Cookie Policy

Last updated: March 10, 2026

Summary: We use minimal cookies — only what's essential for the service to work. No advertising cookies, no third-party tracking pixels, no analytics cookies that identify you personally. We use Cloudflare's privacy-first analytics which doesn't use cookies at all.

1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and provide a better experience.

2. Cookies We Use

Cookie	Purpose	Type	Duration
sb-access-token	Authentication — keeps you signed in to Legitsy	Essential	Session (1 hour, refreshed automatically)
sb-refresh-token	Authentication — allows session refresh without re-login	Essential	7 days
cf_clearance	Cloudflare Turnstile — verifies you're a real person (invisible, no puzzle)	Essential	30 minutes
__cf_bm	Cloudflare bot management — protects against automated abuse	Essential	30 minutes

3. Cookies We Do NOT Use

No advertising or marketing cookies
No third-party tracking pixels (Facebook Pixel, Google Ads, etc.)
No analytics cookies that track individual users
No social media cookies
No cross-site tracking of any kind

4. Analytics

We use Cloudflare Web Analytics, which is privacy-first and does not use cookies, does not track individual users, and does not collect personal data. It provides aggregate page view counts only. It is fully compliant with GDPR, CCPA, and PECR without requiring user consent.

5. Chrome Extension

The Legitsy Chrome extension uses chrome.storage.local (not cookies) to store your authentication token. This data never leaves your browser except when making API requests to api.legitsy.io. It is not accessible by any website.

6. Managing Cookies

Since all our cookies are essential (authentication and security), disabling them will prevent you from signing in. You can manage cookies in your browser settings:

Chrome: Settings → Privacy and security → Cookies
Firefox: Settings → Privacy & Security → Cookies
Safari: Settings → Privacy → Manage Website Data

7. Changes

If we ever add non-essential cookies (we currently have no plans to), we will update this policy and implement a consent mechanism before deploying them.

8. Contact

Questions about our cookie practices: [email protected]