[cookies]

Cookie Policy

Effective 2026-06-20

Draft v1 — pending legal review. Subject to change before general availability.

1. What this policy covers

This policy describes the cookies and other client-side storage that Levio (operated by Joeybuilt LLC) uses on mylevio.com and the Levio mobile application. It complements our Privacy Policy.

2. What we use

We use the minimum number of cookies required to operate the service. There are no advertising or behavioural-tracking cookies.

NameTypePurposeLifetime
levio-themelocalStorageRemembers your light / dark / system theme preference.Until you clear it
better-auth.session_tokenStrictly necessary (httpOnly cookie)Keeps you signed in across requests. Set by Better Auth.Session (typically 7 days, sliding)
__Host-csrf*Strictly necessaryCross-site request forgery protection for authenticated endpoints.Session
__stripe_mid / __stripe_sidThird-party (Stripe)Fraud prevention on checkout and billing pages. Set by Stripe.1 year / 30 minutes
Google OAuth stateStrictly necessary (short-lived)CSRF protection during the Google sign-in handshake.~10 minutes

3. Why we don’t show a consent banner

All cookies we set are strictly necessary for authentication, security, or a feature you actively asked for (e.g. theme preference). Under the ePrivacy Directive and the UK PECR, strictly-necessary cookies do not require a consent banner. Third-party cookies set by Stripe appear only on the billing surfaces, and only after you initiate a checkout.

4. Controlling cookies

You can clear cookies and local storage from your browser settings at any time. Doing so will sign you out of Levio and reset your theme preference.

5. Changes

We will post material changes to this policy at this URL. Continued use of the service after a change constitutes acceptance.

6. Contact

Questions? Email hello@joeybuilt.com.