COOKIE POLICY
Effective
Date: April 4,
2026
1. Purpose and Scope
This
Cookie Policy explains how Sentimento Technologies Limited ("we",
"us") uses cookies and similar technologies when you visit www.monoclaw.app or access the Client Dashboard
("Dashboard"). This Policy is subject to the Master Agreement and
Terms of Service, which mandate the Dashboard as the exclusive platform for
contractual communications (Clause 11.6).
2. What Are Cookies
Cookies
are small text files stored on your device. Given our exclusive reliance on the
Dashboard for contract performance, notice delivery, and security (including
the protection of Strictly Confidential Information such as the Sentimento
Receiving Address), certain cookies are strictly necessary for contractual
functionality and cannot be disabled without terminating service access.
3. Types of Cookies We Use
3.1 Strictly Necessary Cookies
(Essential)
These
cookies are required for the Website and Dashboard to function and to maintain
the security architecture mandated by the Master Agreement (Clause 1.4, 8.6,
12.6). You cannot opt out of these without losing Dashboard access.
|
Cookie
Name
|
Provider
|
Purpose
|
Duration
|
|
session_id
|
MonoClaw
|
Maintains secure login session
via Google SSO (exclusive authentication method per Clause 3.1, Terms of
Service)
|
Session
|
|
csrf_token
|
MonoClaw
|
Security token preventing
cross-site request forgery (essential for protecting Strictly Confidential
Information and API key submissions)
|
Session
|
|
auth_state
|
MonoClaw
|
Preserves authentication state
during Google SSO flow (Clause 1.3, Master Agreement)
|
1 hour
|
|
dashboard_access
|
MonoClaw
|
Ensures exclusive Dashboard
notification system functionality (Clause 11.6); records timestamp of last
access for deemed receipt calculations
|
1 year
|
|
nss_flow
|
MonoClaw
|
Tracks Native Signing System
execution state for electronic signature non-repudiation (Clause 1.3, 1.4)
|
Session
|
3.2 Functional Cookies
Enable
specific Dashboard features necessary for contractual performance.
|
Cookie
Name
|
Provider
|
Purpose
|
Duration
|
|
dashboard_prefs
|
MonoClaw
|
Remembers Dashboard display
preferences (essential for monitoring obligations under Clause 11.6(c))
|
1 year
|
|
last_viewed
|
MonoClaw
|
Tracks last viewed
order/notification to support duty to monitor communications
|
30 days
|
|
telegram_whitelist
|
MonoClaw
|
Stores hash of whitelisted
Telegram username for bot integration immutability check (Clause 4.9)
|
Duration
of Agreement
|
3.3 Security and Fraud Prevention
Cookies
Required
for export control compliance, sanctions screening, and protection of API
keys/Confidential Information.
|
Cookie
Name
|
Provider
|
Purpose
|
Duration
|
|
sanctions_screen
|
MonoClaw
|
Temporary session flag indicating
sanctions screening status (AUP Section 2)
|
Session
|
|
geoblock_check
|
MonoClaw
|
IP geolocation verification for
HK-only service enforcement (Clause 2.2, Terms of Service)
|
Session
|
|
api_key_upload
|
MonoClaw
|
Secures OpenRouter API key upload
session (Clause 4.6)
|
24 hours
|
3.4 Analytics Cookies (Optional –
EU/EEA Only)
These
cookies help us understand Website usage and are only set with explicit consent
for EU/EEA/UK visitors (GDPR compliance). HK users are not served these cookies
by default per PDPO principles.
|
Cookie
Name
|
Provider
|
Purpose
|
Duration
|
|
_ga
|
Google
Analytics
|
Distinguishes users for traffic
analysis (IP anonymized)
|
2 years
|
|
_gid
|
Google
Analytics
|
Distinguishes users for 24 hours
|
24 hours
|
|
_gat
|
Google
Analytics
|
Throttles request rate
|
1 minute
|
4. Third-Party Cookies
Set
by service providers essential to the Master Agreement:
|
Provider
|
Purpose
|
Duration
|
Legal
Basis
|
|
Google (accounts.google.com)
|
SSO authentication and security
tokens for Dashboard access (Clause 3.1, 11.10)
|
Session
|
Contract
performance
|
|
Stripe (js.stripe.com)
|
Fraud prevention, payment
processing, and PCI-DSS compliance (Clause 12.4)
|
Session
|
Contract
performance
|
|
Supabase (supabase.co)
|
Database session management for
diagnostic logs (Schedule C)
|
Session
|
Contract
performance
|
5. Consent Management
5.1
Hong Kong SAR Users:
Under
the PDPO, we do not require explicit cookie consent for standard operations. By
accessing the Dashboard and accepting the Master Agreement, you acknowledge
that Strictly Necessary and Functional cookies are required for contractual
performance, export control compliance, and the security of Strictly
Confidential Information.
5.2
EU/EEA/UK Users:
Upon
detecting an EU IP address, we display a cookie banner requiring explicit opt-in
consent for Analytics cookies. You may:
- Accept
All: Allows
necessary, functional, and analytics cookies;
- Essential
Only: Blocks
analytics cookies but allows Dashboard functionality;
- Customize: Select specific categories
(though Strictly Necessary cannot be disabled).
5.3
California Users:
We
honor "Do Not Track" signals for analytics cookies.
6. Dashboard-Exclusive Architecture
and Cookie Necessity
6.1
Contractual Performance:
Per
Clause 11.6 of the Master Agreement, the Dashboard is the sole and exclusive
method for all contractual notices, billing communications, and legal
correspondence. Deletion or blocking of Essential cookies (session_id, dashboard_access) will prevent deemed receipt of
notices and constitute a breach of your duty to monitor communications.
6.2
Security Implications:
Blocking
csrf_token or sanctions_screen cookies will disable our ability
to enforce the Acceptable Use Policy, export controls, and protection of the
Sentimento Receiving Address (Strictly Confidential Information per Clause 1.1,
12.6), potentially exposing you to liquidated damages of HKD $50,000 for
unauthorized disclosure.
7. How to Control Cookies
- Browser
Settings: You
may block or delete cookies, but this will prevent Dashboard access and
terminate your ability to receive contractual notices (Clause 11.6).
- Consent
Banner:
Available to EU/EEA visitors on first visit and via "Cookie
Settings" link in Dashboard footer;
- Google
Analytics Opt-Out:
Install the Google Analytics Opt-out
Browser Add-on.
8. Data Retention
Cookie
data is retained for the durations specified above. Analytics data (IP
anonymized) is retained for 26 months in Google Analytics then
automatically deleted. Essential session cookies are deleted immediately upon
logout or browser closure.
9. Updates to Cookie Policy
We
may update this Policy to reflect changes in the Master Agreement, technology,
or legal requirements. Updates are posted to the Dashboard with an updated
effective date. For active Orders, the version current at the Order date
governs.
