Cookie Policy

Last updated: 8 October 2025

Abilitix (“we”, “us”, “our”) uses cookies and similar technologies on our websites and applications (including abilitix.com.au, app.abilitix.com.au, admin.abilitix.com.au, and related subdomains). This Cookie Policy explains what cookies are, how we use them, and your choices.

1) What are cookies

Cookies are small text files placed on your device when you visit a website or app. They help us recognize your browser, maintain secure sessions, and improve functionality. We may also use equivalent technologies such as localStorage or sessionStorage for preference and UI state.

2) How we use cookies

We use cookies only for functional, security, and basic analytics purposes. We do not use advertising or third-party tracking cookies.

a) Essential cookies (strictly necessary)

Used to run the service securely:

  • Passwordless sign-in (magic links)

  • Session persistence across .abilitix.com.au (e.g., aa_sess)

  • Cross-subdomain authentication for API, app, and admin

  • CSRF protection and rate-limit integrity

  • Tenant context for multi-tenant access control

These cookies are set with Secure, HttpOnly (where applicable), and SameSite=Lax (or SameSite=None where a cross-site flow strictly requires it). They expire automatically (typically within 24 hours) or when you sign out.

b) Functional cookies / storage

Used to remember non-personal preferences (e.g., last workspace, theme/language, demo flags). These may use cookies or browser storage (local/session storage) and clear on logout or expiry.

c) Analytics (privacy-respecting)

We use privacy-respecting, aggregate analytics. By default, we avoid identifiers and do not perform cross-site tracking. If we ever enable a vendor that uses cookies, we will ask for consent first.

3) Cookies we set (typical)

Name Purpose Attributes (typical) Duration
aa_sess Secure session cookie issued after magic-link verification; keeps you signed in across *.abilitix.com.au Domain=.abilitix.com.au; Path=/; Secure; HttpOnly; SameSite=Lax ~24 hours (or until sign-out)
abilitix_csrf CSRF protection for state-changing requests (double-submit token) Domain=.abilitix.com.au; Path=/; Secure; SameSite=Strict ≤ 1 day
demo_mode (optional) Indicates demo mode in the UI; not tied to personal data Domain=.abilitix.com.au; Path=/; Secure Session or short-lived
tenant_pref / workspace_last (optional) Remembers last workspace/tenant context (non-personal) May be cookie or local/session storage Up to 6 months (or until you clear storage)
ask_consent (optional) Stores your cookie/analytics preferences if consent UI is enabled Domain=.abilitix.com.au; Path=/; Secure; SameSite=Lax Up to 6 months

We never store plaintext API keys, tokens, or personal identifiers in cookies.

4) Session storage and cache

Our app may use sessionStorage to hold temporary chat or form state. This is not shared with third parties, auto-expires when the browser closes, and is visible only within your tenant workspace. Server-side caches (e.g., Redis/Supabase) are used for ephemeral session memory and auditable logs.

5) How this aligns with our data privacy controls

To reflect our platform-wide privacy posture:

  • No model training / no retention: All LLM calls are sent with store:false (zero-data-retention), and we prevent providers from training on your data.

  • PII minimization: We scrub PII in prompts and retrieved context before any model call.

  • Metadata-only logging: We log timing, tokens, and status—never prompts, answers, or document text.

  • Tenant governance: Per-tenant privacy and model policies (allow-lists, token budgets) are enforced server-side. Cookie contents are not sent to LLM providers.

These measures are part of our overall privacy program and relate to data flows—not to advertising or tracking cookies.

6) Managing cookies

You can block or delete cookies in your browser at any time. Disabling essential cookies may prevent login or core functionality. If we enable optional analytics that set cookies, you’ll be able to change your preferences via a “Cookie settings” link.

7) Third-party cookies

We do not use third-party advertising or social tracking cookies. Optional embeds (e.g., demos, scheduling forms) may utilize their own cookies under their respective policies.

8) Updates to this policy

We may update this policy and will post changes here with a new “Last updated” date. Where required, we will notify you in-app or by email.

9) Contact us

Abilitix Consulting Pty Ltd
Sydney, Australia
Email: privacy@abilitix.com.au
Web: Abilitix Privacy Policy – Abilitix Consulting

Connect With Us
Connect With Us