Cookie Policy
Effective from: 9 June 2026
Version: 1.0
This Cookie Policy explains the cookies and similar technologies that LogHat uses on loghat.app and its subdomains, what each cookie does, how long it stays on your device, and how you control consent. It sits alongside the LogHat Privacy Policy and the Terms of Service.
The Platform is operated by Technit Space and Aero Works Private Limited, CIN U29304UP2019PTC118508, registered office at B-120, Sector 88, Noida, Uttar Pradesh 201305, India.
1. What we mean by "cookie"
A cookie is a small data file placed on your device by your browser when you visit a website. Similar technologies include local storage, session storage, IndexedDB, pixel tags and software development kits embedded in a page. In this Policy we refer to all of them as "cookies" for simplicity.
We use cookies in three categories described in Section 3:
- Strictly necessary cookies — required for the Platform to function. Cannot be switched off without breaking the Platform.
- Analytics cookies — help us understand how the Platform is used. Loaded only after you consent.
- Marketing cookies — measure the effectiveness of our advertising on third-party platforms. Loaded only after you consent.
2. How you control cookies
You can manage cookies in three ways:
- The LogHat cookie banner. The banner appears on your first visit. You can choose to accept all categories, reject all non-essential categories, or open the settings panel to choose per category. Your decision is recorded and respected on subsequent visits.
- The "Cookie settings" link in the LogHat footer. Available on every page. Opening it lets you change a previous decision at any time.
- Your browser settings. Every modern browser allows you to block, delete or be prompted for cookies. Blocking strictly necessary cookies will break sign-in and other core functions.
A withdrawal of consent under the cookie banner takes effect immediately for any non-essential cookie that has not yet been set in the current session, and the affected scripts are not loaded on subsequent navigations. Cookies already set before the withdrawal remain on your device until they expire or you clear them via your browser.
3. The cookies we use
3.1 Strictly necessary
| Name | Set by | Purpose | Retention |
|---|---|---|---|
loghat_session | LogHat | Maintains your signed-in session and links your browser to your account. | Cleared on sign-out, otherwise expires after 30 days of inactivity. |
loghat_refresh | LogHat | Refresh token for rotating short-lived session tokens. | 30 days. |
loghat_cookie_consent | LogHat | Stores your cookie consent decision so you are not asked on every page load. | 12 months. |
csrf_token | LogHat | Protects against cross-site request forgery on state-changing forms. | Session. |
_GRECAPTCHA | Google reCAPTCHA Enterprise | Bot protection on sign-in and signup. Loads on those pages only. | 6 months. |
3.2 Analytics (loaded only after consent)
| Name | Set by | Purpose | Retention |
|---|---|---|---|
_ga, _ga_<container> | Google Analytics 4 (via Google Tag Manager) | Aggregate visitor analytics. | 24 months. |
_clck, _clsk, CLID, MUID | Microsoft Clarity | Heatmaps on public pages. Form inputs, passwords and IDs are masked by configuration. | Maximum 365 days; session-replay tiles 30 days. |
3.3 Marketing (loaded only after consent)
| Name | Set by | Purpose | Retention |
|---|---|---|---|
_fbp, fr | Meta Pixel (Facebook) | Measuring the effectiveness of LogHat advertising on Meta platforms. | 3 months. |
4. Cookies on authenticated pages
When you are signed in to LogHat — on the dashboard, in the log viewer, in the Vector AI chat, or on any other authenticated page — the only cookies set are those in the Strictly necessary category. Analytics and marketing cookies are loaded only on the public, unauthenticated pages of loghat.app (the marketing site, the pricing page, the blog, and similar).
We have made this decision so that the contents of your dashboard and flight log analysis are never visible to analytics or marketing providers, including in session-replay form. Microsoft Clarity is explicitly configured not to record on routes under /dashboard, /logs/, /view/ and the Vector AI chat surface.
5. Server-side analytics
In addition to the browser-side cookies above, we run server-side analytics on the Platform that do not place a cookie on your device and that operate only on hashed identifiers. Server-side analytics are not subject to the cookie banner because they are not a cookie under this Policy; their use is described in the Privacy Policy Section 2.7 under the legitimate-interest basis.
6. Do Not Track
The Platform respects the Global Privacy Control (GPC) signal. When your browser sends GPC, we treat it as a request to opt out of analytics and marketing cookies for the duration of the session, without requiring a banner interaction.
The Platform does not currently honour the older Do Not Track (DNT) header because the header has no agreed semantics across browsers and is no longer maintained by most browser vendors.
7. Changes to this Policy
We will update this Policy as we add or remove cookies. A material change (a new third-party tracker, a new category of cookie, a change to the retention of a strictly necessary cookie) will be notified via the cookie banner the next time you visit. The version number and effective date above will be updated.
This Policy was last updated on 9 June 2026.