Cookie Policy

Cookies are small text files placed on your device by a website to store information. "Similar technologies" include localStorage, sessionStorage, and browser fingerprinting. We use the term "cookies" to refer to all such technologies collectively in this Policy.

SEO Agent is a web application with a minimal tracking footprint. We do not use:

• Third-party advertising cookies
• Cross-site tracking pixels (Facebook Pixel, Google Ads remarketing, etc.)
• Behavioural profiling or audience segmentation cookies
• Social media tracking cookies

We do use the following:

All storage is first-party — we do not load any third-party scripts that set cookies on this domain.

Strictly necessary cookies: The authentication token stored in localStorage is essential for the Service to function — without it, you cannot log in or access your account. These do not require your consent under the ePrivacy Directive and equivalent laws.

EU / UK users: Strictly necessary cookies are exempt from the consent requirement under Regulation 6(4) of the Privacy and Electronic Communications Regulations (PECR) and Article 5(3) of the ePrivacy Directive.

GDPR: Processing of authentication data is based on contract performance (Art. 6(1)(b) GDPR).

Nepal: Storage of session data is necessary for the provision of the Service as agreed in the Terms of Service.

If we introduce non-essential cookies in the future (e.g., analytics), we will update this Policy and present a cookie consent notice where required by law.

4.1 Authentication tokens (localStorage): JWT tokens stored in localStorage are accessible to JavaScript running on the page. We mitigate XSS risk through:

• A strict Content Security Policy (CSP) that blocks unauthorised script execution
• Regular dependency audits to prevent third-party script injection
• Short token expiry (7 days)
• Algorithm pinning (HS256) and server-side secret rotation capability

4.2 We do not store sensitive information (passwords, payment card data, CMS credentials) in browser storage. CMS credentials are stored only on the server in AES-256-GCM encrypted form.

5.1 Browser controls: You can clear localStorage and cookies at any time through your browser settings. Clearing authentication data will log you out of the Service.

5.2 Logout: Using the "Sign out" button clears your stored authentication token and user data from the browser.

5.3 Account deletion: Deleting your account removes all server-side data. You can clear browser storage independently.

5.4 Do Not Track (DNT): We respect DNT signals. As we do not use behavioural tracking, DNT has no additional effect on our data practices.

5.5 Global Privacy Control (GPC): We honour GPC signals in accordance with CCPA/CPRA requirements. As we do not sell personal information, no opt-out action is taken beyond what is already our standard practice.

6.1 The SEO Agent application does not embed any third-party advertising, social media, or analytics scripts on the main application pages.

6.2 Payment processing pages (Stripe) will load Stripe.js, which may set Stripe's own cookies for fraud prevention. This is governed by Stripe's Privacy Policy.

6.3 Nepal payment processors (eSewa, Khalti, etc.) when redirected to for payment may set their own cookies. Refer to their respective privacy policies.

If we introduce new cookies or tracking technologies, we will update this Policy and, where required by law, present a cookie consent notice. Material changes will be communicated with at least 30 days' notice.

For questions about our cookie practices: privacy@pitech.com.np

EU users may lodge cookie-related complaints with your national data protection authority or the ICO (UK).