aisthetic·servicesCookies
1. Marketing site (aisthetic.services)
The marketing site sets no cookies. There is no analytics, no advertising pixel, and no third-party script. The site is statically generated and served as plain HTML/CSS/JS.
2. Sandbox API (sandbox.aisthetic.services)
The sandbox API may set the following cookies on its origin:
at_sandbox_session, HttpOnly · Secure · SameSite=Lax · ~1 hour. Random opaque token bound to the durable sandbox session. We never echo this value back; it is sha256-hashed at rest in the durable Postgres store.at_sandbox_csrf, HttpOnly · Secure · SameSite=Lax · ~1 hour. Mirror token used for CSRF double-submit protection on sandbox writes.
3. Console (app.aisthetic.services)
The console may set short-lived sandbox cookies on its origin during onboarding. The console does not set advertising cookies, cross-site tracking cookies, or third-party analytics cookies.
4. Clearing cookies
Use the Reset sandbox session action in the onboarding stepper, or clear cookies for sandbox.aisthetic.services + app.aisthetic.services in your browser settings.
5. No third-party trackers
We do not embed Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any equivalent. We do not set third-party cookies for advertising or behavioural targeting.