Cookie Policy

1. Overview

AiOrch is a self-hosted application. Any cookies set by the Software exist on your own server and are exchanged between your browser and your own infrastructure. We (Reisnova Limited) do not receive, read, or store any cookies from your installation.

2. Cookies Used by the Software

The AiOrch application uses a single cookie for authentication:

3. No Tracking Cookies

AiOrch does not use any:

• Analytics cookies (Google Analytics, Mixpanel, etc.)
• Advertising or targeting cookies
• Third-party tracking pixels or beacons
• Social media cookies
• Fingerprinting or device identification scripts

4. This Website (aiorch.ai)

The aiorch.ai landing page does not set any cookies. It is a static HTML page with no analytics, tracking, or third-party scripts that set cookies.

5. Cookie Security

The orch_session cookie is protected by multiple security measures:

• HttpOnly: The cookie cannot be accessed by JavaScript, preventing XSS-based cookie theft.
• SameSite=Strict: The cookie is never sent on cross-origin requests, preventing CSRF attacks.
• Secure flag: When served over HTTPS (via a reverse proxy), the cookie is only transmitted over encrypted connections.
• HMAC-SHA256 signature: The cookie value is cryptographically signed. Tampered cookies are rejected.
• Expiry: The cookie expires after the configured session duration (default 30 minutes from login).

6. Managing Cookies

Since the cookie is strictly necessary for authentication, disabling it will prevent you from logging into the AiOrch dashboard. You can:

• Log out: Click "Logout" on the settings page — this deletes the cookie immediately.
• Browser settings: Clear cookies for your AiOrch server's domain in your browser settings.
• Reduce duration: Set ORCH_SETTINGS_SESSION_EXPIRY_MINUTES to a lower value in your .env file.

7. Changes to This Policy

If additional cookies are introduced in future versions of the Software, this policy will be updated. Material changes will be noted in the changelog.