Cookie & Tracking Notice.
Last updated: 2026-06-25
LifeSage LLC, a Washington limited liability company operating under the "Karta" brand ("Karta," "we," "us"), provides a business platform on which customers ("Customers") build, deploy, and host AI agent applications for their own end users. This Cookie & Tracking Notice (this "Notice") explains how Karta uses cookies, local storage, pixels, and similar technologies (collectively, "cookies") on Karta's marketing websites, documentation, customer dashboard, billing pages, and related first-party web surfaces (the "Karta Sites"). Capitalized terms not defined here have the meanings given in the Karta Privacy Policy and the Karta Terms of Service.
This Notice addresses only Karta's own use of cookies on the Karta Sites. It does not govern cookies, local storage, or other tracking technologies deployed by Customers on their own websites, applications, or agent experiences, including where a Customer embeds a Karta agent surface (see Section 5).
1. Current Posture
Karta currently uses cookies and similar technologies on the Karta Sites only for strictly necessary purposes, such as authentication, session security, CSRF protection, abuse prevention, fraud prevention, rate limiting, and payment checkout support.
Karta does not currently use advertising cookies, retargeting pixels, cross-site or cross-context tracking cookies, social-media tracking widgets, or third-party marketing trackers on the Karta Sites, and Karta does not sell or share personal information for cross-context behavioral advertising or use personal information for targeted advertising. Because the Karta platform is offered for business and developer use only and the Karta Sites are not directed to consumers, families, or children, Karta does not knowingly use the Karta Sites to collect information from any individual under 18.
2. Strictly Necessary Cookies
Strictly necessary cookies keep users signed in, protect sessions, prevent CSRF, secure checkout, and help detect abuse. These cookies are exempt from consent requirements under applicable law because they are essential to deliver a service the user has requested, and they cannot be disabled through Karta controls because the Karta Sites cannot function securely without them. You may block or delete cookies through your browser, but doing so may prevent sign-in, dashboard use, or checkout. Allocation of liability for use of the Karta Sites is governed by the Karta Terms of Service.
The strictly necessary cookies and similar technologies used on the Karta Sites fall into the following categories:
| Cookie / family | Purpose | Party | Type / approximate retention |
|---|---|---|---|
| Karta session cookie | Keeps the user signed in; maintains session state | First-party (Karta) | Session or short-lived persistent (typically up to ~30 days) |
| CSRF / session-integrity tokens | Prevents cross-site request forgery; protects session integrity | First-party (Karta) | Session |
| OAuth state / nonce | Secures the sign-in flow | First-party (Karta) | Transient (cleared after sign-in) |
| Stripe checkout / fraud-prevention cookies | Enables and secures checkout; prevents payment fraud on billing pages | Third-party (Stripe) | Per Stripe; session and persistent (see Stripe's cookie/privacy notice) |
Cookies set by Karta's payment processor, Stripe, on billing pages in the checkout context are third-party cookies governed by Stripe's own cookie and privacy notices. Cookie names and exact storage lifetimes may change as Karta updates the Karta Sites; the categories, purposes, and approximate retention described in this Notice continue to apply.
3. Security and Abuse Signals
Karta may use device, browser, IP, origin, rate-limit, and request signals to protect accounts, Credits, Agents, embeds, and platform integrity. Karta uses these signals for security and abuse prevention, not for advertising, profiling, or cross-site tracking. Where consent is not required because these signals are strictly necessary to provide a service the user has requested, Karta processes them on the basis of its legitimate interests (and, where applicable, its legal obligations) in securing the Karta Sites and preventing fraud and abuse.
4. Analytics
Karta does not use analytics cookies on the Karta Sites. Karta uses Plausible, a cookieless, privacy-preserving analytics tool, to understand aggregate usage of its public documentation and marketing site; Plausible sets no browser cookies and does not track users across sites. Karta's public documentation site is delivered through Cloudflare's content-delivery and TLS edge, which processes site-visitor connection data such as IP address in order to deliver and secure the site. These website-infrastructure and analytics providers are identified in the Sub-processor List and the Privacy Policy. Karta does not use advertising or cross-site tracking technologies. If Karta later adopts analytics or other technologies that set non-essential cookies or require consent or an opt-out under applicable law, Karta will provide any notice and controls required by applicable law before enabling them (see Section 7).
