MODELITH
Request access

Legal

Cookie Policy

A short, honest list of every cookie and localStorage value that the Modelith dashboard and marketing site set. There is one. We do not track you across the web.

Last updated:

What cookies and local storage are

A cookie is a small text file that a website asks your browser to store, and to send back with every subsequent request to the same site. Local storage is a similar but separate key-value store that stays in your browser and is never sent to the server automatically; client-side JavaScript reads it on demand.

We use exactly one cookie, and one localStorage entry, and both serve the same purpose: keeping you signed in. There are no analytics cookies, no advertising cookies, and no third-party trackers on modelith.cloud.

Essential cookie

The dashboard sets a single first-party cookie named modelith_token. The cookie carries a signed JSON Web Token (JWT) that authenticates you to the API. The cookie is set on the response that follows a successful login, is marked HttpOnly so client-side JavaScript cannot read it, is marked Secure in production so it is only sent over HTTPS, and uses the SameSite=Lax attribute to limit its exposure to cross-site request forgery.

The token expires 24 hours after it is issued. The dashboard uses a refresh token to obtain a new access token silently; the refresh token expires 30 days after issue.

This cookie is strictly necessary for the product to work. If you block it in your browser settings, the dashboard will not function and you will be unable to view usage, manage keys, or change settings. The marketing site does not set this cookie for anonymous visitors.

Local storage

The dashboard mirrors the authentication token to localStorage under the same key name (modelith_token). The mirror exists because some client-side code paths (in particular the in-product chat and the OpenAI-compatible explorer) need to read the token to attach it to API requests without parsing the cookie on every call. The localStorage copy is deleted when you sign out.

We may also store small UI preferences in localStorage — for example the open/closed state of the sidebar, the active theme, and the last-used tab in the usage dashboard. These values are scoped to your browser and never transmitted off the device.

What we do not use

We do not use any of the following on modelith.cloud or in the dashboard:

  • Third-party analytics (no Google Analytics, no Plausible, no PostHog)
  • Session replay or product analytics (no Hotjar, no FullStory, no LogRocket)
  • Advertising cookies or pixels (no Meta, no Google Ads, no LinkedIn Insight)
  • Cross-site tracking identifiers
  • Social media widgets that drop cookies before you click them

If this changes — for example, if we adopt a privacy-friendly first-party analytics tool — we will update this page, announce the change in the release notes, and provide an opt-out where required by law.

How to clear

To clear the authentication cookie and the localStorage mirror, sign out from the dashboard using the “Sign out” control in the user menu. The sign-out action invalidates the refresh token server-side and deletes the local copy of the token.

To clear all browser-side state without signing out, open your browser’s developer tools, go to Application → Storage, and clear site data for modelith.cloud. This deletes the cookie, the localStorage entry, and any cached service-worker state.

You can also configure your browser to block all cookies for modelith.cloud. The marketing site remains readable with cookies blocked; the dashboard does not.

Questions about this document? founders@modelith.cloud