Cookie Policy

Cookies are small text files placed on your device when you visit a website. They allow the website to remember your actions and preferences over time.

STRICTLY NECESSARY (no consent required): • ev_access — JWT access token (15 minutes, httpOnly, secure, SameSite=Lax) • ev_refresh — Session refresh token (7 days, httpOnly, secure, SameSite=Lax) • NEXT_LOCALE — Selected language preference (1 year) • __cf_bm — Cloudflare bot mitigation (30 minutes) FUNCTIONAL (set after consent): • theme — Light/dark mode preference (1 year) • consent — Cookie consent record (1 year) ANALYTICS (privacy-focused, optional): • ph_* — PostHog product analytics (90 days, EU-hosted, no third-party tracking) We DO NOT use: • Third-party advertising cookies • Facebook pixel, Google Ads pixel • Cross-site tracking cookies • Fingerprinting libraries

You can control cookies in three ways: (a) Cookie banner: when you first visit, you can accept or reject non-essential cookies (b) Browser settings: block all cookies (Service may not function fully without strictly-necessary cookies) (c) Account settings: manage analytics opt-in in your dashboard

(a) Session cookies: deleted when you close your browser (b) Persistent cookies: deleted on expiration (max 1 year) (c) Authentication cookies: deleted on logout

If we add new cookies, we will update this policy and may re-prompt for consent if required by law.