5. Customer Agents and Embeds
As between Karta and the Customer, the Customer is responsible for all cookies, local storage, analytics, pixels, tracking technologies, and consent or preference mechanisms present on the Customer's own websites, applications, products, and agent experiences, including any surface on which the Customer embeds or links to a Karta agent. As between the parties, and without limiting Karta's own obligations as a processor or service provider under the Data Processing Agreement and applicable law, the Customer is responsible for providing all legally required cookie and tracking notices to, and obtaining all legally required consents and opt-outs from, its own end users on its own surfaces, and for honoring those end users' choices. The Customer represents and warrants that it has, and will maintain, all rights, notices, consents, and authorizations necessary for any cookies, tracking, or processing on its surfaces, and Karta may rely on the Customer's compliance with these obligations. Karta does not control, and is not responsible for, the Customer's surfaces or any third-party cookies or trackers the Customer or its end users place or encounter there.
Karta's embeddable widget and hosted agent surfaces may use first-party cookies or local storage strictly necessary to establish and maintain the agent session, security, and integrity of the interaction; they do not deploy Karta advertising or cross-site tracking cookies. The Customer's deployment, configuration, and disclosure obligations are governed by the Customer's agreement with Karta (including the Data Processing Agreement, under which the Customer is the controller and Karta is the processor for End-User Data). The Customer's indemnification and compliance obligations under that agreement apply to its handling of cookie and tracking disclosures and consents.
6. Your Choices
You can control cookies through your browser settings, including by blocking or deleting cookies. Blocking strictly necessary cookies may prevent sign-in, dashboard use, or checkout. Because the cookies on the Karta Sites are strictly necessary, Karta does not provide, and is not obligated to provide, a consent manager, cookie banner, or other granular in-product cookie controls on the Karta Sites beyond the browser-level controls described here.
Because Karta does not sell or share personal information, does not use personal information for cross-context behavioral advertising or targeted advertising, and does not use advertising cookies on the Karta Sites, no opt-out (including via Global Privacy Control or any other opt-out-preference signal) is required to be exercised on the Karta Sites. If that ever changes, Karta will honor opt-out-preference signals to the extent required by applicable law.
Do Not Track. Web browsers may offer a "Do Not Track" ("DNT") setting. Because there is no common industry standard for how to interpret DNT signals, the Karta Sites do not currently respond to DNT signals.
7. Changes
Karta may update this Notice from time to time to reflect changes in its technologies, practices, or legal requirements. Karta will post the updated Notice with a revised "Last updated" date. Changes that introduce non-essential cookies or tracking technologies requiring consent or an opt-out under applicable law will not take effect until Karta has provided any notice and obtained any consent required by applicable law; other changes take effect when posted. Karta may make changes that take effect immediately where necessary to address a security, fraud-prevention, or legal-compliance requirement. This Notice is informational and does not by itself create contractual obligations; nothing in it substitutes for the cookie consent that applicable law requires before any non-essential cookie is set.
8. More Information; International Transfers
This Notice supplements, and should be read together with, the Karta Privacy Policy (which describes how Karta handles account, billing, dashboard, support, and other platform-administration data as a controller) and the Data Processing Agreement (which governs End-User Data processed through a Customer Agent, for which the Customer is the controller and Karta is the processor). Those documents describe applicable data-retention periods, data-subject rights (including the right to lodge a complaint with a competent supervisory authority), Karta's subprocessors, and the safeguards Karta uses for international data transfers, including the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss adaptations to the Standard Contractual Clauses. The Karta Sites are served from Karta's control-plane infrastructure, which is hosted in the United States. Because LifeSage LLC and its hosting are located in the United States, data collected through cookies on the Karta Sites is processed in the United States. The Karta Privacy Policy is the canonical source for the identity of Karta's controller entity and any appointed EU/UK representative.
9. Order of Precedence; General
This Notice is informational and is intended to be read together with the Karta Terms of Service, the Karta Privacy Policy, and the Data Processing Agreement. In the event of any conflict between this Notice and those agreements, the Terms of Service (including its limitation-of-liability provisions) and the Data Processing Agreement govern with respect to the subject matter they address. Section headings are for convenience only and do not affect interpretation. If any provision of this Notice is held unenforceable, the remaining provisions remain in full force and effect.
Contact
Questions about this Notice: privacy@karta.sh, or LifeSage LLC, 600 1st Ave Ste 102, PMB 2132, Seattle, WA 98104, USA. EU/UK data subjects may exercise their rights and lodge complaints as described in the Karta Privacy Policy.