Kimara
NewsPricingSign In

Kimara.ai

Cookie Policy

Last updated: November 4, 2025

This Cookie Policy explains how Kimara uses cookies and similar technologies (e.g. localStorage, session storage, SDK identifiers). For information about how we process personal data beyond cookies (account, billing, support), please see our Privacy Policy.

Consent and Controls

We do not set non-essential cookies until you provide opt-in consent. In EU/EEA/UK, you will see an initial banner with equal prominence actions: Accept all, Reject all, or Manage choices. You can withdraw or change consent at any time via the cookie preferences link and we honor changes immediately.

Under EU ePrivacy rules, strictly necessary cookies used to provide a service you request do not require consent; processing of any personal data collected via those cookies still requires a GDPR legal basis (often contract or legitimate interests).

If analytics are enabled by default outside EU/EEA/UK, we rely on legitimate interests and offer an immediate opt-out via the preferences link. Because we are EU-established, we continue to respect GDPR rights globally.

Consent records (timestamp, region, preferences) are retained so we can demonstrate compliance.

Cookie Categories

We group cookies into the categories below. Non-essential categories are blocked until you opt in.

Strictly Necessary Cookies

Essential for authentication, CSRF protection, and secure payments. Set only when needed and not used for advertising.

  • next-auth.session-token (first-party) — Authentication session cookie
    Purpose: Maintains your login session
    Retention: 24 hours
  • next-auth.csrf-token (first-party) — CSRF protection token
    Purpose: Protects against cross-site request forgery attacks
    Retention: Session
  • mw_jwt (first-party) — Middleware authentication token
    Purpose: Authenticates requests to our middleware services
    Retention: 24 hours

Analytics Cookies (Requires Consent)

Used only after explicit consent in EU/EEA/UK. Outside those regions, we rely on legitimate interests but provide an immediate opt-out. We limit retention to 13–26 months depending on regulator guidance.

  • ph_*_posthog (first-party) — PostHog analytics cookies
    Purpose: Tracks page views, user interactions, and feature usage
    Retention: Up to 13–26 months
    Provider: PostHog (EU region)

We disable cross-site tracking and respect your withdrawal choices instantly.

Payment Processing Cookies

Set by Stripe only during checkout or billing flows to enable secure transactions and prevent fraud.

  • __stripe_mid (third-party, Stripe) — Merchant identifier
    Purpose: Fraud prevention and detection
    Retention: ~365 days
    Docs: stripe.com/cookies-policy/legal
  • __stripe_sid (third-party, Stripe) — Session identifier
    Purpose: Manages payment session and 3D Secure authentication
    Retention: Session
    Docs: stripe.com/cookies-policy/legal

Cookies We Do NOT Use

For your privacy, we do not use:

  • Social media cookies: No embedded social pixels or share buttons that track you
  • Advertising cookies: No third-party ad networks or retargeting
  • Cross-site tracking: We do not track your activity across other websites
  • Behavioral profiling: We do not build detailed behavioral profiles for marketing purposes

Managing Your Cookie Preferences

You can manage your cookie preferences at any time:

  • Use the first-layer banner (Accept all / Reject all / Manage choices)
  • Open the preferences link in the footer or your Profile page
  • Adjust browser settings to block or delete cookies

Note: Disabling strictly necessary cookies will prevent core functionality from working properly, including the ability to log in and use authenticated features.

Cookie Security

We take the security of your data seriously. All authentication cookies use:

  • HttpOnly flag: Prevents JavaScript access to sensitive cookies
  • Secure flag: Ensures cookies are only sent over HTTPS in production
  • SameSite attribute: Protects against cross-site request forgery attacks
  • Encryption: Session data is encrypted using industry-standard algorithms

Retention

Different cookies and similar technologies have different retention periods:

  • Session cookies: Deleted when you close your browser
  • Authentication cookies: Expire after 24 hours
  • Analytics cookies: Limited to 13–26 months depending on region
  • Payment cookies: Vary by purpose (session to ~365 days) and only set during payment flows
  • Session storage (affiliate attribution): Cleared when you close your browser

Third-Party Services

We use the following third-party services that may set cookies or similar identifiers:

  • PostHog (eu.posthog.com): Analytics platform for understanding user behavior. Only loads after consent in regulated regions. Data is stored in EU servers. PostHog Privacy
  • Stripe (stripe.com): Payment processing service for handling subscriptions and transactions securely; only loads on checkout or billing settings pages. Stripe Privacy

Privacy Regulation Compliance

We comply with privacy regulations including GDPR, CCPA, and other applicable laws. For users in regulated jurisdictions:

  • Banner coverage: We use a conservative default to show the banner to new users and avoid misclassification of EU/EEA/UK visitors.
  • In regulated regions: Analytics cookies are blocked until you explicitly provide consent via the banner or preferences.
  • Outside regulated regions: Analytics may run under legitimate interests, but you can opt out immediately using preferences.
  • Withdrawal: You can change your decision at any time and we honor it immediately.

Changes to This Policy

We may update this cookie policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by updating the "Last updated" date at the top of this page.

Contact Us

If you have any questions about our use of cookies or this policy, please contact us at:

Email: info@kimara.ai