This policy explains what cookies AllHub uses, why, and how you can control them. We respect your right to privacy and comply with the EU ePrivacy Directive and GDPR.
Last updated: July 13, 2026 · Effective from: July 13, 2026
Cookies are small text files stored on your device when you visit a website. They allow the website to remember your actions and preferences over time. We also use related technologies such as localStorage and sessionStorage for in-browser state that does not involve server communication.
Session cookies
Deleted when you close your browser. Used for authentication and temporary state.
Persistent cookies
Remain on your device until expiry or manual deletion. Used for preferences and analytics.
localStorage / sessionStorage
Browser storage used for UI state and performance data. Not transmitted to servers automatically.
ePrivacy Directive Art. 5(3) · GDPR Art. 6(1)(a)
We use CookieFirst as our Consent Management Platform (CMP). When you first visit allhub.io, a consent banner is displayed. You may:
Accept all
Enables all optional cookie categories (functional preferences).
Reject all
Only strictly necessary cookies are set. No analytics or marketing.
Customise
Select which specific categories you accept.
You can change or withdraw your consent at any time by clicking "Manage cookies" in the website footer, or by clearing your browser cookies (which will reset your preference and trigger the banner again).
Full inventory by category
Essential for the website to function — authentication, security and storing your cookie preferences. They cannot be disabled.
__Secure-authjs.session-tokenProvider: AllHub (NextAuth · ZITADEL SSO)
Stores your authenticated session (NextAuth, signed in via ZITADEL SSO). Required to keep you logged into the dashboard.
authjs.csrf-tokenProvider: AllHub (NextAuth)
CSRF protection token for sign-in and form submissions.
authjs.callback-urlProvider: AllHub (NextAuth)
Remembers where to return you after a successful login.
cookiefirst-consentProvider: CookieFirst
Stores your cookie consent choices so we do not ask again on every page.
Remember your dashboard preferences such as theme and language. Stored in your browser (localStorage) and not transmitted to our servers automatically.
allhub_themeProvider: AllHub (first-party)
Remembers your selected dashboard theme (light/dark).
allhub_langProvider: AllHub (first-party)
Stores your preferred interface language.
Applies to AI agents embedded in stores
The AllHub AI chat widget embedded in online stores uses a minimal set of browser storage. No tracking or advertising cookies are set by the widget. Session identifiers are SHA-256 hashed before any server storage.
allhub_voice_consent90 daysStores voice feature consent status (granted/denied/unknown) set by the shopper.
allhub_session (memory only)Browser tab lifetimeSession state for the current chat (React state / memory — never written to disk).
Voice consent: If a shopper enables the AI voice feature, their consent choice is stored as allhub_voice_consent in localStorage for 90 days. This can be revoked at any time from the chat widget (shield icon → "Revoke voice").
Sub-processors with their own policies
Some cookies are set by third-party services integrated into AllHub. These parties have their own privacy policies.
Consent management platform (CMP). Stores and enforces your cookie choices. EU-based.
Cookieless, privacy-first web analytics. Sets no cookies and collects no personal data. EU-hosted (Amsterdam, Netherlands).
Payment processing for AllHub subscription billing in the owner dashboard. Cookies are set only on Mollie's secure checkout. EU-based (Netherlands).
You have several options for managing or disabling cookies:
1. AllHub Consent Banner (recommended)
Click "Manage cookies" in the footer to open the CookieFirst preference centre and update your choices at any time.
Some browsers transmit a "Do Not Track" (DNT) signal. Currently there is no industry-standard interpretation of DNT signals. We do not respond to DNT signals automatically, but you can manage your cookie preferences explicitly using the CookieFirst tool described above.
Cookie retention periods are listed in Section 3. When you delete your AllHub account, all associated server-side data (including any data linked to analytics cookies) is erased within 30 days in accordance with our Privacy Policy. Browser-side cookies must be deleted manually through your browser settings.
We may update this Cookie Policy when we add new features, change technology providers, or in response to changes in applicable law. The "Last updated" date at the top reflects the latest revision. Material changes will be announced via the consent banner, giving you the opportunity to review and re-consent.
Questions?
Cookie and privacy enquiries: privacy@allhub.io
Regulatory basis: Directive 2002/58/EC (ePrivacy Directive) · Regulation (EU) 2016/679 (GDPR) · Ley 34/2002 de Servicios de la Sociedad de la Información (LSSI-CE) Art. 22.
Supervisory authority: Agencia Española de Protección de Datos (AEPD) — aepd.es.