This Cookie and Tracking Technologies Policy ("Policy") supplements our Privacy Policy and explains how LW Group, LLC dba LW Technologies ("we," "us," "our," or "Genso") uses cookies, local storage, and similar tracking technologies when you use the Genso platform ("Service"). This Policy should be read together with our Privacy Policy, which provides full details about the personal information we collect, how we use it, and your rights.
At a Glance β Cookie & Tracking Policy
- Essential cookies: Always set β required for login and security
- Analytics cookies: Set only with your consent; respects Do Not Track signals
- No ad tracking: We don't use cookies for advertising or cross-site behavioral tracking
- Sentry: Error monitoring via server-side endpoints only β no client-side cookies
- Stripe: Acts as independent controller for fraud prevention; our processor for payments
- Manage preferences: Account Settings β Privacy Preferences, or update browser DNT setting
- US-only: Not authorized for EU/UK/Swiss organizations without a separate data addendum
1. Geographic Scope
The Service is intended for organizations based in the United States. By creating an account, you certify that your organization is located in the United States. If your organization is in the EEA, UK, or Switzerland, this Service is not authorized for your use without a separately negotiated data processing addendum. We do not knowingly collect personal data from individuals in these jurisdictions through cookie or tracking mechanisms.
2. What Are Cookies and Tracking Technologies
2.1 Cookies
Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and give website operators information about how their site is being used.
2.2 Local Storage
In addition to cookies, we use browser local storage (localStorage) to store a small amount of non-sensitive preference data on your device. Unlike cookies, localStorage data persists until explicitly cleared by you or the application β it is not automatically deleted when you close your browser.
2.3 Scope of This Policy
This Policy covers all client-side storage and tracking mechanisms used by the Service, including cookies, local storage, session storage, and any data collection performed by integrated third-party services (such as error monitoring, bot protection, and payment processing).
3. Essential Cookies
Essential cookies are strictly necessary for the Service to function. These technologies are required for authentication, security, and core platform operations.
If you disable these through your browser settings, the Service will not function correctly and you may be unable to log in or access your data.
| Cookie | Purpose | Duration | Security Attributes |
|---|---|---|---|
_genso_session |
Authenticates your session and maintains your logged-in state. Contains an encrypted session token β no plaintext credentials are stored. | 24 hours maximum (absolute); automatically invalidated after 30 minutes of inactivity | Secure; HttpOnly; SameSite=Lax; Encrypted with server-side secret |
_genso_signup |
Temporary session for the multi-step account registration flow. Contains encrypted form data β no plaintext credentials are stored. | 2 hours maximum; automatically deleted when signup completes or is abandoned | Secure; HttpOnly; SameSite=Lax; Encrypted with server-side secret |
cookie_consent |
Server-side record of your cookie consent preference | 1 year | Secure; HttpOnly; SameSite=Lax |
genso_cookie_consent |
Client-side record of your cookie consent choice (necessary-only or all cookies) | 1 year | SameSite=Lax |
3.1 Authentication Architecture
All authentication in the Genso platform is managed via server-side, encrypted, HTTP-only cookies. We do not store authentication tokens, session identifiers, or credentials in browser localStorage or sessionStorage. Temporary PKCE (Proof Key for Code Exchange) tokens are stored in sessionStorage during the OAuth authentication flow and are cleared immediately after use. This architecture prevents client-side scripts from accessing authentication state, mitigating cross-site scripting (XSS) risks to authentication.
3.2 Cookie Consent
When you first access the Service, you are presented with a cookie consent banner. Essential cookies (authentication, security) are set automatically as they are required for the Service to function. Analytics cookies are set only upon your affirmative consent. Your consent choice is recorded in the genso_cookie_consent cookie. You may withdraw consent to non-essential cookies at any time in your account settings under Privacy Preferences. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
4. Local Storage (Non-Cookie)
We use browser localStorage for the following non-sensitive purposes:
| Storage Key | Purpose | Data Stored | Duration |
|---|---|---|---|
theme |
Stores your light/dark mode preference | A single string value: "light", "dark", or "system" | Persists until you change the setting or manually clear browser storage |
genso-analytics-disabled |
Analytics opt-out flag | "true" when opted out, or absent | Persists until cleared |
offline-error-logs |
Offline error cache | Error messages queued for retry when connectivity is restored | Persists until sent or cleared |
No authentication data or credentials are stored in localStorage.
4.1 Clearing Local Storage
Local storage data can be cleared through your browser's developer tools (Application > Local Storage) or through browser settings. Clearing local storage will reset your theme preference to the system default and remove any cached analytics data.
4.2 Session Storage
We use browser sessionStorage for temporary data that is automatically cleared when you close your browser tab or window:
| Storage Key | Purpose | Data Stored | Duration |
|---|---|---|---|
genso-session-id |
Analytics session tracking | Random session identifier | Browser session |
genso-utm-params |
Campaign attribution | JSON object containing marketing parameters from referral URLs (utm_source, utm_medium, utm_campaign, utm_term, utm_content) | Browser session |
pkce_code_verifier / pkce_state |
OAuth authentication flow | Temporary cryptographic tokens for secure authentication | Cleared after authentication completes |
5. Analytics and Monitoring Technologies
We use monitoring tools to understand how the Service performs and to identify and fix technical issues. We do not use these tools for advertising, behavioral profiling, or cross-context behavioral advertising purposes.
