Cookie policy

We keep cookies to the minimum needed to run the service - and we don't put a banner on the site to ask permission for things we never do.

Strictly necessary

• lls_session - your sign-in session. HttpOnly, Secure, SameSite=Strict. Lifetime 14 days.
• _csrf_secret (in-session, server-side) - anti-CSRF token; not exposed to JavaScript.

What we don't set

• No analytics cookies. We don't run Google Analytics, Mixpanel, Plausible or any other analytics tag.
• No advertising cookies. We don't run retargeting pixels.
• No third-party tracking on the public marketing site. Server-side only.
• No fingerprinting.

Other site visitors

If you install our crawler-tracking snippet on your own site, we record AI bot visits (user-agent + IP + path). We do not set cookies on your visitors and we do not collect data on your human visitors.

Theme preference

The light/dark theme toggle stores your choice in localStorage. That's a browser feature, not a cookie, and it never reaches our server.