Cookies Policy
Effective date: 15 June 2026 · Last updated: 15 June 2026
The short version
- The desktop app uses no cookies. ZSearch on macOS or Windows does not set, read, or store browser cookies. It is a local-first application.
- The website (zsearch.ai) uses a small number of first-party cookies strictly needed to keep you logged in and protect the site from abuse.
- No third-party advertising cookies. We do not run ad networks. We do not use social-media tracking pixels.
- You can disable cookies in your browser. Strictly-necessary cookies are required for login to work; analytics cookies can be declined without affecting the rest of the site.
- Questions? admin.services@zsearch.ai
About this policy
This Cookies Policy explains how PYKS Pty Ltd (ACN 664 035 438) — the company behind ZSearch — uses cookies and similar technologies on the marketing website at zsearch.ai and on supporting services such as the licence portal and Stripe checkout.
It complements our Privacy Policy, which describes how we handle personal information more broadly.
What cookies are
A cookie is a small text file a website asks your browser to store on your device. When you return, the browser sends the cookie back so the site can recognise you — for example, to keep you signed in or remember a preference.
Similar technologies include local storage, session storage, and service-worker caches. Where we use these, we treat them with the same rules as cookies and describe them in the table in section 4.
The ZSearch desktop application
ZSearch on macOS and Windows is a local-first application. It does not embed an external web browser for its own UI; it does not set, read, or transmit cookies; it does not include third-party advertising SDKs or analytics SDKs.
Cookies on zsearch.ai
The marketing website at zsearch.ai uses the following categories of cookies. We minimise what we set and prefer first-party cookies wherever practical.
4.1 Strictly necessary cookies
These are required for the site to work. You cannot opt out of them without breaking core functionality.
| Cookie | Purpose | Lifetime |
|---|---|---|
| zsch_session | Keeps you signed in once you log in to your account / licence portal. | Session (cleared when the browser closes) or up to 30 days if you choose "keep me signed in". |
| zsch_csrf | Cross-site request forgery token — protects forms (login, signup, billing) from forged submissions. | Session. |
| __Host-next-auth.* | Authentication state used by the Next.js auth layer. | Session. |
4.2 Functional cookies
These remember preferences that improve the experience but are not strictly required. You can decline them via your browser settings.
| Cookie | Purpose | Lifetime |
|---|---|---|
| zsch_theme | Remembers your light/dark theme preference across visits. | 1 year. |
| zsch_dismissed_banner | Remembers which announcement banners you have dismissed so they do not reappear. | 90 days. |
4.3 Analytics cookies
If enabled, these help us understand which pages are visited and which devices and browsers our visitors use. We use aggregate analytics only; we do not build individual visitor profiles or sell data to advertising networks.
| Source | Purpose | Lifetime |
|---|---|---|
| First-party page metrics (Vercel Web Analytics) | Anonymous page-view and Core Web Vitals data. No cross-site tracking; no IP address stored. | Session-level; aggregated for reporting. |
4.4 Marketing cookies
We do not use marketing cookies. We do not embed Facebook Pixel, Google Ads tags, LinkedIn Insight, TikTok Pixel, or comparable ad-network trackers on zsearch.ai. We do not retarget visitors with ads on third-party platforms.
Third-party cookies you may encounter
Some flows on the site briefly hand off to third-party services. While the third-party page is open, that provider may set their own cookies under their own privacy and cookie policies.
| Provider | When it appears | Why |
|---|---|---|
| Stripe | On the checkout and customer-portal pages. | Stripe sets cookies to detect fraud, remember your payment session, and process the transaction. See stripe.com/cookies-policy/legal. |
| GitHub | If you sign in with GitHub OAuth. | GitHub sets authentication cookies during the OAuth handshake. See github.com/site/privacy. |
| Cloudflare | On any page protected by Cloudflare bot management. | A first-party cf_clearance cookie may be set to confirm your browser passed a security check. |
We do not control these third-party cookies. If you want to opt out, please refer to the respective provider's privacy notice.
Managing your cookie preferences
You can control cookies in several ways:
- Browser settings. Every major browser lets you block or delete cookies. Look for “Privacy” or “Site permissions”. Note that blocking strictly necessary cookies will break login.
- Browser private / incognito mode. Cookies set during a private session are cleared when the session ends.
- Cookie banner. Where required by local law, the site shows a banner that lets you accept or decline analytics cookies before any are set.
For step-by-step instructions, see your browser's help page: Chrome, Firefox, Safari, Edge.
Do Not Track and Global Privacy Control
Some browsers send a Do Not Track (DNT) header or a Global Privacy Control (GPC) signal. We honour GPC where applicable law requires (notably under the California Consumer Privacy Act): when a GPC signal is received we treat it as an opt-out request for analytics cookies and any sale or share of personal information.
The DNT signal is non-standard and unreliably interpreted across the industry. We do not use behavioural advertising regardless of whether DNT is sent, but treat the presence of DNT as a strong preference signal where reasonable.
Legal bases for setting cookies
Where the GDPR / UK GDPR applies, our legal bases are:
- Strictly necessary cookies (section 4.1) — legitimate interest in operating a secure, functioning site you have asked to use. No consent required under the EU ePrivacy Directive.
- Functional cookies (section 4.2) — consent collected via the cookie banner. You can withdraw consent at any time by clearing cookies in your browser.
- Analytics cookies (section 4.3) — consent collected via the cookie banner. You can decline without losing access to the site.
Changes to this policy
We may update this Cookies Policy as the site changes — for example, if we add a new analytics provider or remove an existing cookie. The “Effective date” at the top reflects the most recent version. Material changes will be highlighted on the cookie banner when you next visit.
Contact
PYKS Pty Ltd
11 Throsby Court
Endeavour Hills, Victoria 3802
Australia
This document describes the cookie practices of PYKS Pty Ltd on zsearch.ai and supporting services. It is provided for informational purposes and does not constitute legal advice. If the list of cookies above ever drifts from what the site actually sets, the actual behaviour of the site controls and we will correct the document.