Cookie Policy
Effective date: [EFFECTIVE_DATE]
This Cookie Policy explains how [COMPANY_LEGAL_NAME] uses cookies and similar storage technologies on the [PRODUCT_NAME] website and product. It supplements our Privacy Policy.
TL;DR
- We use the smallest practical set of cookies and local storage.
- We do not use advertising or third-party tracking cookies.
- We do not sell or share data via cookies.
- All strictly-necessary cookies are used for authentication, security, and remembering your preferences within the product.
What are cookies?
A cookie is a small text file stored by your browser. Local storage is a similar in-browser store accessible to web applications. We use the term "cookies" to cover both in this policy.
The cookies we use
Strictly necessary
| Name | Set by | Purpose | Duration |
|---|---|---|---|
sb-access-token | [PRODUCT_NAME] / Supabase | Authentication — keeps you signed in | Session, refreshed automatically |
sb-refresh-token | [PRODUCT_NAME] / Supabase | Refreshing the auth session | 30 days |
lumi-tutor-ui-prefs (local storage) | [PRODUCT_NAME] | Remembers your selected child profile, last tutor mode | Until you clear browser data |
| CSRF token | [PRODUCT_NAME] | Cross-site request forgery protection | Session |
These cookies are essential to the operation of the Service. Without them, the Service cannot keep you signed in or protect against common attacks. Under EU/UK law, strictly-necessary cookies do not require consent.
Functional (with consent where required)
We currently do not set any functional cookies that require separate consent. If we add any in the future (e.g., to remember a "dark mode" preference between devices), we will list them here and request consent where the law requires it.
Analytics
We currently do not use any third-party analytics service. We may use privacy-respecting first-party analytics (e.g., aggregated counts of page views) to operate the Service. If we adopt a third-party analytics provider, we will update this list and obtain consent where required.
Advertising / tracking
None. We do not use advertising or cross-site tracking cookies. We do not allow third parties to advertise inside our product.
Cookies from third parties
The third parties used to run the Service may set their own cookies on pages that load their components:
- [PAYMENT_PROVIDER, e.g., Stripe] — for fraud prevention on payment pages. Their cookie policy applies.
We do not embed advertising trackers, social-media tracking pixels, or analytics scripts on pages that children see.
Managing cookies
Most browsers allow you to refuse, delete, or block cookies. Refusing strictly-necessary cookies will prevent you from using the Service.
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Settings → Privacy → Manage Website Data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Edge: Settings → Privacy, search, and services → Cookies and site permissions
Do Not Track
We honour the global privacy control ("Sec-GPC") signal where required. Because we don't engage in cross-context tracking, this has limited additional effect on our Service.
Changes
If we change which cookies we use, we will update this policy. Material changes will be announced in-product.
Contact
[PRIVACY_EMAIL]