Effective date: 1 July 2026 · Last updated: 1 July 2026
This Cookie & Tracking Policy explains how the lab.ai Identity Platform uses cookies and similar technologies, and how you control them. It sits alongside our Privacy Policy: the Privacy Policy governs personal data generally, while this document focuses on the client-side technologies that set or read identifiers in your browser.
This policy covers the lab.ai marketing website and app.lab.ai, the authenticated dashboard where subscribers manage their identities. It does not cover customer-controlled subdomains (for example john.lab.ai), which are operated by our subscribers rather than by us.
Cookies are small text files a website stores in your browser. They let a site remember actions and preferences — for example, that you are signed in — across pages and visits.
For consent purposes we treat the following the same way as cookies:
Throughout this policy, "cookie" and "tracker" are used interchangeably to mean all of these. First-party trackers are set by lab.ai itself; third-party trackers are set by external vendors whose scripts run on our pages, and those vendors may combine the data with information they hold from other sites under their own policies.
We group trackers into three categories. Only the Essential category loads without consent. Analytics and Advertising trackers are blocked until you opt in.
| Category | Consent | Examples | Purpose | Typical duration |
|---|---|---|---|---|
| Essential (strictly necessary) |
No consent needed | Sign-in session and authentication tokens; anti-forgery token; traffic routing; the record of your own cookie choice | Authenticate you, keep you signed in, protect forms, route traffic, and remember your cookie choices. The site cannot function without these. | Session-based up to long-lived, per our authentication provider's defaults |
| Analytics (product & web analytics) |
Consent required | Product analytics (PostHog) and web analytics (Google Analytics 4) | Understand how the site and dashboard are used, which features are adopted, and where users drop off, so we can improve the product. Aggregated and pseudonymous where possible. | Up to roughly 13 months |
| Advertising (marketing & remarketing) |
Consent required | Google Ads conversion and remarketing tags, typically delivered via Google Tag Manager | Measure ad-campaign conversions and build remarketing audiences so we can show relevant lab.ai ads to prior visitors. | Up to roughly 2 years, depending on the specific cookie |
Google Tag Manager is a loader rather than a tracker in itself, but because it can inject analytics and advertising tags, our consent controls gate it so that it does not fire non-essential tags before you consent. The vendor list above reflects the technologies we currently use; if we add materially new vendors or purposes, we will update this policy and re-request consent.
Essential trackers are exempt from consent because they are strictly necessary to deliver a service you have actively requested — signing in, keeping a session, and security. This includes the small record of your own consent choice: we need to remember that you said "no" without asking you to consent to remembering it.
Analytics and Advertising trackers are not strictly necessary. They exist for our insight and marketing, not to deliver the core service, so they require your prior, informed, opt-in consent.
The third parties whose trackers may run on our sites, subject to your consent, operate under their own privacy and cookie terms:
Some of these vendors are based outside your jurisdiction and may transfer data internationally. Where that occurs, transfers are made using the safeguards described in our Privacy Policy and required by applicable law.
Questions about this policy or your cookie choices? Email legal@lab.ai.