Back to allhub.io
GDPR · ePrivacy Directive · LSSI-CE

Cookie Policy

This policy explains what cookies AllHub uses, why, and how you can control them. We respect your right to privacy and comply with the EU ePrivacy Directive and GDPR.

Last updated: July 13, 2026  ·  Effective from: July 13, 2026

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They allow the website to remember your actions and preferences over time. We also use related technologies such as localStorage and sessionStorage for in-browser state that does not involve server communication.

Session cookies

Deleted when you close your browser. Used for authentication and temporary state.

Persistent cookies

Remain on your device until expiry or manual deletion. Used for preferences and analytics.

localStorage / sessionStorage

Browser storage used for UI state and performance data. Not transmitted to servers automatically.

2. Your Consent

ePrivacy Directive Art. 5(3) · GDPR Art. 6(1)(a)

We use CookieFirst as our Consent Management Platform (CMP). When you first visit allhub.io, a consent banner is displayed. You may:

Accept all

Enables all optional cookie categories (functional preferences).

Reject all

Only strictly necessary cookies are set. No analytics or marketing.

Customise

Select which specific categories you accept.

You can change or withdraw your consent at any time by clicking "Manage cookies" in the website footer, or by clearing your browser cookies (which will reset your preference and trigger the banner again).

3. Cookies We Use

Full inventory by category

Strictly NecessaryAlways active
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — essential for service delivery

Essential for the website to function — authentication, security and storing your cookie preferences. They cannot be disabled.

__Secure-authjs.session-token
HTTP CookieSession / 30 days

Provider: AllHub (NextAuth · ZITADEL SSO)

Stores your authenticated session (NextAuth, signed in via ZITADEL SSO). Required to keep you logged into the dashboard.

authjs.csrf-token
HTTP CookieSession

Provider: AllHub (NextAuth)

CSRF protection token for sign-in and form submissions.

authjs.callback-url
HTTP CookieSession

Provider: AllHub (NextAuth)

Remembers where to return you after a successful login.

cookiefirst-consent
HTTP Cookie1 year

Provider: CookieFirst

Stores your cookie consent choices so we do not ask again on every page.

Functional
Legal basis: Consent (GDPR Art. 6(1)(a))

Remember your dashboard preferences such as theme and language. Stored in your browser (localStorage) and not transmitted to our servers automatically.

allhub_theme
localStorage1 year

Provider: AllHub (first-party)

Remembers your selected dashboard theme (light/dark).

allhub_lang
localStorage1 year

Provider: AllHub (first-party)

Stores your preferred interface language.

4. Cookies in the Buyer Chat Widget

Applies to AI agents embedded in stores

The AllHub AI chat widget embedded in online stores uses a minimal set of browser storage. No tracking or advertising cookies are set by the widget. Session identifiers are SHA-256 hashed before any server storage.

allhub_voice_consent90 days

Stores voice feature consent status (granted/denied/unknown) set by the shopper.

allhub_session (memory only)Browser tab lifetime

Session state for the current chat (React state / memory — never written to disk).

Voice consent: If a shopper enables the AI voice feature, their consent choice is stored as allhub_voice_consent in localStorage for 90 days. This can be revoked at any time from the chat widget (shield icon → "Revoke voice").

5. Third-Party Cookies

Sub-processors with their own policies

Some cookies are set by third-party services integrated into AllHub. These parties have their own privacy policies.

CookieFirst

Consent management platform (CMP). Stores and enforces your cookie choices. EU-based.

↗ Privacy policy
Matomo Analytics (self-hosted, cookieless, no consent required)

Cookieless, privacy-first web analytics. Sets no cookies and collects no personal data. EU-hosted (Amsterdam, Netherlands).

↗ Privacy policy
Mollie

Payment processing for AllHub subscription billing in the owner dashboard. Cookies are set only on Mollie's secure checkout. EU-based (Netherlands).

↗ Privacy policy

6. How to Manage Cookies

You have several options for managing or disabling cookies:

1. AllHub Consent Banner (recommended)

Click "Manage cookies" in the footer to open the CookieFirst preference centre and update your choices at any time.

2. Browser settings

All major browsers allow you to view, delete and block cookies. Note: blocking strictly necessary cookies will prevent you from logging in to AllHub.

7. Do Not Track

Some browsers transmit a "Do Not Track" (DNT) signal. Currently there is no industry-standard interpretation of DNT signals. We do not respond to DNT signals automatically, but you can manage your cookie preferences explicitly using the CookieFirst tool described above.

8. Retention Periods

Cookie retention periods are listed in Section 3. When you delete your AllHub account, all associated server-side data (including any data linked to analytics cookies) is erased within 30 days in accordance with our Privacy Policy. Browser-side cookies must be deleted manually through your browser settings.

9. Changes to This Policy

We may update this Cookie Policy when we add new features, change technology providers, or in response to changes in applicable law. The "Last updated" date at the top reflects the latest revision. Material changes will be announced via the consent banner, giving you the opportunity to review and re-consent.

Questions?

Cookie and privacy enquiries: privacy@allhub.io

Regulatory basis: Directive 2002/58/EC (ePrivacy Directive) · Regulation (EU) 2016/679 (GDPR) · Ley 34/2002 de Servicios de la Sociedad de la Información (LSSI-CE) Art. 22.
Supervisory authority: Agencia Española de Protección de Datos (AEPD) — aepd.es.

Cookie Policy | AllHub | AllHub