This Cookie Policy explains how Exafy uses cookies and similar technologies. It complements our Privacy Policy and should be read together with it.
What cookies are
Cookies are small files stored on your device when you visit a website. They help websites function, remember preferences, improve performance, and understand usage. We also use related technologies such as local storage and session storage where appropriate; references to "cookies" in this policy include those technologies.
PECR position and our consent approach
Under the UK Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies (those that are essential for a service you have explicitly requested, such as logging in or completing a payment) require no consent under the regulation 6(4) exemption. All other cookies — analytics, performance, marketing, and similar — require your prior consent. Where consent is required, we obtain it through our cookie banner. Consent must be specific, informed, freely given, and revocable.
Types of cookies we use
- Essential cookies — required for login, security, checkout, subscriptions, and platform functionality
- Preference cookies — remember settings such as language, level, or display choices
- Analytics cookies — help us understand how users interact with the platform
- Performance cookies — help identify errors, speed issues, and reliability problems
- Marketing cookies — only used if disclosed and consented to
Specific cookie inventory
The current cookies set by Exafy and our integrated providers:
| Cookie | Purpose | Type | Duration | Provider |
|---|---|---|---|---|
| next-auth.session-token | Authentication session | Strictly necessary | 30 days | Exafy |
| next-auth.csrf-token | CSRF protection | Strictly necessary | Session | Exafy |
| exafy_sid | Single-device session enforcement | Strictly necessary | 30 days | Exafy |
| NEXT_LOCALE | Language preference | Preference | 1 year | Exafy |
| __stripe_mid | Payment fraud prevention | Strictly necessary | 1 year | Stripe |
| __stripe_sid | Payment fraud prevention | Strictly necessary | 30 minutes | Stripe |
Essential cookies
Essential cookies cannot be disabled because the platform needs them to work. They support authentication, payment security, fraud prevention, and session management. Blocking these cookies will break login and checkout.
Non-essential cookies
We will request your consent before placing non-essential cookies, in line with PECR. You can withdraw or change consent at any time from this page (when our cookie consent banner ships, the same control will appear in-product so you can change your mind without leaving the page you're on). Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
Third-party cookies
Some cookies are set by trusted providers we use to operate the service: Stripe for payments, Googlefor OAuth sign-in. Each provider's own privacy policy governs the cookies they set.
Managing cookies
You can manage cookies through:
- The Cookies & settings link in our footer (this page) — when our consent banner ships it will reopen on click; until then this page is the canonical reference
- Your browser settings (Chrome, Firefox, Safari, Edge)
- Your device's privacy settings
Blocking strictly necessary cookies will prevent login and checkout from working. Questions about cookies can be sent to info@exafy.ai.