How cookies and similar technologies are used on minimax-m2.com
2025/06/23
Last updated: June 23, 2025
This Cookie Policy describes how the MiniMax-M2 platform available at https://minimax-m2.com ("MiniMax-M2", "we", "us") uses cookies, local storage, and similar technologies on our marketing site, documentation, dashboard, and developer console (collectively, the "Services"). MiniMax-M2 commercialises the MiniMax M2 reasoning model while remaining independent from OpenAI and other upstream providers. This notice supplements our Privacy Policy and is intended to comply with the EU ePrivacy Directive, the UK and EU GDPR, the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), and other applicable regulations.
We do not use advertising identifiers or cross-site tracking pixels.
| Category | Purpose | Legal Basis | Typical Retention | Examples |
|---|---|---|---|---|
| Strictly Necessary | Enables authentication, security logging, load balancing, language detection, and consent records. | Contract / Legitimate Interest | Session to 12 months | m2_session, m2_csrf, __Secure-next-auth.session-token, cf-edge, next-intl-locale, cookie-preferences |
| Functional | Optional cookies that remember console layouts, playground settings, or code snippet preferences. | Consent | Session to 12 months | m2_theme, playground_env, ui_preferences |
| Performance & Analytics | Low-volume telemetry (self-hosted Plausible) to understand API reliability without profiling individuals. | Legitimate Interest (opt-out honoured) | 24 hours – 13 months | _pa_session, _pa_user, plausible_ignore |
| Communications & Billing | Set only if you opt into newsletters or complete a Creem-managed checkout. | Consent / Contract | 30 minutes – 12 months | resend_tracking, newsletter_preferences, creem_session |
| Cookie | Purpose | Retention | Controller |
|---|---|---|---|
m2_session | Maintains authenticated dashboard and API sessions via NextAuth. | Session | MiniMax-M2 |
m2_csrf | Protects account actions against CSRF. | Session | MiniMax-M2 |
__Secure-next-auth.session-token | Edge-compatible session mirror (Cloudflare Worker). | Session | MiniMax-M2 |
next-intl-locale | Remembers language/locale for docs and dashboard. | 12 months | MiniMax-M2 |
cookie-preferences | Records your consent selections to demonstrate compliance. | 12 months | MiniMax-M2 |
cf-edge / vrn-edge | Cloudflare/Vercel routing for uptime and abuse prevention. | Session | Cloudflare / Vercel (Independent Controllers) |
| Provider | Cookies | Purpose | Retention | Legal Basis |
|---|---|---|---|---|
__Secure-1PSID, SAPISID, SID, etc. | Secure Google sign-in with reCAPTCHA risk scoring. | Session – 2 years | Contract performance; Google acts as independent controller. | |
| GitHub | _gh_sess, logged_in, _device_id, dotcom_user | Enables GitHub OAuth, device recognition, and fraud controls. | Session – 1 year | Contract performance; GitHub acts as independent controller. |
Refer to each provider’s privacy notice for more detail.
| Cookie | Purpose | Retention | Legal Basis |
|---|---|---|---|
creem_session | Secure checkout continuity for subscriptions and pay-as-you-go top-ups. | 30 minutes | Contract performance |
creem_csrf | Protects Creem payment forms from tampering. | Session | Contract performance |
creem_customer_id | Associates historical invoices with your MiniMax-M2 workspace. | 12 months | Legitimate interest (billing continuity) |
Creem remains an independent controller for payment cookies (privacy notice: https://creem.io/privacy).
| Cookie | Purpose | Retention |
|---|---|---|
m2_theme | Saves the dashboard dark/light or high-contrast mode. | 12 months |
playground_env | Remembers recent API playground configuration (model, temperature, reasoning toggle). | 6 months |
ui_preferences | Stores per-user console layout, expanded panels, and keyboard shortcut opt-ins. | 6 months |
| Cookie | Purpose | Retention |
|---|---|---|
_pa_session | Session-level telemetry for error rate and latency (self-hosted Plausible, IP anonymised). | 24 hours |
_pa_user | Rotating cohort identifier to study aggregate API usage. | 13 months |
plausible_ignore | Opt-out flag; if set, analytics events are dropped. | Persistent |
| Cookie | Purpose | Retention |
|---|---|---|
resend_tracking | Delivery diagnostics for transactional and optional marketing email powered by Resend. | 30 days |
newsletter_preferences | Stores topics (product updates, research notes). | 12 months |
https://minimax-m2.com/cookie-settings.chrome://settings/siteData, Firefox about:preferences#privacy, Safari Preferences → Privacy → Manage Website Data, Edge edge://settings/content/cookies). Blocking strictly necessary cookies may prevent login, API calls, or billing.Cookies set by trusted sub-processors (Cloudflare, Vercel, Google, GitHub, Creem, Resend) can result in data transfers to the United States, Singapore, and other jurisdictions. Where required, we rely on Standard Contractual Clauses or equivalent safeguards, and we assess vendors for compliance with the EU/UK GDPR and other applicable laws.
We review this policy whenever we deploy new cookie-dependent features or when regulations change. Material updates will be communicated through the cookie banner, dashboard notifications, or release notes. The “Last updated” date reflects the latest revision.
For questions, opt-out requests, or supervisory authority referrals:
EU/UK residents may also contact their local supervisory authority if concerns remain unresolved.