Cookie Policy
Last updated: April 1, 2026
1. What Are Cookies
Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, to provide a better user experience, and to supply information to the owners of the site.
Cookies may be set by the website you are visiting ("first-party cookies") or by a third party that provides services to that website ("third-party cookies"). First-party cookies can only be read by the website that created them, while third-party cookies can be read by the third-party domain that set them.
In addition to cookies, we also use similar technologies such as browser local storage and session storage to store small amounts of data on your device. These technologies serve similar purposes to cookies and are covered by this Cookie Policy. Where we refer to "cookies" in this Policy, we include these related storage mechanisms unless otherwise stated.
Cookies can be classified by their lifespan:
- Session Cookies: These are temporary cookies that exist only while your browser is open. They are deleted automatically when you close your browser or the browser tab.
- Persistent Cookies: These cookies remain on your device for a set period of time or until you manually delete them. They are activated each time you visit the website that created them.
2. How We Use Cookies
MiN8T uses cookies and similar technologies for the following purposes, organized by category:
2a. Essential Cookies
Essential cookies are strictly necessary for the operation of the Service. Without these cookies, core functionality such as authentication and security protections would not be possible. These cookies cannot be disabled without breaking the Service.
- Session Management: We use an authentication cookie to maintain your logged-in state across page loads and browser sessions. Without this cookie, you would need to log in on every page request.
- Authentication: We store a session token that verifies your identity with our servers. This token is validated on every API request to ensure that only authorized users can access account data and perform actions.
- CSRF Protection: During OAuth authorization flows with Email Service Providers (ESPs) and social login providers, we use session storage tokens to prevent cross-site request forgery attacks. These tokens ensure that OAuth callbacks originated from a request you initiated.
2b. Functional Cookies
Functional cookies enable the Service to remember choices you have made and provide enhanced, personalized features. While the Service can function without these cookies, disabling them may result in a less tailored experience.
- Theme Preference: We store your preferred visual theme (light or dark mode) so that the interface renders with your chosen appearance each time you visit, without requiring you to set it again.
- User Profile Cache: We cache a copy of your user profile data (name, email, preferences) in browser storage to reduce network requests and improve page load performance.
- Editor Preferences: We store your filter and sort preferences in the template listing view, column visibility settings for data grids, and recently used search tags so that these settings persist between visits.
2c. Analytics Cookies
We operate our own internal analytics engine and do not use third-party analytics platforms such as Google Analytics. Our analytics cookies help us understand how users interact with the Service so we can improve its functionality and performance.
- Session Identification: Our analytics engine assigns each session a randomly generated session ID to correlate events within a single browsing session. This identifier is not shared with any third party.
- Performance Monitoring: We collect web vitals and performance data (page load times, interaction responsiveness, rendering performance) to identify and resolve performance issues.
You can opt out of analytics tracking at any time through your account settings or by enabling the Do Not Track (DNT) signal in your browser. Our analytics engine honors DNT and will not collect usage data when it is active.
2d. Marketing Cookies
MiN8T does not currently use any marketing, advertising, or behavioral tracking cookies. We do not serve advertisements within the Service, we do not build advertising profiles, and we do not share cookie data with advertising networks or data brokers.
If we ever introduce marketing cookies in the future, we will update this Cookie Policy, notify you in advance, and obtain your consent before setting any such cookies on your device.
3. Specific Cookies We Use
The following table provides a detailed list of the cookies and browser storage items used by MiN8T, including their purpose, type, and duration.
3a. Cookies
| Name | Purpose | Type | Duration |
|---|
x_token | Authentication session cookie. Contains your encrypted session token used to maintain your logged-in state across page loads and API requests. Strictly necessary for the Service to function. | Essential | 30 days |
3b. Local Storage
| Key | Purpose | Type | Duration |
|---|
x_token | A copy of your authentication token stored as a fallback mechanism for session persistence. Used when the cookie is not available. | Essential | Until logout or browser data cleared |
refresh_token | A token used to obtain a new session token when your current session expires, allowing seamless session renewal without requiring you to log in again. | Essential | Until logout or browser data cleared |
min8t_theme | Stores your selected visual theme preference (light or dark mode) so the interface renders with your chosen appearance on subsequent visits. | Functional | Persistent (until manually cleared) |
min8t_user_profile | Cached copy of your user profile data (name, email, preferences) to reduce network requests and improve page load performance. | Functional | Session (cleared on logout) |
template_filter_state | Your most recent filter and sort preferences in the template listing view, persisted between visits. | Functional | Until manually cleared |
grid_visible_columns | Your column visibility preferences for data grid views within the application. | Functional | Until manually cleared |
search_tags | Recently used search tags and filters for quick access in search interfaces. | Functional | Until manually cleared |
analytics_session_id | A randomly generated session identifier used by our internal analytics engine to group events within a single browsing session. Not shared with third parties. | Analytics | Cleared when browser is closed or analytics opt-out |
3c. Session Storage
| Key | Purpose | Type | Duration |
|---|
oauth_state | A CSRF protection token generated during OAuth flows with ESP integrations or social login providers. Validates that the OAuth callback originated from a request you initiated. | Essential | Until tab/window closed |
oauth_esp | The identifier of the ESP platform you are connecting to via OAuth, ensuring the callback is routed to the correct integration handler. | Essential | Until tab/window closed |
oauth_return_to | The URL you should be redirected to after completing an OAuth authorization flow. | Essential | Until tab/window closed |
redirectUrl | A temporary redirect URL stored during authentication flows to return you to your intended destination after logging in. | Essential | Until tab/window closed |
4. Managing Cookies
You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences through the following methods:
4a. Browser Settings
Most web browsers allow you to control cookies through their settings. You can typically find these controls in the "Privacy" or "Security" section of your browser's settings or preferences menu. Common browser cookie controls include:
- Viewing Cookies: You can view which cookies are currently stored on your device and inspect their contents, expiration dates, and associated domains.
