Cookie Policy
1. About this Cookie Policy
This Cookie Policy explains how Limbix (“Limbix”, “we”, “us”, “our”) uses cookies and similar technologies when you visit limbix.app, use the Limbix web application, or interact with our marketing emails. It supplements our Privacy Policy and should be read together with it.
This Policy tells you what these technologies are, why we use them, what categories of cookie we set, and the rights and choices you have to control them.
We use cookies to keep you logged in, remember your preferences, and understand how the product is used so we can improve it. We never use advertising cookies. We never sell data collected via cookies. In the EU you can choose which optional cookies to allow; outside the EU you can opt out at any time from Settings → Privacy & Data.
2. What are cookies, and what are similar technologies?
A cookie is a small text file that a website stores on your browser when you visit. Cookies allow the website to recognize your browser on subsequent visits, remember information you have provided (like a logged-in session), and collect information about how you use the site.
“Similar technologies” we may use include:
- Local storage and session storage: browser features that store data locally on your device, similar in purpose to cookies.
- Pixels and tracking images: tiny 1x1 images embedded in web pages or emails that allow us to record that a page was loaded or an email was opened.
- Server-side identifiers: short-lived hashed identifiers stored on our backend that map to your session without writing a cookie.
Where this Policy refers to “cookies”, it covers all of the above unless context indicates otherwise.
3. Why we use cookies
We use cookies for the following purposes:
- Authentication:
Keeping you logged in across sessions, and preventing cross-site request forgery.
- Preferences:
Remembering your theme (light/dark), language, locale, and number-format choices.
- Security:
Detecting suspicious activity, brute-force attempts, and unauthorized session use.
- Performance:
Routing requests through the closest content delivery node, and balancing load across servers.
- Analytics:
Understanding which features are used, where users drop off, and what to improve. Pseudonymized via a stable opaque ID.
- Support:
Recognizing you if you open the in-app chat widget, so the support agent has context.
We do NOT use cookies for advertising, retargeting, cross-site behavioral profiling, or selling data to third parties.
4. Categories of cookie we use
Cookies are typically organized into four categories. Below is what we set in each, with the names, providers, durations, and types.
4.1 Strictly necessary cookies
These cookies are essential for the Service to function. Without them, you cannot log in, complete forms, or use the app at all. They cannot be disabled. They do not store any information you have not actively given us.
4.2 Preference cookies
Preference cookies remember choices you make to give you a better, more personalized experience. They are not strictly necessary, but disabling them means you will have to re-set your preferences every time.
4.3 Analytics cookies
Analytics cookies help us understand how the Service is used so we can improve it. They are pseudonymized — they identify a browser session via an opaque stable ID, not your name or email.
If you are in the EU, EEA, or UK, these cookies are loaded only after you grant consent via our cookie banner. You can change your consent any time at Settings → Privacy & Data → Cookie preferences. If you are outside the EU/EEA/UK, these cookies load by default and you can opt out at any time from the same screen.
4.4 Marketing & advertising cookies
We do NOT use marketing or advertising cookies. We do not run ads on limbix.app. We do not embed third-party ad pixels. We do not share data with advertising networks for cross-site retargeting.
If we ever introduce advertising or marketing cookies, we will update this Policy in advance, notify you, and (where required) request consent before any such cookie is set.
5. Tracking in our emails
We use a tracking pixel in our marketing emails to detect when the email was opened, and link-wrapping to detect which links were clicked. This helps us understand what content is useful and stop sending you what isn't.
Email tracking is only present in marketing emails — never in transactional emails (password reset, billing receipts, security alerts). You can:
- Unsubscribe from marketing emails using the link in any email footer.
- Turn off image loading in your email client to neutralize the tracking pixel.
- Manage marketing preferences in Settings → Notifications.
6. How to control cookies
6.1 In-app cookie banner
On your first visit to limbix.app, you see a cookie banner with three options: Accept all, Reject optional, or Manage preferences. Your choice is remembered for 12 months. You can change it any time at the bottom of any page or in Settings.
6.2 Browser-level controls
Most browsers let you view, block, and delete cookies. Look in your browser's settings for “Privacy”, “Cookies”, or “Site data”.
- Chrome: support.google.com/chrome/answer/95647
- Firefox: support.mozilla.org/kb/clear-cookies-and-site-data-firefox
- Safari: support.apple.com/guide/safari/manage-cookies-sfri11471
- Edge: support.microsoft.com/microsoft-edge
6.3 Do Not Track and Global Privacy Control
Limbix honors the Global Privacy Control (GPC) signal where required by law. If your browser sends a GPC header on a request, we treat it as an opt-out of any optional cookies and a request to share no data.
We do not currently respond to the older “Do Not Track” header, because there is no shared industry standard for what it means. We rely on the cookie banner and GPC instead.
6.4 Effect of disabling cookies
If you block all cookies, you will not be able to log in, complete checkouts, or use secure form features. If you block optional cookies, the core Service works normally, but you will re-set preferences on each visit and will not appear in usage statistics.
7. Third-party cookies and providers
Some of the cookies listed in §4 are set by third-party services we use to operate the Service. The providers are listed below. Each acts as our processor under a written agreement; they cannot use the cookie data for their own purposes.
- Stripe: Payment processing — sets cookies only during checkout.
- Cloudflare: Content delivery and bot protection.
- PostHog (EU-hosted): Product analytics, only loaded after consent in the EU.
- Sentry: Error monitoring, with PII scrubbing rules.
- Google OAuth: Identity provider, only if you sign in with Google.
- Intercom: Customer support chat widget — only loaded once you open the widget.
Each provider has its own privacy and cookie policies, which apply when you use their services. Where required, we have entered into Data Processing Agreements with each.
8. Changes to this Policy
We may update this Cookie Policy from time to time — to reflect changes in the cookies we use, in regulatory requirements, or in how we operate. When we do:
- We will update the 'Last updated' date at the top.
- Material changes will be announced via in-app notice and email at least 30 days before they take effect.
The current version is always available at limbix.app/cookies.
9. How to contact us
For any question about this Cookie Policy, or how we use cookies:
- General privacy questions: privacy@limbix.app
- Data Protection Officer: dpo@limbix.app
- Postal address: [Registered address to be inserted prior to public launch]