Legal
Cookie Policy
Effective date: March 22, 2026 · Last updated: April 17, 2026
2. Consent and cookie management
We classify cookies into three categories: (a) Strictly Necessary: These cookies are essential to site function (session management, CSRF protection, authentication). They do NOT require prior consent under GDPR, TTDSG, or CASL. These include: intended_portal_session (Customer session identifier, 30 days), intended_backoffice_session (Staff session identifier, 30 days), intended_csrf (CSRF token, session-scoped), intended_cookie_consent (Your consent preferences, 1 year), intended_consent_session (Consent audit-log identifier, 1 year). (b) Functional: These cookies improve user experience but are not strictly necessary. They require prior opt-in consent. These include: intended_prefs (Theme, timezone, language preferences). (c) Analytics: These cookies track site behavior for analytics. They require prior opt-in consent. These include: _ga, _gat (Google Analytics tracking). We operate a consent banner that allows you to review and manage your cookie preferences. If you have disabled non-essential cookies, only strictly necessary cookies will be set. You can manage your preferences at any time in your [Account Settings → Privacy & Cookies] or by clicking "Cookie Preferences" in the footer.
5. Analytics and cross-context isolation
We use Google Analytics (first-party tracking) to measure: Visitor traffic, page views, referral sources, User behavior (scrolling, time-on-page, feature engagement), Conversion funnels (sign-up, enterprise demo request). CROSS-CONTEXT ISOLATION: We do NOT link analytics data between: intended.so (marketing website) and apps.intended.so (console), Visitors and logged-in customers, Marketing touchpoints and product usage. Each domain maintains separate Google Analytics properties, ensuring that your product usage data (in Console) is never combined with your marketing site behavior for profiling or targeting purposes. For details on Google Analytics' data practices, see Google's Privacy Policy and Data Retention Settings.
6. Withdrawing consent
You can withdraw or modify your cookie preferences at any time by:
- Clicking 'Cookie Preferences' in the site footer
- Visiting your Account Settings → Privacy & Cookies
- Using your browser's cookie settings to block all cookies (we will not block you from using the site, but some features may not work)
- Withdrawing consent does NOT affect strictly necessary cookies (session, CSRF), which are required to keep you logged in. Withdrawing consent deletes functional and analytics cookies within 24 hours.
- Your consent choice is saved in the intended_cookie_consent store (expires 1 year). You can update it at any time.
7. Third-party cookies
Intended does not use third-party cookies. We do not embed third-party advertising networks, social media tracking pixels, or cross-site analytics tools. Runtime integrations such as the OpenShell / NemoClaw reference integration do not introduce third-party cookies into the Intended website or console surfaces.
9. Browser-specific instructions
To manage cookies in your browser, consult your browser's help documentation:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions > Manage and delete cookies
10. Impact of disabling cookies
Because Intended uses only strictly necessary cookies for core functions, disabling them may prevent the Services from functioning correctly. Specifically, disabling cookies may prevent you from logging in, maintaining an authenticated session, or retaining your UI preferences. The Intended API (used by SDKs and CLI tools) does not rely on cookies and uses API key authentication instead.
11. Global privacy control and CPRA
Intended respects Global Privacy Control (GPC) signals sent by your browser or device. Users who enable GPC are opted out of: Behavioral tracking and cross-site profiling, Sale or sharing of personal information for targeted advertising. California residents (CCPA/CPRA): Intended does NOT sell or share personal information. "Sharing" means disclosing personal information to third parties for their own commercial purposes, including behavioral advertising. We do not engage in this practice. You can opt out of the sale or sharing of personal information by: Enabling Global Privacy Control in your browser, Selecting "Do Not Sell or Share My Personal Information" in your account settings, Emailing privacy@intended.so with "CPRA Opt-Out" in the subject. Requests are processed within 45 days and do not incur a service fee.
12. Changes to this policy
We may update this Cookie Policy to reflect changes in our practices or applicable law. Material changes will be communicated through the Services or by email. The effective date at the top of this page indicates when the policy was last revised.
13. Contact for cookie and privacy questions
For cookie-related questions, preferences, or to exercise data subject rights related to cookie data: Email: privacy@intended.so Mailing Address: Intended, Inc., 2261 Market Street, San Francisco, CA 94114, USA California residents (CCPA/CPRA): - Right to Access: Request a copy of personal information we hold - Right to Delete: Request deletion of personal information - Right to Opt-Out of Sale/Sharing: Opt out via settings or email - Right to Non-Discrimination: We will not discriminate against you for exercising CCPA/CPRA rights Requests processed within 45 days. For assistance, email privacy@intended.so. EU/UK residents (GDPR): Exercise your rights (access, correction, deletion, portability, objection) by contacting dpa@intended.so.