Cookie Policy

Last updated: 2026-05-04. This is a v1 draft pending review by counsel before launch.

This policy explains the cookies and similar storage technologies that helloloni.com uses. It complements our Privacy Policy.

1. What we mean by "cookies"

A cookie is a small file your browser stores between visits. We also use the browser's local storage and session storage for some preferences. Throughout this page, "cookies" covers both.

2. Cookies we set

2.1 Essential — always active

These are required for the site to work and cannot be disabled in our cookie banner.

| Name | Purpose | Lifetime | | --- | --- | --- | | Refresh-token cookie (httpOnly, Secure, SameSite=Lax) | Carries the rotating refresh token that keeps you signed in. The short-lived access token never lives in a cookie — it is held in memory only. | Up to 14 days rolling; cleared on sign-out or logout-all | | loni_consent | Remembers your cookie banner choice | 13 months | | NEXT_LOCALE | Remembers the language you chose (fr / en / es) | 1 year | | Cross-site request forgery (CSRF) protection | Protects form submissions from cross-site attacks | Session |

2.2 Functional — opt-in

Used to remember interface preferences (theme, reader settings) so they follow you across sessions. None are active in v1; if we add any, they will be listed here and gated by the cookie banner.

2.3 Analytics — opt-in

We do not use third-party analytics in v1. Server-side request logs (which never persist a third-party cookie in your browser) are described in the Privacy Policy.

2.4 Marketing — none

We do not run third-party advertising on Loni and we do not set advertising cookies. We do not embed social-media tracking pixels.

3. Cookies set by third parties on Loni

Some pages embed forms hosted by third parties — those services may set their own cookies, governed by their own policies.

| Service | Where it appears | What it may set | | --- | --- | --- | | Stripe | Card-payment form during checkout | Cookies for fraud detection and device fingerprinting; controlled by Stripe | | PawaPay | Mobile Money flow during checkout | Webhook-based; in v1 PawaPay does not embed a client-side widget on Loni |

We do not embed Google, Facebook, Twitter, or other social trackers anywhere on the site.

4. Managing your choices

A cookie banner appears on your first visit so you can accept, reject, or customize the optional categories. Your choice is stored in loni_consent.
You can re-open the banner anytime from this page or from any footer to change your choice.
Your browser can clear all cookies for this site at any time from its settings — doing so will sign you out and reset your cookie-banner choice.
The "Do Not Track" browser signal is treated the same as rejecting all optional categories. Since we do not run any optional cookies in v1, this currently has no additional effect.

5. Mobile app

The Loni mobile app is not a website and does not use HTTP cookies. It uses platform-secure storage instead: iOS Keychain (first_unlock accessibility) and Android EncryptedSharedPreferences. Push tokens (Firebase Cloud Messaging on Android, Apple Push Notification service on iOS) are explained in the Privacy Policy.

6. Changes to this policy

We may update this policy. Material changes are announced by email and on the site at least 14 days before they take effect.

7. Contact

Questions about cookies: privacy@helloloni.com, or via the Contact page.

2. Cookies we set

2.1 Essential — always active

These are required for the site to work and cannot be disabled in our cookie banner.

2.2 Functional — opt-in

Used to remember interface preferences (theme, reader settings) so they follow you across sessions. None are active in v1; if we add any, they will be listed here and gated by the cookie banner.

2.3 Analytics — opt-in

We do not use third-party analytics in v1. Server-side request logs (which never persist a third-party cookie in your browser) are described in the Privacy Policy.

2.4 Marketing — none

We do not run third-party advertising on Loni and we do not set advertising cookies. We do not embed social-media tracking pixels.

3. Cookies set by third parties on Loni

Some pages embed forms hosted by third parties — those services may set their own cookies, governed by their own policies.

We do not embed Google, Facebook, Twitter, or other social trackers anywhere on the site.

4. Managing your choices

A cookie banner appears on your first visit so you can accept, reject, or customize the optional categories. Your choice is stored in loni_consent.

You can re-open the banner anytime from this page or from any footer to change your choice.

Your browser can clear all cookies for this site at any time from its settings — doing so will sign you out and reset your cookie-banner choice.

The "Do Not Track" browser signal is treated the same as rejecting all optional categories. Since we do not run any optional cookies in v1, this currently has no additional effect.

5. Mobile app