Cookie Notice
Last updated: May 17, 2026
The short version
Millimetric does not set cookies on Visitors of customer sites or apps. We do not use cookies for analytics, tracking, advertising, or fingerprinting.
On the Millimetric marketing site and dashboard at millimetric.ai, we use a small number of strictly necessary cookies for login and CSRF protection — nothing else.
What we use, where
On customer sites that include our snippet
| Mechanism | Type | Purpose | Duration |
|---|---|---|---|
mm_aid | localStorage (not a cookie) | Anonymous, per-domain identifier used to estimate unique visits and de-duplicate page views. Not transmitted between domains. | Cleared when the user clears their browser storage. |
Because mm_aid is set in localStorage on the customer's own first-party domain and is never read across domains, it does not function as a cross-context tracking identifier. It is, however, a form of "terminal equipment storage" for the purposes of the EU ePrivacy Directive (and the UK PECR equivalent), so customers in the EU/UK should reference it in their own privacy notice and form their own view on whether consent is required for their use case. Audience-measurement exemptions exist under certain national regulator guidance (e.g. CNIL in France) but are not automatic; consult your counsel for your jurisdiction.
On millimetric.ai (our own site & dashboard)
| Name | Type | Purpose | Duration |
|---|---|---|---|
sb-access-token / sb-refresh-token | Strictly necessary | Authenticates your logged-in session with Supabase Auth. | Session / 7 days |
mm_csrf | Strictly necessary | Prevents cross-site request forgery on form submissions. | Session |
mm_theme | Preference (localStorage) | Remembers your dark/light mode preference. | Until cleared |
Do Not Track & Global Privacy Control
Our ingestion endpoint honours the DNT header and the Sec-GPC signal. When either is set, we still receive the request (we have to, to know it was sent) but we drop the event before it is written to long-term storage and do not return it in any report.
Changing your mind
For Millimetric.ai cookies, you can clear them from your browser's settings. Doing so will log you out. For the mm_aid identifier on a customer's site, clear your browser's site data for that site. Browsers in private/incognito mode discardmm_aid automatically when the window closes.