- Blocking Cookies: You can configure your browser to block all cookies, block only third-party cookies, or block cookies from specific domains.
- Deleting Cookies: You can delete all existing cookies or selectively remove cookies from specific websites.
- Clearing Local Storage: You can clear localStorage and sessionStorage data through your browser's developer tools (typically accessible via F12 or Ctrl+Shift+I / Cmd+Option+I).
4b. Consequences of Disabling Cookies
If you choose to disable or delete cookies used by MiN8T, please be aware of the following consequences:
- Authentication Cookie (
x_token): Blocking or deleting this cookie will prevent you from maintaining a logged-in session. You will be required to log in again on every page load, which effectively makes the Service unusable. - Functional Cookies: Disabling functional storage items means your theme preference, filter settings, column visibility, and other personalization choices will not be remembered between visits. You will need to reconfigure these preferences each time you use the Service.
- Analytics Cookies: Disabling the analytics session ID will prevent us from collecting usage data about your sessions. This has no impact on your ability to use the Service. You can also opt out of analytics through your account settings or by enabling Do Not Track in your browser.
Important: Because our authentication relies on the x_token cookie and localStorage token, completely blocking all cookies and local storage for MiN8T will prevent you from using the Service. We recommend allowing at least essential cookies from our domain.
5. Third-Party Cookies
While MiN8T minimizes the use of third-party cookies, certain third-party services integrated into our platform may set their own cookies on your device. We do not control these cookies and they are subject to the respective third party's own cookie and privacy policies.
5a. Stripe (Payment Processing)
When you access billing pages or interact with payment forms, Stripe may set cookies on your device for fraud detection, security, and payment processing purposes. Stripe's cookies are necessary to securely process your payment information and comply with PCI-DSS requirements. MiN8T does not have access to or control over Stripe's cookies.
For more information about Stripe's use of cookies, please see Stripe's Cookie Policy.
5b. Google Fonts (Typography)
MiN8T may load web fonts from Google Fonts to render typography within the email editor and the application interface. When fonts are loaded from Google's servers, Google may receive your IP address and set cookies in accordance with their own policies. Google Fonts requests are limited to font file downloads and do not involve behavioral tracking or advertising.
For more information about Google's data practices related to fonts, please see Google's Privacy Policy.
6. Cookie Consent
We are committed to transparency about the cookies and storage technologies we use and to obtaining appropriate consent where required by applicable law.
How We Obtain Consent:
- Essential Cookies: Because essential cookies are strictly necessary for the operation of the Service, we do not require separate consent to set them. By using the Service and creating an account, you acknowledge that essential cookies are required for the Service to function.
- Functional and Analytics Cookies: When you create an account and agree to our Terms of Service, you consent to the use of functional and analytics cookies as described in this Policy. You may withdraw this consent at any time by disabling analytics in your account settings or by clearing the relevant storage items from your browser.
Updating Your Preferences:
- You can opt out of analytics tracking at any time through your account settings under the Privacy section.
- You can clear functional cookies and local storage items through your browser's settings or developer tools at any time.
- Enabling the Do Not Track (DNT) signal in your browser will automatically disable analytics data collection.
- Changes to your cookie preferences take effect immediately. Opting out of analytics does not retroactively delete previously collected analytics data; to request deletion of existing analytics data, contact us at privacy@min8t.com.
7. Do Not Track
Do Not Track (DNT) is a privacy preference that you can set in your web browser. When DNT is enabled, your browser sends a signal to websites requesting that they do not track your browsing activity.
MiN8T honors the Do Not Track signal. When our analytics engine detects that your browser has DNT enabled, we will:
- Not collect usage events, page views, session duration, or feature interaction data from your browsing session.
- Not set the
analytics_session_id in your browser's local storage. - Not collect web vitals or performance metrics from your browser.
Enabling DNT does not affect essential or functional cookies. Your authentication session, theme preferences, and editor settings will continue to work normally when DNT is enabled.
Please note that while MiN8T honors DNT, we cannot guarantee that third-party services (such as Stripe or Google Fonts) will also honor the DNT signal. Each third party has its own policy regarding DNT. We encourage you to review their respective privacy and cookie policies for details.
8. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes to our technology, or changes in applicable law. When we make changes, we will:
- Update the "Last updated" date at the top of this Policy.
- For material changes (such as introducing new categories of cookies, adding third-party cookies, or changing the purposes for which cookies are used), provide at least thirty (30) days' prior notice via email to the address associated with your account.
- For non-material changes (such as formatting updates, clarifications, or minor corrections to cookie descriptions), we may update the Policy without prior notice.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Cookie Policy. If you do not agree with the changes, you should stop using the Service before the changes take effect.
We encourage you to review this Cookie Policy periodically to stay informed about the cookies and storage technologies we use. Previous versions of this Policy are available upon request by contacting support@min8t.com.