MITPO uses cookies and similar storage (localStorage, sessionStorage) to keep you logged in, remember preferences, and protect the service from abuse. This page describes what we use and why. We intentionally keep the list short — we do not run an ad network on top of customer visits.

These cookies are required for the site to work. Disabling them will break authentication and core functionality. They are set regardless of consent because the site cannot deliver the service without them.

• Session cookie — keeps you logged in across pages.
• CSRF token — protects form submissions against cross-site request forgery.
• OAuth state — carries the return-to URL through an external SSO redirect.
• Rate-limit identifiers — prevent abusive request volume on public endpoints.

These are stored in browser localStorage (not cookies) and never leave your device. They remember UI choices so the product feels consistent across visits.

• Theme preference (light / dark / system).
• Creative Studio layout choice (sidebar vs chat view).
• Last-used AI model per mode, so the picker defaults to what you chose last.
• Dismissed tips and onboarding hints (so you do not see them twice).

We measure product usage so we can improve it. Where analytics is enabled, events are minimized to what we actually use for product decisions and are not shared with advertising networks.

• Page views and route transitions (no ad-network fan-out).
• Anonymized event telemetry (which buttons are clicked, where funnels drop off).
• Error and performance monitoring — see the Security and Sub-processors pages for the provider.

Stripe sets cookies on the payment flow when you enter or update a card. These are covered by Stripe’s own cookie policy and are out of MITPO’s direct control. We do not receive card data from those cookies — only Stripe’s customer ID.

You can clear cookies and localStorage for the MITPO domain at any time using your browser’s site-data controls. Clearing these will log you out and reset preference storage. Browser-level "Do Not Track" signals are respected where analytics toggles support them.

If we add a new cookie or tracking technology that materially affects this list — especially anything that would share data with a third party — this page is updated and, for material changes, we announce the update in-app.