Cookie Policy

1. What are cookies

Cookies are small text files placed on your device by a website or application. They are widely used to make websites work efficiently, provide a better user experience, and give site operators information about how the site is being used. Cookies can be "session" cookies (deleted when you close your browser) or "persistent" cookies (remain on your device for a set period or until you delete them).

2. Consent and cookie management

We classify cookies into the following categories:

(a) Strictly Necessary: These cookies are essential to site function (session management, CSRF protection, authentication). They do NOT require prior consent under GDPR, TTDSG, or CASL. These include: intended_portal_session (Customer session identifier, 30 days), intended_backoffice_session (Staff session identifier, 30 days), intended_csrf (CSRF token, session-scoped), intended_cookie_consent (Your consent preferences, 1 year), intended_consent_session (Consent audit-log identifier, 1 year).

(b) Functional: These cookies improve user experience but are not strictly necessary. They require prior opt-in consent. These include: intended_prefs (Theme, timezone, language preferences).

(c) Analytics: We do not currently set analytics cookies. As of the Last Updated date, Intended does not use Google Analytics or any other third-party analytics cookies. If we introduce analytics cookies in the future, they will require prior opt-in consent, will be added to the cookie table below, and the provider will be disclosed in our Subprocessor List before activation.

We operate a consent banner that allows you to review and manage your cookie preferences. If you have disabled non-essential cookies, only strictly necessary cookies will be set. You can manage your preferences at any time in your [Account Settings → Privacy & Cookies] or by clicking "Cookie Preferences" in the footer.

3. Cookies we use

As of the Last Updated date of this policy, Intended does not set analytics or marketing cookies on the Intended website. Intended may enable such cookies in the future; when enabled, they will only be set after obtaining your opt-in consent via the cookie preference center, and any new third-party providers will be disclosed in our Subprocessor List at least 30 days before activation.

4. Cookie table

The following table describes the cookies used by Intended. All cookies are strictly necessary or functional and are first-party (intended.so only). We do NOT set analytics or third-party tracking cookies (e.g., Google Analytics, Facebook Pixel, LinkedIn Insight, Twitter).

5. Analytics and cross-context isolation

As of the Last Updated date, Intended does not use Google Analytics or any other third-party analytics tool, and does not set analytics cookies. We do not track visitor behavior such as scrolling, time-on-page, or conversion funnels through third-party analytics services.

CROSS-CONTEXT ISOLATION: Intended maintains a strict separation between intended.so (marketing website) and apps.intended.so (console). We do NOT link, combine, or cross-reference data between these contexts, between visitors and logged-in customers, or between marketing touchpoints and product usage, for profiling or targeting purposes. Each domain maintains separate data, retention schedules, and access controls. If Intended introduces analytics in the future, it will be configured to preserve this cross-context isolation, will require opt-in consent, and will be disclosed in the cookie table and Subprocessor List before activation.

6. Withdrawing consent

You can withdraw or modify your cookie preferences at any time by:

• Clicking 'Cookie Preferences' in the site footer
• Visiting your Account Settings → Privacy & Cookies
• Using your browser's cookie settings to block all cookies (we will not block you from using the site, but some features may not work)
• Withdrawing consent does NOT affect strictly necessary cookies (session, CSRF), which are required to keep you logged in. Withdrawing consent deletes functional cookies (and any analytics cookies, should they be introduced) within 24 hours.
• Your consent choice is saved in the intended_cookie_consent store (expires 1 year). You can update it at any time.

7. Third-party cookies

Intended does not use third-party cookies. We do not embed third-party advertising networks, social media tracking pixels, or cross-site analytics tools. Runtime integrations such as the OpenShell / NemoClaw reference integration do not introduce third-party cookies into the Intended website or console surfaces.

8. How to manage cookies

You can manage cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored on your device and delete them individually or in bulk
• Block all cookies or only third-party cookies
• Configure cookie settings on a per-site basis
• Set your browser to notify you when a cookie is being set

9. Browser-specific instructions

To manage cookies in your browser, consult your browser's help documentation:

• Chrome: Settings > Privacy and security > Cookies and other site data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Edge: Settings > Cookies and site permissions > Manage and delete cookies

10. Impact of disabling cookies

Because Intended uses only strictly necessary cookies for core functions, disabling them may prevent the Services from functioning correctly. Specifically, disabling cookies may prevent you from logging in, maintaining an authenticated session, or retaining your UI preferences. The Intended API (used by SDKs and CLI tools) does not rely on cookies and uses API key authentication instead.

11. Global privacy control and CPRA

Intended respects Global Privacy Control (GPC) signals sent by your browser or device. Users who enable GPC are opted out of: Behavioral tracking and cross-site profiling, Sale or sharing of personal information for targeted advertising.

California residents (CCPA/CPRA): Intended does NOT sell or share personal information. "Sharing" means disclosing personal information to third parties for their own commercial purposes, including behavioral advertising. We do not engage in this practice.

You can opt out of the sale or sharing of personal information by: Enabling Global Privacy Control in your browser, Selecting "Do Not Sell or Share My Personal Information" in your account settings, Emailing privacy@intended.so with "CPRA Opt-Out" in the subject.

Requests are processed within 45 days and do not incur a service fee.

12. Changes to this policy

We may update this Cookie Policy to reflect changes in our practices or applicable law. Material changes will be communicated through the Services or by email. The effective date at the top of this page indicates when the policy was last revised.

13. Contact for cookie and privacy questions

For cookie-related questions, preferences, or to exercise data subject rights related to cookie data:

Email: privacy@intended.so Mailing Address: Intended, Inc., 2261 Market Street, San Francisco, CA 94114, USA

California residents (CCPA/CPRA): - Right to Access: Request a copy of personal information we hold - Right to Delete: Request deletion of personal information - Right to Opt-Out of Sale/Sharing: Opt out via settings or email - Right to Non-Discrimination: We will not discriminate against you for exercising CCPA/CPRA rights

Requests processed within 45 days. For assistance, email privacy@intended.so.

EU/UK residents (GDPR): Exercise your rights (access, correction, deletion, portability, objection) by contacting dpa@intended.so.