Legal

Cookie policy

Last updated 13 July 2026. This page explains the cookies Kvix sets, what they do, and how to change your mind. For the wider GDPR picture see our privacy notice.

1. The three categories

Cookies we set fall into three buckets. Strictly-necessary cookies are always on because the product cannot function without them. Everything else is opt-in.

  • Strictly necessary — keep you signed in, protect the form submissions you make. Required by law to NOT require consent (ePrivacy Art. 5(3)).
  • Analytics — anonymous usage statistics so we can see which pages people read. Off by default. Powered by Google Analytics 4 with IP anonymisation enabled.
  • Marketing — reserved for any future advertising or retargeting cookie. Currently unused. Off by default.

2. What we set

Name Purpose TTL Category
kvix-session Keeps you signed in. First-party. HttpOnly, SameSite=Lax, Secure in production. 120 min idle Necessary
XSRF-TOKEN CSRF protection for forms. First-party. 120 min idle Necessary
kvix_consent Remembers your cookie-consent choice so we don't show the banner every visit. 12 months Necessary
_ga, _ga_* Google Analytics 4 visitor + session identifiers. Only set if you accept analytics. IP anonymisation enabled. Up to 2 years Analytics (opt-in)

3. Sub-processors that may set cookies

Sub-processors we use (see the full list) may set their own cookies on the pages of theirs that we embed. Today that's only Stripe, on the checkout page, when you start a paid subscription. Stripe's cookies are strictly necessary for fraud detection (Stripe.js sets __stripe_mid and __stripe_sid); they are not under our control.

4. Change your mind

Use the button below to re-open the cookie banner. Withdrawing analytics consent immediately stops Google Analytics from sending any more data and drops the existing _ga* cookies from your browser. You can also clear all cookies via your browser settings.

5. Questions

Reach us at [email protected]. We answer GDPR-related requests within 30 days.