to store. Similar technologies include local storage, session storage, and beacons. This policy describes both, and uses “cookies” loosely to mean all of them.

Marketing site (grantlock.ai)

The marketing site does not set any cookies of its own. Cloudflare may set its own bot-management cookies (typically __cf_bm and cf_clearance) to protect against automated abuse; these are required for the site to function and are categorized as strictly necessary.

When the contact, waitlist, or download form is submitted, the Cloudflare Turnstile challenge runs in an iframe. Turnstile may set short-lived cookies in its own iframe context to evaluate the challenge; these are not readable by the marketing site itself.

We do not currently load Plausible, Google Analytics, Hotjar, Segment, or any other analytics or marketing tag on the marketing site. Plausible is configured as an opt-in build-time option for the research blog (research.grantlock.ai); when enabled, Plausible itself does not use cookies.

Cloud product (app.grantlock.ai)

When you sign in to the Cloud product, our identity provider (Clerk) sets the cookies it needs to keep your session alive. Common names include __session, __client, and a __clerk_* family of helper cookies. These are required for authentication and are categorized as strictly necessary.

Cloudflare bot-management cookies (above) also apply to app.grantlock.ai. The product itself uses localStorage for non-sensitive UI preferences (column widths on data tables, expanded/collapsed sidebar groups, the last-viewed surface). These never leave your browser; they are not transmitted to our servers.

What we don't set

  • Marketing or advertising cookies of any kind.
  • Cross-site tracking cookies.
  • Cookies that contain MCP server names, tool names, or scan results.
  • Third-party analytics cookies on grantlock.ai or app.grantlock.ai.

How to control cookies

You can clear or block cookies from your browser settings. Blocking the strictly-necessary cookies above (Cloudflare bot management, Clerk session) will break the site you blocked them on — sign-in won't work, and form submissions may be rejected by anti-abuse.

If we add an analytics or marketing cookie in the future, we will gate it behind an opt-in consent banner that defaults to off, and we will update this page before it ships.