This Cookie Policy explains the cookies and similar browser-storage mechanisms that GreyScape.ai (operated by KARRD Services FZCO) sets when you use the Service. It supplements our Privacy Policy; defined terms used without explanation here have the meaning given to them there.
1. What is a cookie?
A cookie is a small text file that a website asks your browser to store. The next time you visit the site, the browser sends the file back, allowing the site to recognise you (for example, to keep you signed in). Modern browsers also support localStorage and sessionStorage APIs that serve similar purposes; we refer to all of them collectively as “cookies” in this Policy.
2. The cookies and storage entries GreyScape.ai sets
We try to keep this list short, with one cookie per genuine need. We do not use cookies for advertising or third-party cross-site tracking. We do not embed Google Analytics, Facebook Pixel, or any equivalent.
2.1 Strictly necessary — authenticated session
| Name | Purpose | Lifetime |
|---|---|---|
greyscape_session | Keeps you signed in. HttpOnly, Secure, SameSite=Lax. Required for any authenticated request. | 7 days |
greyscape_tenant_id | The tenant workspace currently in context for your session. Allows multi-tenant users to switch organisations. | 7 days |
greyscape_system_session | Set only for system-admin (operator) users. HttpOnly, Secure. Distinct from the customer session so operator access can be expired separately. | 24 hours |
These cookies are strictly necessary — without them, sign-in cannot work. They are exempt from consent under the EU ePrivacy Directive and the equivalent UK regime, because they are “strictly necessary for the provision of a service requested by the subscriber or user”.
2.2 Functional — demo experience
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
gs_demo_gate_v2 | localStorage | Tracks how many demo pages you have browsed and whether you have submitted the email gate, so we don't show you the gate every visit. | Until you clear browser storage |
Removing this entry will reset your demo click counter and the gate may appear again. It contains no personal data; the visitor email you submit is sent to our server, not stored in your browser.
2.3 Third-party cookies set during sign-in
When you sign in via WorkOS or one of the third-party identity providers (Google, Microsoft, Apple, GitHub), those providers may set their own cookies on their own domains. Those cookies are governed by the respective providers' cookie policies, not by this one. GreyScape.ai does not read those cookies and cannot influence the third party's settings.
3. Managing cookies
You can clear, block, or restrict cookies through your browser settings. The exact controls vary by browser; major browsers all provide:
- A way to delete cookies for a specific site.
- A way to block third-party cookies by default.
- An “incognito” / “private” mode that discards cookies when the window is closed.
Bear in mind that blocking strictly-necessary cookies will prevent sign-in from working. Blocking the functional demo-gate entry will cause the gate to re-appear on subsequent visits.
4. Do Not Track
We honour the spirit of Do Not Track signals: we do not engage in cross-site tracking regardless of the signal. We do not change site behaviour based on the DNT header because the underlying cookies are minimal and necessary to provide the Service.
5. Changes to this Policy
If we add or change cookies in a way that affects user privacy, we will update this Policy and (where required) request fresh consent. The “Last updated” date at the top of the page reflects the latest revision.
6. Contact
Cookie questions: [email protected].