Cookies
What cookies and similar storage Zegami sets, why, and how to control them.
Last updated April 2026
Two surfaces, different cookies
Zegami runs two surfaces. They have different cookie footprints, so this notice splits cleanly into a marketing-site section and an application section.
| Surface | Address | What it sets |
|---|---|---|
| Marketing site | zegami.com | None on first visit. |
| Application | app.zegami.com | A signed-in session cookie + an opt-in telemetry consent flag. |
On zegami.com (this site)
The marketing site does not set first-party cookies. We don’t run analytics, advertising trackers, A/B testing, or session replay. If that ever changes we’ll list the processor and the cookies they set here first.
The site does load fonts from fonts.googleapis.com and (on
/api-docs only) Swagger UI assets from cdn.jsdelivr.net. Those
requests can carry standard browser caching headers but no
identifier we set or read.
On app.zegami.com (the application)
When you sign in, the application sets one cookie:
| Name | Purpose | Lifetime | Type |
|---|---|---|---|
zeg_session | Authenticated session — links you to your workspace and account | 30 days, refreshed on use | Strictly necessary |
This cookie is HTTP-only, secure, and SameSite=Lax. It carries no personal data — only an opaque identifier signed by our server. Without it you’d be signed out on every request, which is why it’s classed as “strictly necessary” under PECR and the EU ePrivacy directive (no consent banner required).
If you opt in to product telemetry in your account settings, the app additionally writes a single key to your browser’s local storage to remember the choice. We don’t set a separate cookie for it.
We don’t currently use cookies for analytics, A/B testing, or advertising. The cookie consent banner reflects that — there’s no “accept all / reject all” prompt because there’s nothing to reject.
Third-party storage
The application embeds resources from a small set of third parties:
- Google Fonts (
fonts.googleapis.com,fonts.gstatic.com) — serves typefaces. No cookies set. - Stripe (
js.stripe.com,m.stripe.com) — loaded only on the billing pages that mount the Stripe Checkout / Billing Portal iframes. Stripe sets its own cookies inside those iframes for fraud detection; see Stripe’s cookie policy. - Resend (server-side) — sends transactional email. No browser cookies; Resend never receives a request from your browser directly.
- Azure Container Apps (host) — load-balancer affinity cookies may be present briefly during edge routing.
Disabling cookies
You can clear or disable cookies in your browser settings. Doing so will sign you out of the application; the marketing site will be unaffected because it doesn’t set any.
Contact
Questions or corrections: hello@zegami.com.