Cookie Policy

Effective date: April 30, 2026

Last updated: April 30, 2026

This Cookie Policy describes the cookies and similar storage technologies that the platform at goatech.ai, operated by GoaTech AI LLC (CA entity number B20260198511, principal office: 2108 N Street #4923, Sacramento, CA 95816), uses and how you can control them. It supplements our Privacy Policy.

What Are Cookies and Similar Technologies

“Cookies” are small text files stored on your device by your browser. We also use other browser-storage mechanisms — localStorage and sessionStorage — for purposes that don't require sending data with every request. References to “cookies” below cover both, unless we say otherwise.

Cookies We Set

All cookies set by goatech.ai are first-party. We do not set any third-party advertising or tracking cookies, and we do not share data with third-party ad networks.

Essential (strictly necessary)

These are required for the platform to function and cannot be disabled without breaking login and core features.

• refreshToken — HttpOnly, Secure session cookie used to keep you logged in. Lifetime: up to 30 days; rotates on every refresh.
• lp_project_id — stores your currently selected project so the dashboard loads in context. Lifetime: 1 year.
• lp_environment_id — stores your currently selected environment. Lifetime: 1 year.
• ui_lang (when set) — remembers your chosen interface language so the UI doesn't reset on every visit. Lifetime: 1 year.

First-Party Analytics (legitimate-interest)

We use our own Sheepit SDK for first-party product analytics — page views, feature usage, error reports, and engagement signals — to understand how the product is used and to improve it. This data is first-party, is not sold or shared with third-party advertising networks, and relies on the “legitimate interest” lawful basis under GDPR Art 6(1)(f) (or your consent where required).

The SDK uses browser localStorage and sessionStorage (not cookies in the strict sense — these never travel in HTTP requests):

• gt_device_id, gt_anonymous_id — pseudonymous device and visitor identifiers used to deduplicate events. Lifetime: until you clear browser storage.
• gt_identity — links the pseudonymous identifier to your logged-in account so events are attributed correctly.
• gt_session_id, gt_session_last_seen — group events into a session (rolls over after 30 minutes of inactivity).
• gt_session_attribution, gt_first_touch — record UTM parameters and the referring page for the session and for the first-ever visit, so we can attribute signups to the campaign that drove them.
• gt_exp_assignments — caches the experiment variants you've been bucketed into so the same variant is shown across visits.
• gt_offline_queue, gt_config — internal queues and cached SDK configuration; flushed when you next come online.

Third-Party Cookies

We do not set third-party advertising or tracking cookies. During checkout, our payment provider (Paddle) may set cookies on its own checkout domain to facilitate the payment; those cookies are governed by Paddle's privacy and cookie policies. Stripe may do the same on legacy or B2B billing flows.

Do Not Track

Because there is no industry-wide standard for how to interpret browser Do-Not-Track signals, we do not currently respond to them. Our analytics are first-party and we do not share data with third-party advertising networks regardless of DNT.

Managing Cookies

You can clear cookies and browser-storage entries through your browser settings. Note that clearing essential cookies will log you out of the platform. Most browsers also let you block cookies entirely; doing so will prevent login and break parts of the Services.

You may also delete your account and associated data at any time from your account settings or by emailing security@goatech.ai.

Consent

Today the cookies and storage we set fall into two categories: (a) strictly necessary for the Services, which do not require consent under the EU ePrivacy Directive, and (b) first-party analytics, which we operate under legitimate interest. We do not deploy third-party advertising, retargeting, or social-media-pixel cookies. If we add any non-essential third-party cookie in the future, we will surface a consent banner to EU/UK visitors before such cookies are set.

Changes

We may update this Cookie Policy from time to time. The “Last updated” date at the top of this page reflects the most recent change.

Contact

Questions about our cookie practices? Email security@goatech.ai.