Cookie Policy

ARIA uses a minimal set of cookies. Essential cookies are required for the service to function; all non-essential cookies require your explicit consent under PDPL and can be withdrawn at any time from Settings → Privacy.

1. Essential cookies

• __session — ARIA session marker. Required for authentication
• aria-theme — your theme preference (system / light / dark)
• aria-density — your layout density preference
• aria-locale — your language preference (en / ar)
• aria-sidebar-collapsed — rail collapse state (client-only localStorage)

2. Analytics (opt-in)

We do not use third-party analytics by default. If you grant analytics consent, we may collect page-view and feature-usage telemetry server-side only, with no cross-site tracking and no data sold or shared externally.

3. Marketing (opt-in)

We do not currently run marketing cookies. If we introduce any in the future (for example, to measure conversion on a landing page), they will only set with explicit granted consent and be disclosed here.

4. Sub-processor cookies

ARIA's session marker is set on our domain. Cloudflare may set a short-lived bot-mitigation cookie on our domain; this is classified as essential for security. Our active sub-processors are Cloudflare (CDN + WAF), AWS (infrastructure, me-south-1), Anthropic (AI rationale generation), Resend (transactional email), and PayTabs / Stripe (payments). See our sub-processor list for the full register.

5. Controlling cookies

• First-party: the cookie banner on first visit + Settings → Privacy
• Third-party: manage in your browser settings or the provider's own UI
• Withdrawal: one-click from Settings → Privacy; recorded to consent ledger