Cookie Policy

How TopoTopic uses cookies for authentication, security, preferences, and analytics.

Contents

  1. 1. Overview
  2. 2. Cookie categories
  3. 3. Key cookies we set
  4. 4. How to control cookies

1. Overview

This Cookie Policy explains how TopoTopic uses cookies and similar technologies on topotopic.com.

Cookies are small text files stored on your device by your browser. We use them for essential functionality (like authentication and security), to remember preferences, and to enable analytics when you choose to allow it.

Recording and transcription controls (such as speaker labels and audio retention) are managed in product feature settings, not in cookie categories.

Contract acceptance is recorded server-side. Cookie values may cache acceptance status for performance, but the acceptance record of authority is maintained in service records.

We may also store certain preferences using browser storage (for example, local storage) to remember choices like cookie preferences between visits.

For broader information about our data practices, see our Privacy Policy and Legal Notice / Imprint.

3. Key cookies we set

The exact cookie names and attributes can vary by environment (for example: cookies may be prefixed with __Host- in production for additional security). The list below reflects the primary cookies used by the Service.

CookieCategoryPurposeTypical lifetime
__Host-session / sessionEssentialAuthentication session cookie (HTTP-only).Up to ~60 minutes
__Secure-next-auth.session-token / next-auth.session-tokenEssentialSession cookie used by NextAuth (HTTP-only).Up to ~60 minutes
__Host-topotopic-refresh / topotopic-refreshEssentialRefresh token cookie for session renewal (HTTP-only).Up to ~24 hours
__Host-tt-consent / tt-consentEssentialStores analytics consent preferences (HTTP-only).~7–365 days (varies by choice/config)
__Host-tt-legal / tt-legalEssentialCaches accepted Terms/Privacy/Cookie versions for faster gate checks (HTTP-only). Server-side acceptance records remain authoritative.Up to 365 days
topotopic-session-idEssentialStabilizes session correlation and request diagnostics.Up to 1 year
topotopic-experimentsAnalyticsStores experiment assignment state when analytics consent is enabled.Up to 1 year
vault_prefsPreferenceStores certain Vault UI preferences.Up to ~120 days
topotopic-chat-id / topotopic-chat-uuidPreferenceTracks the current Vault chat context.Up to 1 year
tt_surfaceEssentialStores an internal surface selection marker (HTTP-only).Up to ~30 days
topotopic_bot_guardEssentialHelps protect the Service from automated abuse (HTTP-only).~15 minutes
consent-analytics-enabledAnalyticsSignals analytics consent to client-side analytics scripts.Matches consent cookie TTL

Note: Some cookies may be set temporarily for specific flows (for example: authentication or passkey registration steps) and may not appear in the table above. Legacy consent cookies (like consent-analytics) may appear in older sessions while the Service migrates preferences.

When analytics consent is enabled, browser-side analytics providers such as Google Analytics or PostHog may also store provider-specific identifiers in cookies or browser storage. Exact names can vary by provider version and environment.

4. How to control cookies

Most browsers let you remove or reject cookies. Doing so may prevent parts of the Service from working (for example, sign-in and session management).

You can also clear site data (cookies and browser storage) using your browser settings. If you clear site data, you may see the cookie consent prompt again.

You can update analytics consent through the in-app consent flow. You can also review our Privacy Policy for additional controls.

Cookie consent is generally stored per browser and device. Changing consent on one device may not automatically update your preferences on another device or browser profile.

Withdrawing analytics consent stops future optional analytics collection from that browser session going forward, but it does not disable essential cookies needed for sign-in, security, or legal/version gating.

Recording and transcription settings are managed in product feature controls, not in cookie preferences.

Last updated 2026-03-28.

Back to TopoTopic