Cookie Policy

Last updated: March 29, 2026

Effective Date: January 16, 2026

1. Introduction

This Cookie Policy explains how RapierCraft Inc. ("AlterLab," "we," "us," or "our") uses cookies and similar tracking technologies on our website at alterlab.io (the "Website").

By using our Website, you consent to the use of cookies in accordance with this Cookie Policy. If you do not agree with our use of cookies, you should change your browser settings accordingly or discontinue use of our Website. Please note that disabling certain cookies may affect the functionality of our Website.

This Cookie Policy should be read in conjunction with our Privacy Policy, which provides additional information about how we collect, use, and protect your personal information.

2. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet, etc.) when you visit a website. Cookies are widely used to make websites work more efficiently and to provide information to website owners.

Cookies typically contain two pieces of information: a site name and a unique user ID. When you revisit a website, your browser sends the cookie back to the website, allowing the site to recognize you and remember your preferences.

Similar technologies include web beacons (also known as pixel tags or clear GIFs), local storage, and session storage. These technologies serve similar purposes to cookies and are covered by this Cookie Policy.

3. Types of Cookies We Use

3.1 Essential Cookies

Required

These cookies are necessary for the Website to function properly and cannot be disabled in our systems. They are usually set in response to actions you take, such as logging in, setting your privacy preferences, or filling in forms.

Cookie Name	Purpose	Duration
next-auth.session-token	Authentication session management - keeps you logged in	Session
next-auth.csrf-token	Security token to prevent cross-site request forgery attacks	Session
next-auth.callback-url	Stores the URL to redirect to after authentication	Session
__Secure-next-auth.session-token	Secure version of the session token (HTTPS only)	30 days
alterlab_consent	Stores your cookie consent preferences	1 year

3.2 Analytics Cookies

Optional

These cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously. We use Microsoft Clarity for heatmaps, session recordings, and behavioral analytics to improve our Website's performance and user experience.

Cookie Name	Purpose	Duration
_clck	Microsoft Clarity - persists the Clarity user ID	1 year
_clsk	Microsoft Clarity - connects multiple page views in a session	1 day
CLID	Microsoft Clarity - identifies first-time visitors	1 year
ANONCHK	Microsoft Clarity - indicates whether MUID cookie is used	10 minutes
MR	Microsoft Clarity - indicates whether to refresh MUID	7 days
MUID	Microsoft Clarity - identifies unique browsers across Microsoft sites	1 year
SM	Microsoft Clarity - synchronizes MUID across Microsoft domains	Session

3.3 Preference Cookies

Optional

These cookies enable the Website to remember choices you make (such as your username, language, or region) and provide enhanced, more personalized features.

Cookie Name	Purpose	Duration
theme	Stores your dark/light mode preference	1 year
language	Stores your preferred language	1 year
sidebar_state	Remembers whether the dashboard sidebar is collapsed	30 days
code_theme	Stores your preferred code syntax highlighting theme	1 year

4. Third-Party Cookies

We use services provided by third parties that may set cookies on your device when you visit our Website. We do not control these third-party cookies. Please review the privacy policies of these third parties for more information.

4.1 Microsoft Clarity

We use Microsoft Clarity to understand how users interact with our Website through heatmaps, session recordings, and behavioral analytics. Clarity helps us identify usability issues and improve user experience.

Microsoft Clarity collects information such as mouse movements, clicks, scrolls, and page navigation patterns. All data is anonymized and session recordings mask sensitive information by default.

Data Collected: Page views, clicks, scrolls, mouse movements, device information, browser type, and anonymized IP addresses.

Data Storage: Microsoft stores Clarity data on servers in the United States and retains it for up to 3 months.

Opt-out: You can disable analytics cookies through our cookie consent banner or your browser settings. Clarity also respects Do Not Track browser signals.

Privacy Policy: Microsoft Privacy Statement

Clarity Documentation: Clarity Cookie List

4.2 Authentication Providers (NextAuth.js)

We use NextAuth.js for authentication, which may set cookies to manage your session and authentication state. If you choose to sign in using third-party providers (e.g., Google, GitHub), those providers may also set cookies.

Third-party authentication providers:

Google: Privacy Policy
GitHub: Privacy Statement

4.3 Stripe (Payment Processing)

We use Stripe to process payments. Stripe may set cookies to help detect and prevent fraud, as well as to provide you with a secure payment experience.

