Cookie Policy

Effective date: 7 May 2026 Last updated: 9 May 2026

This Cookie Policy explains how Dimitris Goudis Consulting Ltd (trading as 3Nuggets) ("Brain Graph", "we", "us") uses cookies and similar technologies on itsbraingraph.ai (the "Service"). It should be read together with our Privacy Policy and our Terms of Service.

1. What are cookies and similar technologies?

A cookie is a small text file that a website places on your device when you visit it. Cookies let the site remember information about your visit — for example, that you are signed in, or what theme you prefer.

We also use, and refer to in this policy, two other technologies that behave similarly:

localStorage / sessionStorage — browser storage that, like cookies, holds small amounts of data on your device but is read only by scripts running on the page that wrote it.
Pixels and similar tags — tiny resources loaded from a third party that can read or set cookies in that third party's domain.

Where this policy says "cookies", it means cookies and these similar technologies, unless we say otherwise.

2. How Brain Graph uses cookies

Brain Graph is a software application, not an ad-supported site. We do not use advertising cookies, behavioural-tracking cookies, or cross-site tracking pixels. The cookies and similar technologies you will encounter when using the Service fall into the categories below.

2.1 Strictly necessary

These are required for the Service to function. You cannot turn them off through our cookie controls because the Service will not work without them.

Name / key	Set by	Type	Purpose	Duration
`sb-<project>-auth-token` (and related Supabase keys)	Brain Graph (via Supabase JS)	`localStorage`	Stores your authenticated Supabase session so you stay signed in across page loads.	Until you sign out or clear your browser storage
`sidebar_state`	Brain Graph	HTTP cookie (first-party, `path=/`)	Remembers whether the in-app sidebar is open or collapsed so the layout stays consistent across page navigations within the authenticated app.	7 days (rolling — refreshed each time you toggle the sidebar)
`braingraph_cookie_consent_v1`	Brain Graph	`localStorage`	Stores your own cookie-preference choices so we don't ask again on every visit.	Until you clear your browser storage or click "Manage cookies" in the footer to change your choice

Notes:

The Brain Graph public API authenticates with bearer tokens in the Authorization header, not cookies. Calls to /api/* from external integrations (Claude Cowork, Zapier, Make, MindStudio, etc.) do not set or rely on cookies.
We do not currently issue a server-side session cookie of our own. If this changes, this section will be updated and a new entry will be added before the cookie is deployed.

2.2 Functional / preference

These remember choices you make so the Service behaves the way you expect on your next visit. You can turn them off in the cookie preferences (footer → "Manage cookies"), but turning them off will degrade the experience.

Name / key	Set by	Type	Purpose	Duration
`theme`	Brain Graph (via `next-themes`)	`localStorage`	Remembers whether you chose light, dark, or system theme.	Until you clear your browser storage
`brain-graph-error-boundary-last-reload`	Brain Graph	`sessionStorage`	Throttles the app's automatic recovery reload after a transient error so we don't reload-loop.	Until you close the browser tab

2.3 Third-party services

Some pages load third-party services. Where they set cookies, those cookies live on the third party's own domain and are governed by the third party's own policy — not by us.

Provider	What we load on `itsbraingraph.ai`	Where any cookies live	Reference
Tella	The 2-minute demo video on the home page is an `iframe` embedded from `tella.tv`. The iframe is only loaded after you give consent in the cookie banner / preferences, or after you explicitly click the play-button placeholder on the home page.	`tella.tv` — Tella may set its own cookies inside its iframe context	https://www.tella.tv/legal
Stripe	When you upgrade to a paid plan, we redirect you to Stripe-hosted Checkout at `checkout.stripe.com`. No Stripe scripts load on `itsbraingraph.ai` itself.	`stripe.com` / `checkout.stripe.com` — Stripe sets fraud-prevention cookies such as `__stripe_mid` and `__stripe_sid` in its own domain during the redirect flow	https://stripe.com/cookies-policy/legal
Supabase	The Supabase JS SDK loads on the signed-in app to manage authentication and read your data.	Storage on `itsbraingraph.ai` is `localStorage` (see 2.1); no third-party cookies are set on `supabase.co`.	https://supabase.com/privacy

If we add or remove a third-party service that sets cookies, we will update this table.

2.4 Analytics, advertising, and tracking

At the time this policy was last updated, Brain Graph does not load Google Analytics, Google Tag Manager, Meta Pixel, PostHog, Mixpanel, Segment, Hotjar, or any other analytics, advertising, or behavioural-tracking script. If we add an analytics or marketing tool in the future, we will:

Update this policy and the table above before that tool goes live;
Where required by law (e.g. in the EEA / UK), ask for your consent through a cookie banner before any non-essential cookie is set.

3. Your choices

You can control cookies in several ways.

Our cookie banner and "Manage cookies" link. When you first visit Brain Graph, a banner asks you to choose between Accept all, Reject non-essential, and Customize. You can change your choice at any time afterwards by clicking "Manage cookies" in the footer of any page — this re-opens the preferences modal so you can flip individual categories on or off (functional, third-party embeds, analytics, marketing).

If you reject a category, we won't load the corresponding cookies / similar technologies for the rest of your visit. Strictly-necessary items (Section 2.1) remain in place because the Service does not work without them.

Browser settings. Every modern browser lets you block or delete cookies and clear local storage. Help pages: Chrome, Firefox, Safari, Edge. Note that blocking strictly necessary cookies will sign you out of the Service.

Do Not Track / Global Privacy Control. Brain Graph honours the Sec-GPC header where applicable by not enabling any optional analytics or advertising cookies for that visitor. Because we do not currently run such cookies for any visitor, this is effectively already in force for the entire Service.

Stripe / other third parties. Where a third party sets its own cookies on its own domain, you can also use that provider's own controls — see the links in Section 2.3.

4. Legal bases (EEA / UK visitors)

Where the EU ePrivacy Directive and UK PECR apply:

Strictly necessary cookies are set on the basis of our legitimate interest in providing a working Service that you have asked for. No consent is required for these.
Functional cookies are set on the same basis where they are necessary to deliver a feature you actively used (e.g. picking a theme). Where they are not strictly necessary, we will ask for your consent.
Analytics, advertising, and tracking cookies — none are currently used. If we add any, we will ask for your prior consent and you will be able to withdraw it at any time.

5. California / other US state notices

We do not "sell" or "share" personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA or analogous state laws. If this changes, we will update this policy and our Privacy Policy and provide the notices and opt-outs required under applicable law.

6. Changes to this policy

We may update this Cookie Policy from time to time, for example to reflect changes to the Service or to applicable law. When we do, we will change the "Last updated" date at the top and, for material changes, we will tell you through the Service or by another reasonable means before the change takes effect.

7. Contact

Questions about this Cookie Policy or our use of cookies?

Email: support@itsbraingraph.ai (or support@3nuggets.io)
Postal address: Dimitris Goudis Consulting Ltd, Chrysanthou Mylona 11, Agioi Omologites, 1085 Nicosia, Cyprus