1. Introduction & what cookies are
This Cookie Policy explains how David Bogdanov, sole proprietor, doing business as Archius ("we," "us," or "our"), uses cookies and similar technologies when you visit archius.app or use the Archius mobile applications for iOS and Android (collectively, the "Services"). Read it alongside our Privacy Policy.
Cookies are small text files that a website places on your device when you visit. They let the site remember things about your visit — like that you've completed a security check — and help with basic functionality. Web beacons and pixels are tiny images embedded in pages or emails that can report when content is loaded; local storage (including localStorage and sessionStorage) stores small bits of data in your browser without sending it to a server unless the site explicitly asks.
On mobile, the equivalent technologies are different but serve similar purposes: device identifiers (such as Apple's IDFV or Android's Advertising ID), secure keychain or keystore entries, and encrypted on-device storage. For convenience, this policy refers to all of the above collectively as "tracking technologies," even though most of what Archius uses isn't actually tracking you — it's just keeping the site and app working.
The short version. Archius does not use analytics cookies, advertising cookies, retargeting pixels, or social-media tracking. We don't run Google Analytics, Facebook Pixel, or any third-party ad network. The only cookies our website may set are the strictly necessary ones described below — and the only ones a typical visitor will encounter come from the Cloudflare Turnstile security check on our contact form.
2. How we use cookies (and how we don't)
We've designed Archius to have a minimal cookie footprint. The website at archius.app is primarily an informational site — you can read about the product, view pricing, contact us, and download the mobile app. There is no account login on the website at this time. Because of that, we only set cookies for two reasons:
- Strictly necessary — cookies that are required for the site, the contact form, or our hosting infrastructure to function.
- Functional — cookies or local-storage entries that remember basic preferences if you choose to set them. (As of the effective date of this policy, no such preference toggles exist on the site, but we describe this category for transparency in case we add one.)
We do not use cookies for analytics, advertising, marketing, retargeting, behavioral profiling, or building any kind of audience for ad networks. We don't measure how long you stayed, what you scrolled past, or where your mouse hovered. We don't share information with data brokers. There is no advertising business behind Archius — the product is funded by subscriptions, not by selling your attention.
3. Types of cookies we use
The table below lists the cookies and local-storage entries the Archius website may set. Some of these depend on the hosting environment (staging vs. production, whether you use the contact form, and so on), so not every visitor will encounter every entry below. Where exact cookie names depend on a third-party vendor or environment, we describe the category rather than guessing at a specific name.
| Name (or category) | Set by | Purpose | Duration |
|---|---|---|---|
cf_chl_* / Turnstile challenge token |
Cloudflare (on /contact only) | Issues and validates the "I'm not a robot" challenge on the contact form. Without it, we can't tell automated spam from real people. | Session to ~24 hours |
Cloudflare security cookies (e.g. __cf_bm) |
Cloudflare | Bot-management and edge security signals applied to traffic going through Cloudflare. Strictly necessary for fraud and abuse protection. | Up to 30 minutes per request |
| Vercel infrastructure cookies | Vercel (hosting layer) | May be set by our hosting provider for routing, deployment-protection, or preview-environment access. Most production visitors will not see these; they typically appear only on preview or staging deployments (for example, a cookie similar to __vercel_live_token on preview URLs). |
Session or short-lived |
| Preference local-storage (potential future use) | Archius (first-party) | Reserved for future use — for example, a theme toggle or a dismissed-banner flag. As of the effective date, the site does not set any first-party preference storage. If we add one, this table will be updated. | Until cleared by the user |
We've deliberately kept this list short and honest. If you inspect the site in your browser's developer tools and see something not listed here, it's most likely an artifact of a third-party security or hosting layer (Cloudflare or Vercel) operating as described above. If you're unsure, email privacy@archius.app and we'll look into it.
4. Cookies we do not use
To be completely explicit, here is what Archius does not set, load, or permit on its website or in its mobile apps as of the effective date of this policy:
- Analytics cookies — no Google Analytics, no Plausible, no Fathom, no Mixpanel, no PostHog, no Amplitude, no Heap, no Segment, no Matomo. No first-party analytics either.
- Advertising and marketing cookies — no Google Ads, no Microsoft Advertising, no TikTok Pixel, no LinkedIn Insight Tag, no Twitter/X Pixel, no Reddit Pixel, no Pinterest Tag.
- Social-media tracking pixels — no Meta/Facebook Pixel, no Instagram tracking, no embedded social widgets that phone home.
- Retargeting / behavioral profiling — no ad networks, no DSPs, no audience-building tags, no data clean rooms, no cross-site identity resolution.
- Third-party session replay — no FullStory, no LogRocket, no Hotjar, no Smartlook, no Mouseflow.
- "Sale" or "sharing" of personal information in the sense defined by US state privacy laws — we don't do it.
This is a deliberate product decision, not just an oversight. We may add a privacy-respecting first-party analytics solution in the future; if we do, we will update this policy in advance and describe exactly what gets collected.
5. Third parties that may set cookies
The two third parties that may set cookies through our website are:
- Cloudflare — provides DNS, edge security, email routing, and the Turnstile CAPTCHA on our contact form. Cloudflare's cookies are strictly necessary for the security layer to work. See Cloudflare's privacy policy.