Privacy Policy: Stripe Privacy Policy

5. Complete Cookie Reference

The following table provides a comprehensive list of all cookies used on our Website:

Cookie Name	Purpose	Type	Duration
next-auth.session-token	Authentication session management	Essential	Session
next-auth.csrf-token	CSRF protection	Essential	Session
next-auth.callback-url	Post-authentication redirect	Essential	Session
__Secure-next-auth.session-token	Secure session token (HTTPS)	Essential	30 days
alterlab_consent	Cookie consent preferences	Essential	1 year
_clck	Microsoft Clarity - persists user ID	Analytics	1 year
_clsk	Microsoft Clarity - connects page views in a session	Analytics	1 day
CLID	Microsoft Clarity - identifies first-time visitors	Analytics	1 year
ANONCHK	Microsoft Clarity - indicates whether MUID is used	Analytics	10 minutes
MR	Microsoft Clarity - indicates whether to refresh MUID	Analytics	7 days
MUID	Microsoft Clarity - identifies unique browsers	Analytics	1 year
SM	Microsoft Clarity - synchronizes MUID across domains	Analytics	Session
theme	Dark/light mode preference	Preference	1 year
language	Language preference	Preference	1 year
sidebar_state	Dashboard sidebar state	Preference	30 days
code_theme	Code highlighting theme	Preference	1 year

6. Managing Cookies

6.1 Browser Settings

Most web browsers allow you to control cookies through their settings. You can set your browser to block or delete cookies, or to alert you when cookies are being sent. However, please note that blocking or deleting cookies may impact your user experience and some features of our Website may not function properly.

Here are links to cookie management instructions for popular browsers:

6.2 Opt-Out Options

Microsoft Clarity Opt-Out

You can opt out of Microsoft Clarity tracking by disabling analytics cookies through our cookie consent banner or your browser settings. Clarity also respects Do Not Track (DNT) browser signals. Learn more in the Clarity Cookie Documentation.

Do Not Track (DNT)

Some browsers have a "Do Not Track" feature that lets you tell websites you do not want your online activities tracked. While we respect DNT signals, not all tracking technologies currently respond to DNT signals.

Mobile Advertising

You can opt-out of personalized advertising on mobile devices through your device settings (iOS: Settings > Privacy > Advertising; Android: Settings > Google > Ads).

6.3 Impact of Disabling Cookies

If you choose to disable cookies, some features of our Website may not function properly. Specifically:

You will not be able to stay logged in to your account
Your preferences (theme, language, etc.) will not be saved
Some interactive features may not work
We will not be able to improve the Website based on usage data

Essential cookies are required for the Website to function and cannot be disabled without severely impacting your ability to use the Service.

7. User-Provided Cookies for Authenticated Scraping

Important Distinction
BYOS Feature

This section describes cookies that you voluntarily provide to AlterLab for authenticated web scraping purposes. These are fundamentally different from the cookies described in Sections 1–6 above, which are cookies that AlterLab (or our third-party partners) set on your browser when you visit our Website.

7.1 What Are BYOS Cookies?

“Bring Your Own Session” (BYOS) is a feature that allows you to provide your own session cookies from third-party websites so that AlterLab can perform authenticated scraping on your behalf. For example, you might provide your session cookies for a retail website to scrape member-only pricing data.

BYOS cookies are:

Not set by AlterLab — they originate from third-party websites where you have an existing account
Not tracking cookies — they are not used to track your browsing activity on our Website or anywhere else
Voluntarily provided — you choose which cookies to share and for which domains
Domain-isolated — cookies you provide for one domain are never used for any other domain

7.2 How BYOS Cookies Are Captured

You can provide cookies to AlterLab through two methods:

Chrome Extension (AlterLab Connect)

Our Chrome extension allows you to capture cookies from your active browser session for a specific domain. The extension uses a minimal permissions model: it requests only the cookies and activeTab permissions necessary to read cookies for the current tab. The extension does not monitor your browsing history, inject scripts into pages for tracking purposes, or transmit any data without your explicit action.

API / Direct Input

You can also provide cookies directly via the AlterLab API by including them in your scrape request. Cookies provided this way are treated as inline (memory-only) by default, unless you explicitly choose to store them as a saved session.

7.3 Storage and Security

Aspect	Stored Sessions	Inline (Memory-Only)
Encryption	AES-256-GCM at rest with per-user encryption keys	Held in process memory only; never written to disk
Persistence	Stored in our database until you delete them or they expire	Discarded immediately after the scrape request completes
Access	Accessible only to your account; used only for scraping the specified domain	Used for the single request only
Deletion	You can delete stored sessions at any time via the dashboard or API	Automatically purged after request completion

7.4 How We Use BYOS Cookies

BYOS cookies are used solely for the purpose you provide them: to authenticate scraping requests on the specified third-party domain. We do not:

Use your cookies to access third-party accounts for any purpose other than executing your scrape requests
Share, sell, or transfer your cookies to any third party
Use your cookies for advertising, analytics, or profiling
Use cookies provided for one domain to access any other domain

7.5 Your Responsibilities

When using the BYOS feature, you are responsible for ensuring that your use of session cookies from third-party websites complies with those websites' terms of service and applicable laws. AlterLab acts as a processor of the cookies you provide, executing scraping requests as instructed by you. Please review our Terms of Service for the full acceptable use policy.

8. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated Cookie Policy on this page with a new "Last updated" date
Sending you an email notification to the address associated with your account
Displaying a prominent notice on our Website

We encourage you to review this Cookie Policy periodically to stay informed about our use of cookies. Your continued use of the Website after any changes to this Cookie Policy constitutes your acceptance of the revised policy.

9. Contact Information

Questions About Cookies?

If you have any questions about our use of cookies or this Cookie Policy, please contact us:

Email:

[email protected]

General Inquiries: