Legal
Cookie Policy
Last updated:
This Cookie Policy explains how MindsDB (“we,” “us,” or “our”) uses cookies and similar technologies on mindshub.ai. It should be read together with our Privacy Notice.
1) What are cookies and similar technologies?
Cookies are small text files stored on your device by your browser. Similar technologies include local storage entries, scripts, SDKs, and device identifiers used to operate our site, understand usage, and (where you allow it) measure advertising performance.
This site uses a small number of first-party cookies and one localStorage entry. No third-party tracking SDKs or pixels load in your browser. Analytics and ads-measurement happen server-to-server from our infrastructure to each platform.
2) Categories of cookies and similar technologies we use
- Strictly necessary. A small
mh-consententry (localStorage + a same-name cookie) that remembers your banner choice so we don’t prompt you again. Always on — you can’t opt out of this without breaking the banner. - Analytics (audience measurement). Anonymous, first-party measurement of which pages are viewed and which calls-to-action are clicked — a visitor cookie (
mh_id), a short session cookie (__mhss), and, where we set no cookie, a cookieless daily hash. Sent server-to-server to PostHog; no PostHog script or cookie runs in your browser. In opt-in regions this runs only as far as the audience-measurement exemption allows until you accept, and cross-site linking (betweenmindshub.aiandconsole.mindshub.ai) waits for your consent. - Marketing measurement. Click-ID identifiers (such as
gclid,gbraid,wbraid,twclid,li_fat_id) captured from inbound URLs and stored in a first-party cookie so we can attribute later conversions back to the original ad click — sent server-to-server to each ad platform’s Conversions API. Only with your consent (or, in opt-out regions, until you opt out).
We do not use cookies for targeted advertising profile-building, cross-site behavioral tracking, fingerprinting, or session replay.
3) Regional consent approach
Our consent posture adapts to your location and the privacy law that applies.
- Opt-out regions (e.g. the United States, most of Canada, Australia, Japan). Analytics and marketing measurement are on by default, with a footer link to opt out at any time — labeled Your Privacy Choices in the US and Privacy choices in other opt-out regions. We honor Global Privacy Control (GPC) worldwide as an automatic opt-out.
- Opt-in regions with an audience-measurement exemption (the EU/EEA, Brazil, Switzerland). Until you choose in the banner, we run only first-party, single-site, anonymous audience measurement (a host-only visitor cookie + a short session cookie, shared with no one) under that exemption. Cross-site linking and marketing measurement stay off until you opt in.
- Strict opt-in regions (e.g. the UK, South Korea, India, the province of Quebec in Canada, and — as our default — any region we can’t confirm qualifies for a more permissive basis, i.e. the rest of the world). No analytics cookie is set until you opt in; before that we count visits with a cookieless, privacy-preserving daily hash (no cookie, nothing stored on your device, not reversible).
- Hard opt-out (GPC, or an explicit “reject” / “opt out”). No analytics cookie and no marketing; we count the visit only via the cookieless hash, with no cross-site linking.
The applicable region is determined from your IP address (and, where available, your sub-national region) via Cloudflare. If your region can’t be determined we default to the strict opt-in posture — the most protective. The exact rules per jurisdiction are maintained in our configuration and reviewed with counsel.
4) Your choices
- Cookie preferences (opt-in regions) — open the preferences modal via the footer link to enable or disable analytics and marketing measurement at any time.
- Your Privacy Choices (US) / Privacy choices (other opt-out regions) — open the opt-out modal via the footer link to opt out of analytics and ad-performance measurement.
- Global Privacy Control (GPC) — supported in Brave, Firefox (when enabled), DuckDuckGo, and several other browsers and extensions. We treat
Sec-GPC: 1as an immediate opt-out from analytics and marketing measurement on every request, regardless of region. - Browser settings — most browsers let you block or delete cookies. Blocking the strictly-necessary cookie may cause minor parts of the site to behave unexpectedly.
5) Targeted advertising and “sharing” (US)
We do not “sell” personal information for money. Where you have not opted out, we may share identifiers (such as the ad-click ID and an IP-derived approximate location) with our advertising partners by sending events to their server-side Conversions APIs, so that we can measure which ad campaigns drove visits and conversions. In the US you can opt out via the Your Privacy Choices footer link or by enabling GPC in your browser. For our broader data practices and your rights, see the Privacy Notice.
6) Cookies and similar technologies (the actual list)
The table below lists every item set in your browser by this site, plus the server-side platforms that receive data on our behalf.
| Name | Type | Category | Purpose | Retention |
|---|---|---|---|---|
mh_id | First-party cookie · Secure · SameSite=Lax (shared across *.mindshub.ai only with consent or in opt-out regions; host-only in EU/EEA-style exemption regions; not set in strict opt-in regions) | Analytics | Anonymous visitor identifier. Measures traffic on this site and — once you consent to analytics, or by default in opt-out regions — links your visit across mindshub.ai and console.mindshub.ai (both ours) so we can understand the sign-up journey as one product. In exemption regions (EU/EEA, Brazil, Switzerland) it stays host-only (this site only) until you accept; in strict opt-in regions — including our rest-of-world default and Quebec — it isn’t set at all until you accept (we use the cookieless hash below); opting out / GPC keeps it host-only or off. First-party; never shared with third parties. | 90 days |
__mhss | First-party cookie · HttpOnly · Secure · SameSite=Lax | Analytics | Anonymous session identifier; groups a visit’s pageviews into one session for aggregate session count and duration. First-party audience measurement only — never shared. Not set in strict opt-in regions until you consent. | 30 minutes (sliding — resets while you’re active) |
| (cookieless hash) | No cookie — a server-side hash of IP + browser + a daily-rotating salt that is then discarded | Analytics | Counts unique visitors per day without storing anything on your device, where we deliberately set no cookie (strict opt-in regions before consent — now including our rest-of-world default and Quebec — and opt-outs). The daily salt is thrown away, so the hash can’t be traced back to you. | Salt discarded daily; not reversible |
__mhc | First-party cookie · HttpOnly · Secure · SameSite=Lax | Marketing measurement | Persists ad-click IDs (e.g. gclid, gbraid, wbraid, twclid, li_fat_id, rdt_cid) so we can attribute later conversions to the original click. Only set when marketing measurement is on. | 30 days |
mh-consent | localStorage entry + first-party cookie of the same name | Strictly necessary | Remembers your cookie-banner choice so we don’t prompt again. The cookie is the server-readable mirror of the localStorage value. | Until you clear browser storage or change your choice |
| PostHog | No client-side cookie | Analytics | Events flow server-to-server from our infrastructure to PostHog. No PostHog SDK runs in your browser. | n/a |
| Google Ads, X / Twitter Ads, LinkedIn Ads | No client-side cookie | Marketing measurement | Conversion attribution is sent server-to-server via each platform’s Conversions API. No ad-platform pixels are loaded in your browser. | n/a |
Forms. When you submit a form on this site (for example, our contact or newsletter forms), the information you enter is sent server-side to our customer-relationship management (CRM) provider and stored there — no cookies are involved. See our Privacy Notice for how we handle information you submit.
7) Retention
Cookies have different lifetimes. The retention column above lists each item’s lifetime. Some entries are session-scoped and disappear when you close your browser; the items used here are persistent but have explicit Max-Age values that limit how long they live.
8) Updates to this Cookie Policy
We may update this policy to reflect changes to our technologies, partners, or legal requirements. When we do, we update the Last updated date at the top of this page; for material changes we provide additional notice where required.
9) Contact us
MindsDB Legal address: 3277 S White Rd PMB 10166, San Jose, CA 95148, USA Data Protection Officer: Adam Carrigan — [email protected]
If you have questions about this Cookie Policy, contact us at [email protected].
Accessibility
We aim to make our cookie controls keyboard- and screen-reader-accessible. If you need help managing your settings, please contact [email protected].