1. What this policy covers
This policy describes the cookies and other client-side storage that Levio (operated by Joeybuilt LLC) uses on mylevio.com and the Levio mobile application. It complements our Privacy Policy.
2. What we use
We use the minimum number of cookies required to operate the service. There are no advertising or behavioural-tracking cookies.
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
| levio-theme | localStorage | Remembers your light / dark / system theme preference. | Until you clear it |
| better-auth.session_token | Strictly necessary (httpOnly cookie) | Keeps you signed in across requests. Set by Better Auth. | Session (typically 7 days, sliding) |
| __Host-csrf* | Strictly necessary | Cross-site request forgery protection for authenticated endpoints. | Session |
| __stripe_mid / __stripe_sid | Third-party (Stripe) | Fraud prevention on checkout and billing pages. Set by Stripe. | 1 year / 30 minutes |
| Google OAuth state | Strictly necessary (short-lived) | CSRF protection during the Google sign-in handshake. | ~10 minutes |
3. Why we don’t show a consent banner
All cookies we set are strictly necessary for authentication, security, or a feature you actively asked for (e.g. theme preference). Under the ePrivacy Directive and the UK PECR, strictly-necessary cookies do not require a consent banner. Third-party cookies set by Stripe appear only on the billing surfaces, and only after you initiate a checkout.
4. Controlling cookies
You can clear cookies and local storage from your browser settings at any time. Doing so will sign you out of Levio and reset your theme preference.
5. Changes
We will post material changes to this policy at this URL. Continued use of the service after a change constitutes acceptance.
6. Contact
Questions? Email hello@joeybuilt.com.