Cookie Policy
Effective 2026-05-18.
This page explains how Hackers Agent (the “Service”, operated by Agentic Security Labs LLC) uses cookies, local storage, and similar tracking technologies on hackersagent.com and app.hackersagent.com. It is incorporated by reference into our Privacy Policy.
1. What is a cookie?
A cookie is a small text file a website stores in your browser. We also use closely related technologies — localStorage, sessionStorage, and IndexedDB — which behave the same way for purposes of this policy. Where this document says “cookie” treat it as covering all four.
2. The categories we use
2.1 Strictly necessary (always on)
These are required for the Service to function and cannot be disabled in our cookie controls. Blocking them via your browser will break sign-in, billing, and agent invocation.
| Cookie | Purpose | Lifetime |
|---|---|---|
wos-session | WorkOS AuthKit session token — keeps you signed in | 30 days, sliding |
ha_terms_agreed | Records that you accepted the Terms of Service checkbox on the pricing page (compliance audit trail) | Session |
__stripe_mid, __stripe_sid | Stripe fraud-prevention — set by Stripe.js when checkout loads | 1 year / 30 min |
cf_* | Cloudflare bot-management and rate-limiting — set by our CDN | Up to 30 days |
2.2 Functional (always on)
These remember your preferences inside the app. They are first-party and do not leave our infrastructure.
| Storage key | Purpose | Lifetime |
|---|---|---|
ha_active_agent | Remembers which agent you last used so it's preselected on your next visit | Persistent (until you clear browser data) |
ha_chat_history_cache | Local mirror of your recent chat list so the sidebar loads instantly — the source of truth is on our server | Persistent |
ha_ui_* | Layout preferences (sidebar collapsed, agent-pane width, etc.) | Persistent |
2.3 Analytics (opt-in)
We use minimal first-party analytics to understand which pages and agents people use, so we can prioritize improvements. We do not use Google Analytics, Facebook Pixel, or any ad-network trackers.
| Cookie | Purpose | Lifetime |
|---|---|---|
_va_session | Vercel Analytics session identifier — aggregated page views, no cross-site tracking | Session |
ha_telemetry_opt_in | Your analytics consent choice (the cookie that records whether the other analytics cookies may run) | 1 year |
2.4 Marketing (opt-in, EU/UK only consent banner)
Currently we run no third-party marketing or retargeting pixels. If that changes we will update this section and re-prompt EU/UK users for consent before enabling any new tracker.
3. Your choices
- Cookie banner. EU and UK visitors see a consent banner on first visit. Choices can be re-opened any time via the “Cookie settings” link in the site footer.
- Browser controls. All major browsers (Chrome, Firefox, Safari, Edge, Brave) let you block or delete cookies per-site. Doing so for app.hackersagent.com will sign you out and disable functionality.
- Do Not Track. We respect the
Sec-GPC(Global Privacy Control) header and treat it as an opt-out of analytics for that browser. - Account deletion. Deleting your account (Profile → Settings) purges all server-side state per the Refund Policy § 7 retention schedule.
4. Cross-border transfer
Our auth provider (WorkOS) and analytics provider (Vercel) are US companies. EU/UK users' cookie-derived data is transferred to the US under Standard Contractual Clauses. See our Privacy Policy for the full sub-processor list and transfer mechanism.
5. Changes
If we add a new cookie category (e.g., a marketing pixel), we will update this page, bump the Effective date at the top, and re-prompt EU/UK visitors for consent before the new tracker activates.
6. Contact
Questions about cookies or your data? privacy@hackersagent.com. We respond within 5 business days.