Seerai LogoSeerai
FeaturesPricingDocumentationGitHub

On this page

  • 1. What are cookies?
  • 2. What we use
  • 3. What we do not use
  • 4. How to control cookies
  • 5. Updates to this policy
  • 6. Contact us

Cookie Policy

This policy lists every cookie and similar technology that Seerai sets or receives when you use seerai.amayx.com, who sets it, what it does, and how long it lasts. It is short because we believe short is honest in this case.

Effective: July 8, 2026Last updated: July 8, 2026Version: 2.0
Plain-language summary. We use only cookies that are strictly necessary for authentication and security. We do not use analytics cookies, advertising cookies, or third-party tracking cookies. There is no cookie banner because there is nothing on this site that requires consent under the ePrivacy Directive / PECR (UK) / CCPA (California).

§1What are cookies?

Cookies are small text files set by a website and stored on your device. Local storage, session storage, IndexedDB, and HTTP headers set through Set-Cookie are related technologies that perform similar functions. Together, we refer to all of these as “cookies” in this policy.

Seerai distinguishes two purposes a cookie may serve:

  • Strictly necessary: required for the Service to work — for example, keeping you signed in or preventing request forgery. Under the ePrivacy Directive and most national transpositions (including the UK PECR) these do not require your consent.
  • Non-essential: anything else, including analytics, marketing, and third-party tracking. Under the same laws these do require consent (opt-in).

§2What we use

Seerai itself sets essentially no first-party cookies. All cookies and similar storage on this site are set by our authentication sub-processor (InstantDB) and, in some cases, the underlying hosting layer (Cloudflare). Both are strictly-necessary.

2.1 Cookies and storage set by InstantDB (authentication)

The Zotero plugin, our hosted dashboard, and your account profile are all backed by InstantDB. To keep you signed in without sending your long-lived refresh credential on every request, InstantDB sets the following on InstantDB-owned domains and on seerai.amayx.com when used for authentication callbacks:

NameTypePurposeExpiresProvider
__session_refresh_token__
(or equivalent name from your InstantDB configuration)
First-party HttpOnly cookieHolds a long-lived refresh credential used to obtain new short-lived access tokens. Cannot be read by JavaScript.~30 days (rotated on use)InstantDB
__session_access_token__
(name varies)
First-party HttpOnly cookieHolds the short-lived bearer token sent to API requests. Replaced on each refresh.~1 hourInstantDB
IndexedDB store instantdb:cache (or equivalent)Browser-local storageHolds cached user profile and query results so the dashboard does not refetch on every render. Cleared on sign-out.Until sign-out or manual clearInstantDB
__csrf_token__ or X-CSRF-Token headerFirst-party session valueMitigates cross-site request forgery on form submissions.SessionInstantDB

We do not set our own Seerai cookies for authentication. Our API gateway issues bearer tokens over HTTPS that are stored by the client (typically in IndexedDB by the plugin). You can revoke any of these at any time from the dashboard.

2.2 Cookies set by Cloudflare

Cloudflare may set the following cookies when it needs to verify that an incoming request comes from a real browser and not from an automated attacker. We do not configure these and they are set only in response to specific edge signals:

NameTypePurposeExpiresProvider
__cf_bmFirst-party HttpOnly cookieCloudflare Bot Management: distinguishes humans from bots. Set only when traffic patterns warrant.30 minutes from setCloudflare
cf_clearanceFirst-party cookieCloudflare clearance cookie: lets a verified visitor through a security challenge.Up to 30 daysCloudflare

Refer to Cloudflare’s privacy policy for the legal basis and storage locations of those cookies.

§3What we do not use

Seerai does not load any of the following on seerai.amayx.com or in the hosted dashboard. We make this a hard engineering rule, not just a policy rule:

  • Analytics cookies or SDKs: no Google Analytics, Google Tag Manager, Meta Pixel, Plausible, PostHog, Mixpanel, Amplitude, Fathom, Hotjar, FullStory, LogRocket, or Segment.
  • Error monitoring that captures session replay: no Sentry, no Datadog Browser RUM, no Bugsnag session replay.
  • Advertising cookies: no Google Ads, no Meta Ads Pixel, no TikTok Pixel, no LinkedIn Insight Tag, no X (Twitter) pixel, no Microsoft Clarity.
  • Social widgets: no embedded YouTube, Twitter, or Facebook widgets that drop tracking cookies.
  • Chat / support cookies: no Intercom, Zendesk Chat, Drift, Crisp, or HubSpot chat cookies. Support is email-only.
  • Fingerprinting or device-graph identifiers: we do not write browser fingerprint data to local storage or send it to a tracker.

As a result, this site does not display a cookie-consent banner. There is nothing for the banner to ask you to opt in or out of. We document the absence so you can verify it (open the browser’s developer tools > Storage > Cookies and load any page on this domain — you will see only the entries listed in section 2).

§4How to control cookies

Because every cookie we and our sub-processors set is strictly-necessary, disabling them will likely break part of the Service. With that caveat, your options are:

  • Browser controls. Every modern browser lets you block or delete cookies. Use the “Site settings” or “Privacy” section of your browser to inspect or remove Seerai cookies. Note that blocking all cookies will prevent sign-in.
  • Sign out. Signing out of the Seerai dashboard invalidates the InstantDB refresh token and clears the in-memory access token. You can do this from the dashboard or by clearing site data for seerai.amayx.com in your browser.
  • Revoke plugin API tokens at any time from the dashboard. The plugin will need to re-authenticate with a new magic code.
  • Cloudflare cookies. Cloudflare’s cookies can only be controlled via your browser’s cookie settings; Cloudflare does not honour the “Do Not Track” header, though we have not configured any additional personalised features on top of them.

§5Updates to this policy

If we add or remove a non-essential cookie, we will update this page, change the version number, and — if the change is material — show an in-app notice and obtain consent where required. The current version is always at seerai.amayx.com/cookies.

§6Contact us

Questions about this Cookie Policy: privacy@amayx.com
Other privacy questions: privacy@amayx.com

See also our full Privacy Policy and Terms of Service.

Document version 2.0 · Effective July 8, 2026 · Supersedes all earlier versions.

Print or save as PDF
Seerai LogoSeerai

AI-powered research assistant for Zotero. Transform your academic workflow with intelligent chat, semantic search, and data extraction.

Product

FeaturesPricingChangelogDownloads

Resources

DocumentationAPI ReferenceGitHubGuides

Company

AboutBlogContactCareers

Legal

Privacy PolicyTerms of ServiceRefund PolicyCookie Policy

© 2026 Seerai. All rights reserved.

Made with ❤️ for researchers worldwide