This Cookie Policy explains how C4CI Arch uses cookies, local storage, session storage, and similar browser technologies in the tenant portal, Admin Hub, and related product surfaces. It should be read with the C4CI Privacy Policy and Terms of Service.
For questions, contact support@c4ci.io.
1. What This Policy Covers
Browser technologies help Arch authenticate users, protect sessions, route organisation context, remember product preferences, store privacy choices, and control optional non-essential integrations.
This policy covers browser-side storage. Server logs, audit events, billing records, connected-system metadata, and operational telemetry are covered by the Privacy Policy and product security controls.
2. Storage Categories
Arch uses the following categories:
| Category | Status | Purpose |
|---|---|---|
| Strictly necessary | Always on | Authentication, session continuity, CSRF protection, organisation routing, security, legal acceptance checks, request integrity, load handling, and core product operation |
| Preferences | User-controlled | Remembering product choices such as theme, selected organisation, layout, navigation state, diagram settings, and dismissed product controls |
| Analytics | Off unless configured and allowed | Understanding product reliability and usage patterns without advertising use |
| Personalization | Off unless configured and allowed | Optional product personalization beyond strictly necessary preferences |
| Marketing | Off unless configured and allowed | Measuring or managing marketing communications where legally permitted |
| Third-party embeds and design capture | Off unless configured and allowed | Loading optional third-party scripts or embeds, including design-source capture tooling used for authorised design reconciliation |
Strictly necessary storage is required to provide the signed-in product safely. Non-essential categories are blocked unless they are configured in the runtime and the current privacy-consent record allows the relevant category.
3. Storage Inventory
The exact names and lifetimes may change as identity providers, browsers, and security controls evolve. The current product design uses the following storage patterns:
| Name or pattern | Category | Where stored | Purpose | Typical lifetime |
|---|---|---|---|---|
| NextAuth and Keycloak session cookies | Strictly necessary | Cookie | Authenticate the user, maintain session state, refresh access, and protect signed-in routes | Session or identity-provider configured lifetime |
| CSRF, nonce, request-integrity, and security cookies | Strictly necessary | Cookie | Protect login, logout, form, and request flows from tampering or cross-site request attacks | Session or short security-control lifetime |
c4ci_org_id |
Strictly necessary / preference | Cookie and local storage | Remember the selected organisation so server and client views route to the same tenant context | Up to 1 year in the cookie; until changed or cleared in local storage |
| Legal-status and acceptance-flow state | Strictly necessary | Cookie, local storage, or server-backed state | Determine which legal documents must be displayed or accepted before product access | Until accepted, superseded, cleared, or no longer required |
c4ci_arch_privacy_consent |
Preference / consent record | Local storage | Store privacy choices for analytics, personalization, marketing, and third-party embeds against the current policy version | Until changed, cleared, or replaced by a new policy version |
c4ci_dark_mode and related theme settings |
Preference | Local storage | Remember theme and visual preferences | Until changed or cleared |
| Sidebar, navigation, layout, diagram, and profile preference keys | Preference | Local storage | Preserve interface layout, navigation groups, diagram layout mode, sorting, filters, and profile preferences | Until changed or cleared |
| Demo, onboarding, dismissal, and next-action keys | Preference | Local storage | Remember dismissed banners, onboarding hints, or selected workflow defaults | Until changed, reset, or cleared |
| Scan trigger and in-progress workflow state | Strictly necessary / preference | Session storage | Keep short-lived workflow state stable during the current browser session | Current browser session |
| Optional analytics identifiers | Analytics | Cookie or local storage | Measure product usage or reliability if analytics are configured and permitted | As stated in the analytics provider configuration |
| Optional personalization state | Personalization | Cookie or local storage | Adapt optional product guidance, onboarding, or workspace recommendations when configured and permitted | As stated in the personalization provider configuration |
| Optional marketing identifiers | Marketing | Cookie or local storage | Support marketing measurement or communications if configured and permitted | As stated in the marketing provider configuration |
| Optional Figma HTML to Design capture script state | Third-party embeds and design capture | Script and related browser storage | Support authorised design-source reconciliation when NEXT_PUBLIC_FIGMA_HTML_TO_DESIGN_CAPTURE=1 is configured and consent allows third-party embeds |
Only while configured and permitted; third-party storage follows the provider configuration |
Arch does not currently configure advertising pixels or behavioural profiling in normal runtime.
4. Strictly Necessary Storage
Strictly necessary storage is used to:
- authenticate users and keep sessions working;
- protect login, logout, form, and API flows;
- route users to the correct organisation and project context;
- enforce legal acceptance and access checks;
- maintain tenant isolation, abuse prevention, rate-limit, and security controls;
- keep short-lived workflows stable during a browser session.
These items cannot be switched off through product cookie settings because Arch cannot provide the authenticated service safely without them. You can still block or clear them through your browser, but parts of the product may stop working or ask you to sign in again.
5. Preference Storage
Preference storage remembers product choices that users make inside Arch. These choices are not used for advertising and can usually be changed through the product UI or cleared through browser site-data controls.
Preference examples include theme, selected organisation, sidebar state, navigation state, diagram layout settings, dismissed banners, and privacy choices.
6. Analytics, Personalization, and Marketing Storage
Analytics, personalization, and marketing storage are non-essential. Arch keeps these categories off unless the runtime is configured to use them and the user has allowed the relevant category where consent is required.
If Arch later adds analytics, personalization, or marketing providers, those providers must be reflected in this policy or another product notice before launch in that configuration.
7. Third-Party Design Capture
Arch can optionally load the Figma HTML to Design capture script for authorised
design-source reconciliation. The script is available only when the runtime is
configured with NEXT_PUBLIC_FIGMA_HTML_TO_DESIGN_CAPTURE=1, and it remains
blocked unless the current privacy-consent record allows third-party embeds.
If consent is withdrawn, Arch removes the non-essential script from the page. This feature is intended for development and design operations, not for normal advertising or behavioural profiling.
8. Your Choices
Where non-essential runtime features are present, the first-layer privacy notice offers:
- Accept all;
- Reject non-essential;
- Cookie settings.
After a decision, the persistent Privacy settings control remains available so choices can be changed later. You can also clear site data in your browser, which removes local browser storage and may cause Arch to ask again on the next visit.
9. Global Privacy Control
Where the browser exposes Global Privacy Control, Arch honors it by keeping personalization, marketing, and third-party design capture disabled even if Accept all is chosen.
10. Browser Controls
Most browsers let you delete cookies, block third-party cookies, clear local storage, clear session storage, or reset site data. Browser controls may remove both essential and non-essential storage. If essential storage is removed, Arch may sign you out, lose local preferences, or ask for a fresh privacy choice.
11. Retention
Session cookies follow the session lifetime managed by the identity and
authentication systems. The c4ci_org_id cookie may last up to one year so the
selected organisation stays consistent across visits. Session storage normally
expires when the browser session ends.
Local-storage preferences and consent records remain in browser storage until you change them, clear site data, or Arch publishes a new policy version that requires a fresh choice. Arch does not promise a fixed consent expiry period unless the product configuration implements one.
12. Changes to This Policy
C4CI may update this policy when product storage, runtime configuration, providers, or legal requirements change. The version and effective date at the top of this document identify the active version.
13. Contact
Questions about Arch browser storage or privacy controls should be sent to support@c4ci.io.