Legal
Cookie Policy
Last updated: April 20, 2026
This is a plain-language summary, not individualized legal advice. Consult a lawyer for your situation.
Mimicly uses a small, focused set of cookies. Essential cookies keep accounts, security checks, and preferences working. Optional ads or analytics may be enabled only when configured and consent rules allow them. This page tells you what we set and why.
1. What cookies are
Cookies are small text files saved in your browser by a website. They let the site remember short pieces of information — for example, that you are signed in — across page loads. Some cookies expire when you close the tab (session cookies); others last for a set period (persistent cookies).
2. Categories we use
- Strictly necessary: required for the site to function — signing you in, protecting the service from automated abuse. These cannot be disabled without breaking the app.
- Preferences: remember small choices you have made, such as whether you have already accepted this policy.
- Advertising or measurement: only used if an ad or measurement provider is enabled and the required consent flow allows it.
We do not ask users to click ads, and rewards are not granted unless the provider flow is verified safely.
3. The exact cookies we set
| Name | Category | Purpose | Duration |
|---|---|---|---|
| next-auth.session-token | Strictly necessary | Keeps you signed in between page loads. Set by our authentication layer after successful login via Google or email + password. | 30 days, or until you sign out |
| mimicly.consent | Preferences | Records that you have seen and acknowledged the cookie banner, so we do not show it again. | 12 months |
| cf_challenge / __cf_bm | Strictly necessary | Cloudflare Turnstile bot-check. Issued by Cloudflare while verifying that a sign-up or sign-in request is coming from a real browser. | Short-lived (session to ~30 minutes) |
| Google ads / consent cookies | Advertising or consent | Only present if Google ads are enabled for a surface and the applicable consent flow allows the request. | Set by Google according to its advertising and consent policies |
4. Third parties
The Cloudflare Turnstile cookie is set by Cloudflare on our behalf to prevent automated abuse. Cloudflare acts as our processor for this limited purpose. Google ad or consent cookies may be set only when ads are enabled and consent rules allow them. Payment flows happen on the payment processor's own domain: Lemon Squeezy Checkout (see Lemon Squeezy's privacy policy) for new web purchases, or, for customers who subscribed before April 2026, Stripe Checkout (see Stripe's privacy policy).
5. Controlling cookies
You can clear cookies from your browser's settings at any time; doing so will sign you out. Browsers let you block cookies entirely, but Mimicly will not function correctly without the session cookie. If optional ads or measurement are enabled, use the banner or preference controls shown in the app to change non-essential choices where available.
6. Changes
If we add new cookies, we will update this page and the “Last updated” date. If the new cookies are not strictly necessary, we will ask for your consent first.
7. Contact
Questions? Email info@mimicly.net. See also our Privacy Policy.