Cookies Policy

Cookies are small text files placed on your device. Related technologies include localStorage, sessionStorage, and pixels/SDKs. Some cookies are strictly necessary for Site function; others support analytics, marketing, or product improvement.

Cookies may be placed when you visit or interact with the Site. Cloudflare Zaraz and similar technologies deliver essential features, load third-party tools (such as Google Analytics and Meta Pixel), and process payments.

• Essential cookies (security, login, payments) are always set.
• Analytics and marketing cookies may load automatically as part of legitimate interest in improving and promoting services.

You can control cookies via browser settings or privacy tools such as Global Privacy Control (GPC). Blocking essential cookies may prevent sign-in, checkout, or secure access.

A) Essential (strictly necessary)

Used to provide the Site and app securely. Cannot be switched off.

• Session / authentication tokens — keep you signed in (HttpOnly, Secure, CSRF tokens). Retention: session or up to 30 days.
• Security & performance (Cloudflare) — e.g., cf_clearance, __cf_bm for bot management and performance. Retention: 30 minutes – 1 year (vendor-controlled).
• Feature/config cookies — UI preferences, plan gating, language, or A/B assignments. Retention: session to 12 months.
• Payments (Lemon Squeezy Checkout) — cookies set on *.lemonsqueezy.com for payment processing, fraud prevention, checkout state, and VAT compliance. Retention: session to 12 months.

B) Analytics (legitimate interest)

Help understand how the Site is used and improve features.

• Google Analytics 4 — _ga (~2 years), _ga_* (~2 years), _gid (~24h). IP anonymization/region controls used where available.
• (Optional) Hotjar — _hjSessionUser_* (~1 year), _hjSession_* (~30 minutes), for UX insights (not keystrokes/passwords).

C) Marketing (legitimate interest)

Help measure ads and build audiences on external platforms.

• Meta Pixel (Facebook) — _fbp (~3 months) for attribution, audiences, and campaign measurement.

Vendors may be added or changed over time. The list above is illustrative, not exhaustive.

Non-sensitive preferences (UI state) may be stored in localStorage/sessionStorage. Authentication tokens are not stored there; they are kept in secure cookies whenever possible.

• Essential cookies: legitimate interest in delivering a secure, functioning service.
• Analytics & Marketing cookies: legitimate interest in improving, securing, and promoting the Service. Where required by law, continued use may be treated as consent. Non-essential cookies may be disabled anytime via browser or vendor opt-out tools.

Vendors (e.g., Google, Meta, Cloudflare, Lemon Squeezy) may process data in multiple countries. The organization relies on applicable safeguards (e.g., SCCs) as described in the Privacy Policy.

• Browser controls — block or delete cookies in your browser. Blocking essential cookies may break the Site (login, checkout, payments).
• Privacy tools — use Global Privacy Control (GPC) or vendor tools (e.g., Google Analytics Opt-Out Add-on, Meta Ads settings).
• Do Not Track (DNT) — not reliably supported across vendors; browser/GPC settings are relied upon instead.

Non-exhaustive. Cookie names, lifetimes, and purposes may change.

• No warranty — This Policy is provided “as is” and may change as the Site, vendors, or laws evolve.
• Vendor variability — Third-party cookie names, lifetimes, and purposes can change without control; examples are illustrative, not exhaustive.
• Limitation of liability — To the maximum extent permitted by law, liability is disclaimed for indirect or consequential losses from reliance on this Policy. Liability is otherwise limited as set out in the Terms of Service.
• Conflicts — If this Policy conflicts with the Privacy Policy or Terms, the more specific document controls; otherwise, the Terms prevail.

The organization may update this Policy to reflect technology, vendors, or legal changes. Updates will be posted with a new date. Material changes may be notified via the Site. Continued use after updates constitutes acceptance.

Contact: [email protected]