Cookie Policy

How asktodo.ai uses cookies and similar technologies, and how you control them.

Last updated: May 18, 2026 | Effective Date: May 18, 2026

1. What are cookies?

Cookies are small text files placed on your device when you visit a website. Browsers send them back with later requests so the site can remember information about your session (whether you are logged in, your language, your preferences). The term “cookies” in this policy also covers similar technologies such as localStorage, sessionStorage, web beacons / pixels, and small JavaScript fingerprint signals.

2. Two different environments

asktodo.ai has two distinct surfaces with different tracking behaviour:

(a) The authenticated dashboard (app)

  • Uses only essential cookies needed to keep you logged in and protect your account.
  • Loads no Google Analytics, no AdSense, no third-party tracker.
  • Usage telemetry (your tool history, credits, sessions) is recorded server-side in our database — not via cookies.

(b) The public marketing site (asktodo.ai, blog, tool landing pages, pricing)

  • Loads Google Analytics 4 and Google AdSense under Google Consent Mode v2.
  • Defaults all non-essential categories to denied until you choose on the cookie banner.
  • Shows ads to everyone, but personalizes them only with your consent — see Section 5.

3. Categories of cookies we use

3.1 Essential (always on)

Purpose: The site cannot function without these. They keep you logged in, protect against cross-site forgery, and remember your own cookie choice.

Legal basis: Strictly necessary (does not require consent in any jurisdiction).

Examples:

  • sb-access-token / sb-refresh-token — Supabase Auth session tokens
  • sb-…-auth-token.0 / .1 — SSR-readable session chunks
  • csrf-token — cross-site request forgery protection
  • cookie-consent (localStorage) — remembers your choice from the banner
  • cookie-consent-date + cookie-consent-version (localStorage) — audit trail of your choice

3.2 Functional (consent toggle)

Purpose: Remember your preferences so the site feels personal next visit.

Legal basis: Consent.

Examples:

  • NEXT_LOCALE — language preference
  • theme — dark / light mode
  • UI-state localStorage entries for recently used tools

Maps to Consent Mode v2: functionality_storage, personalization_storage.

3.3 Analytics (consent toggle)

Purpose: Aggregate, anonymous measurement of marketing-site traffic.

Legal basis: Consent.

Service: Google Analytics 4 (measurement ID G-N4YGG6N8NP) configured with anonymize_ip:true, allow_google_signals:false, allow_ad_personalization_signals:false.

Cookies set when granted: _ga, _ga_*, _gid, _gat, _gcl_au.

When denied: GA still sends a cookieless ping (so we get aggregate page counts) but no identifiers are stored. Pre-existing GA cookies are scrubbed.

Maps to Consent Mode v2: analytics_storage.

3.4 Personalized ads (consent toggle)

Purpose: Whether the ads we show are tailored to your inferred interests.

Legal basis: Consent.

Service: Google AdSense (publisher ca-pub-5355186453524406).

Cookies set when granted: NID, IDE, DSID, __gads, __gpi, _gac_*.

When denied: AdSense still loads and serves non-personalized ads (NPA). No ad identifiers are stored. Pre-existing ad cookies are scrubbed.

Maps to Consent Mode v2: ad_storage, ad_user_data, ad_personalization.

4. How our consent banner works

The flow on first visit:

  1. Our HTML ships a synchronous <head> script before any Google tag loads. It calls gtag('consent', 'default', ...) setting every non-essential category to denied.
  2. Google Analytics + AdSense load asynchronously. Because consent is denied, the very first hit carries the Consent Mode signal gcs=G100 (denied) and AdSense runs in non-personalized mode.
  3. React hydrates. The cookie banner appears within ~600 ms.
  4. You click Accept All, Reject All, or open Customize and set categories individually. Your choice is sent to Google via gtag('consent', 'update', ...) and persisted to localStorage.
  5. Clicking the X button on the banner is treated as Reject All — silence is never consent.
  6. If you deny analytics or ads, we proactively delete any matching Google cookies that may have already been written.

On subsequent visits the synchronous head script reads your saved choice and re-applies it to gtag before any Google tag loads — so the very first ad on the next page is already in the correct mode.

5. Why ads always show

Advertising is a core revenue stream for asktodo.ai. We load Google AdSense for every visitor regardless of consent state. What changes with your consent choice is whether the ads can use your behavioral data to personalize themselves.

  • Consent granted for personalized ads → ads are tailored using cookies, may be more relevant to you.
  • Consent denied → non-personalized ads (NPA) only — ads are based on the page context, not on you. No ad cookies are set.

Showing ads without consent is permitted under GDPR, CCPA, DPDP, and every other major privacy framework — only personalization based on tracking requires consent.

6. Managing your preferences

6.1 In our banner

You can re-open the cookie banner at any time using the “Cookie Settings” link in the footer. Your changes take effect immediately — the corresponding gtag('consent', 'update', ...) call fires, cookies are added or scrubbed, and the choice is saved.

6.2 In your browser

You can also manage cookies in your browser's settings (clear, block, or allow per site). Note that blocking essential cookies will break login.

6.3 Third-party opt-outs

7. Third-party services that may set cookies on the public site

ServicePurposeProvider policy
Google Analytics 4Aggregate marketing-site analyticspolicies.google.com/privacy
Google AdSenseAdvertisingpolicies.google.com/technologies/ads

8. Regional compliance

8.1 EU / UK (GDPR + ePrivacy)

The banner asks for consent before any non-essential cookie is set, and we honour your choice in real time. The X dismiss is treated as Reject All.

8.2 California (CCPA / CPRA)

asktodo.ai does not sell personal information for money and does not share it for cross-context behavioral advertising in the CPRA sense. To send a verifiable opt-out request anyway, see the Privacy Policy — Section 11.

8.3 India (DPDP Act, 2023)

Cookies that process personal data require notice and consent. Our banner provides that notice and an unambiguous opt-in / opt-out for each category.

8.4 Other jurisdictions

The same default-denied Consent Mode v2 setup is applied uniformly worldwide so the experience is consistent regardless of where you visit from.

9. Changes to this Cookie Policy

We may update this policy from time to time. When we do we will post the new version, update the “Last updated” date, and (where required) prompt for fresh consent.

10. Contact

For any cookie-related question email hi@asktodo.ai.

Operating jurisdiction: Karnataka, India.

Back to Home