Cookie Policy
Last updated: May 5, 2026
1. What are cookies
Cookies are small text files that websites place on your device to remember preferences, keep you signed in, and understand how the service is used. Some cookies expire when you close your browser; others stay until they're explicitly deleted.
2. Cookies we use
We use the smallest set of cookies needed to run the service:
- ap_access — your authentication token (HTTP-only, Secure, SameSite=Lax). Required to access your workspace. Expires after 1 hour; refreshed automatically while you're active.
- ap_refresh — used to renew ap_access without asking you to log in again. Expires after 30 days.
- theme — remembers light/dark mode preference.
- tour_dismissed — remembers which onboarding tours you've already completed.
3. Analytics
We do not use third-party analytics cookies. Internal usage is tracked server-side via your authenticated session — no client-side trackers, no advertising IDs.
4. Third-party services
When you sign in with Google, Facebook, or Apple, those providers may set their own cookies during the OAuth flow. We don't control those cookies — see each provider's privacy policy.
When you use Stripe (for billing), Stripe sets cookies necessary for fraud protection on the checkout pages. Stripe's cookie policy is at stripe.com/cookie-settings.
5. Managing cookies
You can clear cookies through your browser settings at any time. If you clearap_access orap_refresh, you'll be signed out and need to log in again.
Blocking essential cookies will prevent the service from working — sign-in and workspace access both depend on them.
6. Changes to this policy
If we change which cookies we use, we'll update this page. Substantial changes that affect your privacy will be communicated via email or in-app notice.
7. Questions
Reach us at privacy@kenwoodsolutions.com or via the support form.