Cookie Policy

Last updated: 02 May 2026

1. What are cookies?

Cookies are small text files stored on your device when you visit our website. They allow the site to remember information between pages and visits (for example, your logged-in session). This policy also covers equivalent technologies such as localStorage and sessionStorage, which are governed by the same regulations (Art. 22.2 LSSI-CE).

2. Types of cookies we use

2.1. Strictly necessary cookies

Essential for the service to function. No consent required (Art. 22.2 LSSI-CE).

Name	Provider	Purpose	Duration
sb-access-token	Supabase	Maintains the authenticated user session	1 hour
sb-refresh-token	Supabase	Renews the session without requiring re-login	60 days
__stripe_mid	Stripe	Payment fraud prevention (during checkout only)	1 year
__stripe_sid	Stripe	Secure payment session identification	30 minutes
lexyai_analytics_consent	LexyAi (localStorage)	Remembers your analytics cookie decision	Persistent
theme	LexyAi (localStorage)	Visual theme preference (light / dark)	Persistent

2.2. Analytics cookies (subject to consent)

They help us understand how LexyAi is used in aggregate and anonymised form, to detect errors and improve the product. They are not loaded until you expressly accept the cookie notice and are deactivated as soon as you withdraw consent. We do not record the content of your contracts or any identifying data beyond the opaque internal identifier already used for your account.

Name	Provider	Purpose	Duration
ph_*_posthog	PostHog (EU)	Anonymous browser identifier for usage analytics	1 year
__ph_opt_in_out_*	PostHog (EU)	Analytics consent status for PostHog	1 year

3. Legal basis

Strictly necessary cookies: Art. 6.1.b GDPR (contract performance) and the exception under Art. 22.2 LSSI-CE (no prior consent required).
Analytics cookies: Art. 6.1.a GDPR and Art. 22.2 LSSI-CE — express, free, informed and revocable consent.

4. International transfers

All listed providers process data within the European Economic Area (EEA). PostHog is used on its European instance (eu.i.posthog.com), Supabase in its European region, and Stripe has European Commission standard contractual clauses for any residual flows outside the EEA.

5. Managing your consent

Your decision on analytics cookies can be revoked at any time. Current status: pending.

6. Browser-level blocking

You can also configure your browser to block or delete cookies. Note that disabling strictly necessary cookies (Supabase) will prevent access to your account and the service. Instructions vary by browser:

Chrome: Settings → Privacy and security → Cookies
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Privacy, search, and services → Cookies

7. Changes to this policy

If in the future we add new types of cookies or change providers, we will update this page and, where necessary, ask for your consent again. The last updated date appears at the top of this document.