- Vercel — hosts the Archius website and serves these legal pages. Vercel may set small infrastructure cookies for routing or deployment protection, especially on preview deployments. See Vercel's privacy policy.
These third parties are acting as service providers / data processors to us. They are contractually limited to processing data only as needed to deliver their services. They have their own privacy policies, and we encourage you to read them — we don't control how they handle data once it reaches their infrastructure.
6. Mobile app equivalents
The Archius iOS and Android apps don't use HTTP cookies in the traditional sense — mobile apps generally don't. Instead, they rely on a small set of functional equivalents. None of the following is used for advertising or cross-app tracking.
iOS Keychain / Android Keystore
Authentication tokens issued by our identity provider, Clerk, are stored in your device's secure keychain (iOS) or keystore (Android). This is how the app keeps you signed in between sessions without asking for your password every time. These tokens never leave your device except to be sent to Clerk's authentication endpoints. Deleting the app removes them.
Device identifiers (IDFV / Android Advertising ID)
Our subscription-management provider, RevenueCat, uses your device's IDFV (Identifier for Vendor, on iOS) or an Android equivalent to associate your purchase with your account and to keep your subscription state consistent across reinstalls and devices. IDFV is not the same as IDFA (the advertising identifier); IDFV is scoped to a single vendor and is not used for cross-app advertising. Because of that, Apple's App Tracking Transparency (ATT) framework does not apply to IDFV, and Archius does not present an ATT prompt — we have nothing to ask permission for, because we don't track you across other companies' apps and websites.
MMKV / encrypted on-device storage
The mobile apps use MMKV (an encrypted key-value store) to persist your chat history, draft messages, and app preferences locally on your device. This data does not get sent to our servers as part of normal operation; it stays on the phone. Clearing app data or uninstalling the app removes it.
Crash and diagnostic reporting
If we enable Sentry for crash and error reporting in the future, it will collect technical diagnostic data (stack traces, OS version, app version, anonymized device model) — not cookies, and not the content of your conversations. We'll update this policy if and when Sentry is turned on.
7. How to manage and disable cookies
Because our website's cookie footprint is so small, blocking cookies will mostly affect one thing: the Cloudflare Turnstile security check on the contact form. If you block all cookies, the contact form may not be able to verify you're human, and you'll need to use email (privacy@archius.app) instead. The rest of the site should still work.
Most browsers let you view, manage, and delete cookies in their settings. Here are the official help pages for the major browsers:
- Chrome — Clear, allow and manage cookies in Chrome. (Settings → Privacy and security → Cookies and other site data.)
- Safari (macOS) — Manage cookies in Safari. (Safari → Settings → Privacy.)
- Safari (iOS) — Clear the history and cookies from Safari on iPhone, iPad, or iPod touch. (Settings → Apps → Safari.)
- Firefox — Clear cookies and site data in Firefox. (Settings → Privacy & Security → Cookies and Site Data.)
- Microsoft Edge — Delete cookies in Microsoft Edge. (Settings → Cookies and site permissions.)
- Brave, Opera, Vivaldi — Chromium-based browsers generally follow the same path as Chrome, in the privacy section of Settings.
On mobile, you can reset your Advertising ID at any time from your device settings (iOS: Settings → Privacy & Security → Tracking and Apple Advertising; Android: Settings → Privacy → Ads). Note again that Archius does not use the Advertising ID — only IDFV / vendor-scoped identifiers via RevenueCat — so resetting it will not affect the Archius experience, but it's good general hygiene.
8. Global Privacy Control (GPC)
Global Privacy Control is a browser-level signal that lets you communicate, in a single setting, that you don't want your personal information sold or shared. It's supported by browsers and extensions including Brave, Firefox (via extension), DuckDuckGo, and others. See globalprivacycontrol.org to learn how to enable it.
Archius honors GPC signals. If your browser sends a GPC signal when you visit archius.app, we treat that as a valid request to opt out of any "sale" or "sharing" of personal information under the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act, the Connecticut Data Privacy Act, and other US state privacy laws that recognize universal opt-out mechanisms. You don't need to do anything else — no form to fill out, no cookie to accept. The signal speaks for itself.
Practically speaking: because we don't sell or share personal information in the first place, GPC doesn't change much about your experience on Archius. But the signal is respected.
9. Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) setting that sends a header asking sites not to track you. No industry-wide standard for how sites should respond to DNT was ever finalized, and major browsers have moved away from it in favor of GPC. Consistent with the position in our Privacy Policy, Archius does not currently respond to DNT signals. We do, however, honor GPC, as described above — and we don't run the kind of tracking that DNT was designed to push back against in the first place.
10. Changes to this Cookie Policy
We may update this Cookie Policy from time to time — for example, if we add a feature that introduces a new cookie, change a third-party provider, or update an effective date. The current version is always available at archius.app/cookies, and the effective date at the top tells you when it last changed.
For material changes — meaning changes that would meaningfully expand the kinds of cookies or tracking technologies we use — we will give at least 30 days' notice in advance. If you have an account and a verified email on file, we'll email you. If you don't, we'll post a notice on archius.app before the change takes effect.
11. Contact
Questions about this Cookie Policy, or about a specific cookie you see in your browser? We're happy to answer.
Email: privacy@archius.app
Mail:
David Bogdanov
12910 NE 43rd Cir
Vancouver, WA 98682
United States