Cookie Policy

Epic Scale Labs, LLC

Effective Date: January 1, 2025

Last Updated: September 1, 2025

Introduction

This Cookie Policy explains how Epic Scale Labs, LLC ("we," "our," or "us") uses cookies and similar tracking technologies when you use the Epic Scale AI platform (the "Service"). This policy describes what cookies are, how we use them, the types of cookies we use, and how you can manage your cookie preferences.

By using our Service, you consent to the use of cookies in accordance with this Cookie Policy. If you do not agree to our use of cookies, you should set your browser settings accordingly or refrain from using our Service.

What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit our website. They are widely used to make websites work more efficiently and to provide information to website owners about how users interact with their sites.

Cookies contain information that is transferred to your device's hard drive. They help us recognize you when you return to our website and remember your preferences, making your experience more personalized and efficient.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the basic functionality of our Service and cannot be disabled in our systems.

Session Cookies

  • Purpose: Maintain your session state across pages and remember your login status
  • Technology: Rails ActionDispatch::Session::CookieStore with AES-256-GCM encryption
  • Cookie Name: _epic_scale_session
  • Duration: Session (deleted when you close your browser)
  • Domain: .epicscaleai.com

Authentication Cookies

  • Purpose: Remember your authentication state and user identity
  • Technology: Encrypted and signed cookies using Rails' built-in security
  • Cookie Names: session_id, user_id
  • Duration: 30 days or until logout
  • Security: HTTP-only, Secure, SameSite=Strict

CSRF Protection Cookies

  • Purpose: Protect against Cross-Site Request Forgery attacks
  • Technology: Rails authenticity token mechanism
  • Cookie Name: _csrf_token
  • Duration: Session
  • Security: Generated per-request with cryptographic verification

Functional Cookies

These cookies enable enhanced functionality and personalization features.

User Preferences

  • Purpose: Remember your theme preferences (dark/light mode), language settings, and UI customizations
  • Cookie Names: theme_preference, ui_settings
  • Duration: 1 year
  • Data Stored: Theme choice, interface settings, notification preferences

Feature State Cookies

  • Purpose: Remember the state of collapsible sections, dashboard layouts, and feature toggles
  • Cookie Names: dashboard_layout, sidebar_collapsed
  • Duration: 90 days
  • Technology: JSON serialized data with Rails signed cookies

Analytics and Performance Cookies

These cookies help us analyze how users interact with our Service to improve performance and user experience.

Usage Analytics

  • Purpose: Track page views, feature usage, and performance metrics
  • Cookie Names: analytics_session, performance_metrics
  • Duration: 30 days
  • Data Collected: Page views, time spent, feature interactions, error rates

Error Tracking

  • Purpose: Track JavaScript errors and application performance issues
  • Cookie Name: error_tracking_session
  • Duration: 7 days
  • Data Collected: Error messages, stack traces, browser information (anonymized)

Third-Party Cookies

We work with trusted third-party service providers who may set cookies on our behalf.

Stripe Payment Processing

  • Purpose: Secure payment processing and fraud prevention
  • Provider: Stripe, Inc.
  • Cookie Names: __stripe_mid, __stripe_sid
  • Duration: 1 year (mid), 30 minutes (sid)
  • Privacy Policy: https://stripe.com/privacy

GitHub Integration

  • Purpose: OAuth authentication and repository access for GitHub integrations
  • Provider: GitHub, Inc.
  • Cookie Names: _github_session, oauth_token
  • Duration: Session or as configured by GitHub
  • Privacy Policy: https://github.com/privacy

Cookie Security and Technology

Encryption and Security Measures

  • AES-256-GCM Encryption: All session and authentication cookies use military-grade encryption
  • Signed Cookies: Cookies are cryptographically signed to prevent tampering using SHA-256 digest
  • Secure Transmission: All cookies are transmitted over HTTPS with Secure flag enabled
  • HTTP-Only Flag: Authentication cookies cannot be accessed via JavaScript to prevent XSS attacks
  • SameSite Protection: Cookies include SameSite=Strict attribute to prevent CSRF attacks
  • Purpose Metadata: Cookies include embedded purpose and expiry metadata for additional security

Data Minimization

  • Size Limitations: Session cookies are limited to 4KB to ensure efficient performance
  • No Sensitive Data: We never store sensitive information like passwords or payment details in cookies
  • Automatic Expiry: Cookies have defined expiration times and are automatically cleaned up
  • Rotation: Security keys are regularly rotated to maintain cookie integrity

Your Cookie Choices and Controls

Browser Settings

Most web browsers allow you to control cookies through their settings. You can:

  • View which cookies are stored on your device
  • Delete existing cookies
  • Block cookies from specific websites
  • Block all cookies (though this may affect website functionality)
  • Set preferences for third-party cookies

Browser-Specific Instructions

Chrome

Settings → Privacy and security → Cookies and other site data

Firefox

Preferences → Privacy & Security → Cookies and Site Data

Safari

Preferences → Privacy → Manage Website Data

Edge

Settings → Cookies and site permissions → Cookies and site data

Impact of Disabling Cookies

Important: Disabling essential cookies will significantly impact your ability to use our Service:

  • You will not be able to log in or maintain your session
  • Your preferences and settings will not be saved
  • Some features may not function correctly
  • Security protections against attacks may be compromised

Third-Party Cookie Management

For third-party cookies set by our service providers, you can manage these through:

Stripe Payment Cookies

Managed through your browser settings or by contacting Stripe directly. These are essential for payment processing and fraud prevention.

GitHub Integration Cookies

Controlled through your GitHub account settings and OAuth permissions. These are necessary for repository access and version control integration.

Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our business practices. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if you have an account with us
  • Display a prominent notice on our website
  • For significant changes, provide advance notice and seek renewed consent where required by law

We encourage you to review this Cookie Policy periodically to stay informed about how we use cookies.

Contact Information

Cookie Policy Questions

Epic Scale Labs, LLC

Privacy Officer

Email: privacy@epicscalelabs.com

Subject Line: "Cookie Policy Inquiry"

Address: 30 N Gould St Ste R, Sheridan, WY 82801

Technical Support

For technical issues related to cookies or browser compatibility:

  • Email: support@epicscalelabs.com
  • Platform support chat (available in your account dashboard)
  • Include your browser version and specific cookie-related issues

Document Version: 1.0

Review Schedule: Annual review, with updates as needed for technical or regulatory changes

Approval: Epic Scale Labs, LLC Legal and Engineering Teams

Compliance: GDPR, CCPA, and applicable data protection regulations