Cookie Policy
Last updated: April 18, 2026
This Cookie Policy explains how GanttFather uses cookies, similar tracking technologies, and browser storage (localStorage, sessionStorage, IndexedDB) on the Website and in the Service. Read this Policy together with our Privacy Policy.
1. What are cookies?
Cookies are small text files that a website places on your device to remember preferences, keep you signed in, and measure usage. "Similar technologies" include localStorage and sessionStorage (used like cookies but stored in the browser), and pixels or beacons embedded in pages. In this Policy we refer to all of them as "cookies".
2. Categories we use
Expand each category to see the exact storage entries, providers, and durations.
Strictly necessary Always on
Required to deliver the Service you requested. Without them sign-in, security checks, and core features would not work. No consent is required under GDPR because they are exempt.
| Storage | Provider | Purpose | Duration |
|---|---|---|---|
firebaseLocalStorageDb (IndexedDB) | Identity provider | Keeps you signed in, stores refresh token. | Until sign-out |
CF_Authorization | Edge / zero-trust access provider | Protects private admin interfaces with zero-trust auth. | Session / up to 24h |
__cf_bm, cf_clearance | Cloudflare | Bot-management, challenge verification, DDoS protection. | 30 min – 1 year |
ganttfather:consent (cookie, .ganttfather.com) | GanttFather | Stores your cookie-preference choice so we don't ask again. Shared across the marketing site and the app so your choice is honored in both places. | 12 months |
ganttfather:ui:* (localStorage) | GanttFather | UI preferences (language, view mode, column widths). | Until cleared |
Functional Always on
| Storage | Provider | Purpose | Duration |
|---|---|---|---|
i18nextLng (localStorage) | GanttFather | Remembers your selected language. | Until cleared |
| MCP OAuth state (sessionStorage) | GanttFather | CSRF protection during AI-agent authorization flow. | Until the flow completes |
Diagnostics Consent required
These help us reproduce crashes and improve reliability. We only set them if you accept the cookie banner, and you can change your choice at any time.
| Storage | Provider | Purpose | Duration |
|---|---|---|---|
sentryReplaySession (sessionStorage) | Error diagnostics provider | Records a sampled session replay (10% of sessions, 100% on error) to diagnose bugs. Masks text inputs by default. | Until tab closes |
| Performance tracing IDs | Error diagnostics provider | Performance tracing to identify slow endpoints. | Per request |
Marketing and analytics None used
We currently do not use third-party advertising, retargeting, Google Analytics, Google Tag Manager, Meta Pixel, LinkedIn Insight, or similar marketing trackers. If this changes we will update this Policy and ask for your consent where required.
3. Managing your choices
- Use the "Cookie preferences" link in the footer to review or change your choice at any time.
- Most browsers let you block or delete cookies in their settings. Blocking strictly necessary cookies will break sign-in and core features.
- On the Website, declining diagnostics cookies keeps error tracking off for your session.
- You can also opt out of session replay at any time from your account settings once signed in.
4. Do Not Track
We respect the Global Privacy Control (GPC) signal and treat it as a withdrawal of consent for optional cookies. Older browser "Do Not Track" headers are no longer maintained by a standards body; we currently do not act on them specifically, but GPC provides equivalent coverage.
5. Changes to this Policy
We update this Policy when our cookie usage changes. Material changes are shown via the cookie banner on your next visit.
6. Contact
Questions: [email protected].
This document is provided for informational purposes. It reflects GanttFather's current cookie usage and is not legal advice. Consult qualified counsel for regulatory compliance.