A straightforward explanation of what cookies SkillAI Hub uses, why, and how you can control them.
These cookies are strictly necessary for the platform to function. You cannot opt out of them while using SkillAI Hub.
| Cookie | Purpose | Duration | Flags |
|---|---|---|---|
| next-auth.session-token | Keeps you signed in across page loads. Contains an encrypted JWT session token. | 7 days | HttpOnly, Secure |
| next-auth.state / next-auth.pkce.* | Short-lived cookies used during OAuth sign-in flows (Google, GitHub) to prevent CSRF attacks. | 15 minutes | HttpOnly, Secure |
| next-auth.callback-url | Remembers where to redirect you after a successful sign-in. | Session | Secure |
__Secure- prefix and the Secure flag.SkillAI Hub optionally uses Google Analytics 4 (GA4) to understand how the platform is used — such as which pages are visited, how long sessions last, and general navigation patterns.
| Cookie | Purpose | Duration | Flags |
|---|---|---|---|
| _ga, _ga_* | Google Analytics 4 cookies. Distinguish unique visitors and track session data. | 2 years / 1 year | Analytics |
Analytics is loaded only when NEXT_PUBLIC_ENABLE_GOOGLE_ANALYTICS=true is configured. We also send Core Web Vitals performance metrics to GA4 to monitor platform performance. No personally identifiable information is included in analytics events.
SkillAI Hub uses browser localStorage (not cookies) to save your preferences and progress on your device. This data never leaves your browser and is not sent to our servers.
| Category | What's stored |
|---|---|
| Quiz progress | Your answers and scores for in-progress quizzes |
| Video progress | Playback position, volume, playback speed for course videos |
| Theme & display | Dark/light mode preference, reduced-motion setting |
| Auth intent | Where to return after sign-in, last-used account |
| Dismissed banners | Which notices or tips you have closed |
| Guest sessions | Temporary anonymous session ID for guests |
All keys use the prefix courseai:. You can clear this data at any time via your browser's developer tools (Application → Local Storage → https://skillaihub.app).
Some SkillAI Hub features load content from third parties, which may set their own cookies. We have no control over these cookies.
Course pages embed YouTube videos. When you interact with a video player, YouTube may set cookies to track playback, preferences, and usage.
Subscription and payment pages load Stripe's payment SDK. Stripe uses cookies and device fingerprinting for fraud prevention and session management.
When you sign in with Google or GitHub, those providers may set session cookies on their domains as part of the OAuth flow.
When you sign in, NextAuth.js creates a secure, encrypted session cookie. This cookie is HttpOnly (not accessible to JavaScript) and transmitted only over HTTPS in production. It expires after 7 days of inactivity or when you sign out.
OAuth providers (Google, GitHub, Facebook, LinkedIn) are available for sign-in. The short-lived PKCE and state cookies generated during sign-in expire within 15 minutes and are automatically removed.
You can control cookies through your browser settings. Most browsers let you block, delete, or get notified about cookies:
We want to be transparent about what SkillAI Hub does not do:
If you have any questions about this Cookie Policy or how we handle your data, please get in touch: