LabRat uses necessary browser storage for authentication and product state. Optional Firebase / Google Analytics remains unloaded until you consent, and can be rejected or withdrawn without losing core service access.
What cookies and browser storage are
Cookies are small values a website stores through the browser. LabRat also uses local storage and similar browser mechanisms that persist product state without behaving exactly like cookies. This policy refers to them together as browser storage where the distinction is not important.
Essential and functional storage
| Purpose | Examples | Typical duration |
|---|---|---|
| Authentication | Supabase session and refresh state | Until sign-out, expiry, or browser clearing |
| Workspace state | Selected workspace and active research-job references | Until changed, completed, or cleared |
| Preferences | Theme, Local Runner, and interface choices | Until changed or cleared |
| Consent record | labrat:privacy-consent:v1 in local storage | Until you change the choice, clear site data, or a new consent version is required |
| Security and delivery | Request, routing, and edge protection state where required | Session-based or provider-defined |
This storage is required or useful for the service you request. Blocking it may prevent sign-in, workspace switching, task recovery, or saved preferences from working.
Analytics cookies and identifiers
Firebase / Google Analytics is optional and is not imported or initialized in the browser until consent is granted. If accepted, it measures page views, normalized feature interactions, product surfaces, general device/browser categories, approximate geography, and reliability. GA4 may then set first-party cookies such as _ga and _ga_<measurement-id>.
Mobile Analytics and Crashlytics are independently optional, disabled by native configuration at startup, and enabled only through the in-app privacy controls. Their identifiers are not LabRat passwords or API keys.
Cloudflare Web Analytics automatic browser injection is disabled for LabRat HTML responses through a no-transform response policy. Cloudflare still processes strictly necessary request and security metadata to deliver and protect the site and APIs.
Advertising
LabRat does not currently use advertising cookies to serve personalized ads, does not intentionally send workspace research content to advertising products, and does not sell cookie or analytics data. If this practice changes, this policy and the relevant controls will be updated before the new use begins where required.
Your controls
- Use browser settings to inspect, block, or delete cookies and site data for a LabRat domain.
- Choose Reject analytics or Accept analytics on the first consent panel; both choices leave core service access unchanged.
- Open Cookie settings in the public-site footer or Optional analytics under Account to change or withdraw your choice. Withdrawal disables collection and clears analytics cookies visible to the LabRat origin.
- Use the Google Analytics Opt-out Browser Add-on where it is available.
- Use operating-system privacy and analytics settings to limit mobile app identifiers and diagnostics.
- Disable notifications in LabRat or device settings to remove the active push route.
- Use Me → Privacy and account data on mobile to control Analytics and Crashlytics separately.
Provider information
Firebase and Google Analytics process analytics data under Google’s service terms and privacy documentation. Cloudflare and Supabase may use strictly necessary storage or request state to deliver and secure their parts of the service.
Changes and contact
This policy is updated when storage, analytics tools, or controls change. The effective date on this page identifies the current version.