5.1 First-Party Analytics Cookie
| Cookie | Purpose | Duration | Security Attributes |
|---|---|---|---|
xid |
First-party analytics visitor identifier. Only set when you consent to all cookies. Used to understand aggregate usage patterns β not used for advertising or cross-site tracking. | 1 year | Secure; HttpOnly; SameSite=Lax |
The analytics identifier (xid) is retained for 12 months to enable year-over-year comparison of usage patterns and to identify returning sessions across a meaningful timeframe. This period will be reviewed annually against data minimization requirements.
5.2 Sentry (Error Monitoring and Performance)
We use Sentry (operated by Functional Software, Inc.) for error monitoring and application performance tracking. We have configured Sentry to collect error and performance data via server-side endpoints only. Under this configuration, Sentry does not set client-side cookies or access browser storage.
What Sentry collects:
- Error and crash reports (stack traces, error messages, application state at time of error)
- Performance monitoring data (page load times, API response times, resource utilization)
- Browser and device information (browser type, OS, screen resolution)
For more information, see Sentry's Privacy Policy.
6. Third-Party Technologies
Certain third-party services integrated with the Service may set their own cookies or use similar technologies. We select and contract with these providers and require them to protect user data in accordance with their published privacy policies and, where applicable, our data processing agreements.
6.1 Stripe (Payment Processing)
When you interact with payment features, Stripe may set cookies or use device recognition for fraud prevention and payment session management.
Stripe acts as our data processor for payment transaction processing. For fraud prevention purposes, Stripe acts as an independent data controller under its own privacy policy. To the extent Stripe's fraud detection involves cross-site device signals, Stripe is responsible for its own legal basis for such processing. We have confirmed with Stripe that its fraud detection practices comply with applicable US law. EU/UK customers should review Stripe's privacy policy directly.
For more information, see Stripe's Cookie Policy and Stripe's Privacy Policy.
6.2 Supabase (Infrastructure)
Our database and authentication infrastructure provider Supabase operates entirely server-side in our architecture. Supabase does not set client-side cookies or use browser storage in the Genso platform β all Supabase interactions occur through our server-side API layer.
6.3 Cloudflare Turnstile (Bot Protection)
We use Cloudflare Turnstile for CAPTCHA and bot protection on authentication pages (login and signup). When you interact with a Turnstile challenge, Cloudflare may collect:
- IP address
- Browser and device fingerprint data
- Interaction data for bot detection
Cloudflare processes this data as an independent data controller for its security services. For more information, see Cloudflare's Privacy Policy.
6.4 Shared Responsibility
While we do not directly control the cookies and tracking mechanisms set by third-party services (specifically Stripe and Cloudflare), we are responsible for:
- Selecting providers with appropriate privacy and security practices
- Maintaining data processing agreements where applicable
- Disclosing their use in this Policy
- Ensuring their use is consistent with the purposes described in this Policy and our Privacy Policy
7. Your Rights (CCPA/CPRA)
If you are a California resident:
- We do not sell or share your personal information (as those terms are defined under the CPRA) collected through cookies or tracking technologies
- We do not use cookies or tracking technologies for cross-context behavioral advertising
- For full details about your rights under the CCPA/CPRA, including the right to know, delete, and opt-out, see our Privacy Policy
8. Managing Cookies and Tracking Technologies
8.1 Browser Settings
Most web browsers allow you to control cookies through their settings. You can typically:
- View cookies currently stored on your device
- Delete individual cookies or all cookies
- Block cookies from specific sites or all sites
- Set your browser to notify you when a cookie is being set
To manage cookies, consult your browser's help documentation:
- Chrome: Settings > Privacy and security > Cookies
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
8.2 Local Storage
Local storage data can be cleared through your browser's developer tools (Application > Local Storage) or through browser settings. Clearing local storage will reset your theme preference to the system default.
8.3 Impact of Disabling Technologies
| Action | Impact |
|---|---|
| Disable essential cookies | Service will not function β you cannot log in or access features |
| Clear local storage | Theme preference resets to system default; analytics opt-out preference is cleared |
| Block Sentry | Error monitoring will not function; we may not be able to identify and fix technical issues as quickly |
| Block Stripe cookies | Payment processing and fraud prevention may be impaired |
| Block Cloudflare Turnstile | Login and signup may be blocked or require alternative verification |
8.4 Do Not Track
The Service recognizes browser Do Not Track (DNT) signals. When DNT is enabled, we set only essential cookies and do not load analytics tracking.
8.5 Withdrawing Consent
You may update your cookie preferences at any time by navigating to Account Settings > Privacy Preferences. Changes take effect immediately. Essential cookies cannot be disabled without preventing Service functionality.
9. Updates to This Policy
We may update this Policy from time to time to reflect changes in technology, our practices, or legal requirements. When we make material changes:
- We will update the "Effective Date" at the top of this Policy
- We will notify you via email to the address associated with your account and/or via in-app notification within the Service
- Material changes will be summarized in the notification
- We encourage you to review this Policy periodically
10. Contact Information
If you have questions about our use of cookies and tracking technologies, please contact us:
- Email: support@gensoapp.com
For data protection rights requests, see our Privacy Policy.
11. Governing Law and Jurisdiction
This Cookie and Tracking Technologies Policy is governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. Any dispute arising under this Policy shall be resolved pursuant to the dispute resolution and arbitration provisions in our Terms of Service.
This Cookie and Tracking Technologies Policy was last updated on February 25, 2026.
For questions about our legal documents, please contact us at support@gensoapp.com