This Cookie Policy describes every cookie set by AI Domination, the service operated by 1st Place AI ("we", "us"), why it's set, how long it lasts, and how to withdraw consent for non-essential categories. It supplements our Privacy Policy and is updated whenever we add or remove a cookie.
If you have any questions about cookies on the Service, email privacy@example.com.
1. What is a cookie?
A cookie is a small text file that a website stores on your device when you visit. Modern websites also use related technologies — local storage, session storage, IndexedDB, server-set tokens stored in headers — that work similarly. We treat all of these as "cookies" for the purpose of this Policy, because the relevant law (EU ePrivacy Directive, UK PECR, CCPA) does the same.
2. Categories we use
We use three categories of cookies, each governed by a different consent regime.
2.1 Essential (strictly necessary)
These cookies are required for the Service to function. They cannot be turned off without breaking core features (sign-in, workspace switching, security). They do not require your consent under ePrivacy/PECR — they are "strictly necessary for the provision of an information society service explicitly requested by the subscriber or user."
| Cookie | Purpose | Duration | First-party or third-party |
|---|---|---|---|
next-auth.session-token (and variants prefixed __Secure- in production) |
Identifies your authenticated session. Set by NextAuth, our auth library. | Session (until sign-out) or 30 days for "remember me". | First-party |
next-auth.csrf-token |
Cross-site request forgery protection for sign-in flows. | Session | First-party |
next-auth.callback-url |
Returns you to the page you came from after sign-in. | 15 minutes | First-party |
ai-dom-org |
Pins your active workspace across requests. Required for tenant scoping. | 30 days | First-party |
ai-dom-totp-pending |
Holds an in-progress 2FA enrollment payload server-side. | 10 minutes | First-party |
aidom-consent-v1 |
Records your cookie-consent preferences so we don't re-prompt on every page. | 13 months | First-party |
2.2 Analytics
These cookies help us understand how the Service is used in aggregate — which features are popular, where users get stuck, how performance is trending. They require your explicit opt-in consent.
Today, we do not set any analytics cookies. The infrastructure to do so exists (so we can add a privacy-friendly analytics provider in the future without an architectural change), but the default state is OFF. Should we add analytics, we will:
- Update this Policy to list every analytics cookie individually.
- Re-prompt all existing users for consent (the
-v1versioning of the consent cookie above is how we know to do so). - Default the toggle to OFF — you opt in by ticking a box.
2.3 Marketing
These cookies enable retargeting, attribution, and similar advertising tooling. They require your explicit opt-in consent.
Today, we do not set any marketing cookies. As with analytics, we may add them in the future; the same opt-in pattern applies.
3. Third-party cookies
When you use an integration inside AI Domination (Slack, WordPress, LinkedIn, Reddit, etc.), the third party may set its own cookies through their domain, not ours. We have no control over those cookies; their providers' cookie policies apply. The same is true if you embed AI Domination's content into your own site via the API — your site sets its own cookies.
When you visit our marketing site (/, /pricing, /docs, /changelog, /roadmap, /status, /leaderboard), we currently set no third-party cookies. If we add them — e.g., for a customer-support live-chat widget — we will list them above.
4. Withdrawing consent
You can withdraw consent for non-essential cookies at any time:
- Click the cookie-banner trigger in the footer (it remains accessible after you've made an initial choice, so you can change your mind).
- Adjust your browser's cookie controls. Every modern browser lets you block cookies entirely or per-site. Note that blocking essential cookies will break the Service — you won't be able to stay signed in.
- For mobile browsers, the controls live under "Settings → Privacy" (Safari) or "Settings → Site settings → Cookies" (Chrome on Android).
We do not penalize you for declining non-essential cookies. Every paid feature is available regardless of your cookie choices.
5. Do Not Track and Global Privacy Control
We respect the Global Privacy Control (GPC) signal where transmitted. If your browser sends GPC, we treat it as a signal to refuse non-essential cookies on your behalf. We do not currently act on the older Do Not Track header, which has been deprecated by all major browsers.
6. Changes
We will update this Cookie Policy whenever we add, remove, or change the purpose of a cookie. Material changes will be announced via an in-app banner; the cookie banner will re-prompt for consent when needed.
7. Contact
Questions: privacy@example.com.