Cookie Policy

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and give website owners information about how visitors use their site.

**Types of Cookies by Duration:** • **Session Cookies** - Temporary cookies that are deleted when you close your browser • **Persistent Cookies** - Remain on your device for a set period or until you delete them

**Types of Cookies by Source:** • **First-Party Cookies** - Set by the website you are visiting (Letaria) • **Third-Party Cookies** - Set by other services we use (e.g., analytics, authentication)

**Similar Technologies:** We may also use similar technologies including: • Local Storage - Stores data in your browser with no expiration date • Session Storage - Stores data for the duration of your session • Pixel Tags/Web Beacons - Small images used to track user behavior

We use cookies and similar technologies for the following purposes:

**Authentication & Security:** • Keep you signed in to your account • Protect against unauthorized access and fraudulent activity • Prevent cross-site request forgery (CSRF) attacks • Secure your session data

**Service Functionality:** • Remember your preferences and settings • Store your selected workspace • Maintain your session state as you navigate • Enable core features of the Service

**Analytics & Performance:** • Understand how visitors use the Service • Identify popular features and content • Detect and resolve technical issues • Measure and improve performance • Generate aggregate usage statistics

**Personalization:** • Remember your display preferences (theme, language) • Customize your experience based on your choices • Restore your previous session state

We process cookie data based on the following legal grounds:

**Strictly Necessary Cookies:** • Legal Basis: Legitimate Interest (GDPR Art. 6(1)(f)) • These cookies are essential for the Service to function • No consent is required as they are necessary for service provision • You cannot opt out without affecting Service functionality

**Non-Essential Cookies (Functional, Analytics, Performance):** • Legal Basis: Consent (GDPR Art. 6(1)(a)) • We request your consent before setting these cookies • You can withdraw consent at any time • Withdrawal does not affect the lawfulness of processing before withdrawal

**Regional Requirements:**

**European Union (GDPR & ePrivacy Directive):** • Prior consent required for non-essential cookies • Clear information about cookie purposes • Easy mechanism to withdraw consent

**Singapore (PDPA):** • Consent required for collection of personal data via cookies • Notification of purposes • Option to withdraw consent

**Japan (APPI):** • Opt-out mechanism required for certain cookies • Notification of purposes • Third-party cookie disclosure

**Australia (Privacy Act):** • Notification about collection via cookies • Reasonable opportunity to remain anonymous where practicable • Disclosure of overseas data transfers

**UAE & Saudi Arabia (PDPL):** • Consent for personal data collection • Transparency about data processing • User rights to access and deletion

You have several options for managing your cookie preferences:

**Cookie Consent Banner:** When you first visit our Service, you will see a cookie consent banner that allows you to: • Accept all cookies • Reject non-essential cookies • Customize your preferences by cookie category

**Changing Your Preferences:** You can change your cookie preferences at any time by: • Clicking the "Cookie Settings" link in our website footer • Adjusting settings in your account preferences • Using your browser's cookie controls

**Browser Controls:** Most web browsers allow you to control cookies through their settings:

**Google Chrome:** Settings → Privacy and Security → Cookies and other site data

**Mozilla Firefox:** Options → Privacy & Security → Cookies and Site Data

**Apple Safari:** Preferences → Privacy → Cookies and website data

**Microsoft Edge:** Settings → Privacy, search, and services → Cookies and site permissions

**Impact of Blocking Cookies:** Please note that blocking certain cookies may affect your experience: • Blocking strictly necessary cookies will prevent you from using the Service • Blocking functional cookies may reset your preferences each visit • Blocking analytics cookies will not affect your ability to use the Service

Some cookies on our Service are set by third-party services. We carefully select our partners and require them to comply with applicable data protection laws.

**Authentication Provider:** **Clerk** • Purpose: User authentication and identity management • Cookies: Session tokens, authentication state • Privacy Policy: clerk.com/legal/privacy • Data Location: United States

**Hosting & Infrastructure:** **Vercel** • Purpose: Website hosting and edge functions • Cookies: Performance and security tokens • Privacy Policy: vercel.com/legal/privacy-policy • Data Location: Global CDN

**Analytics:** **Google Analytics (if enabled)** • Purpose: Usage statistics and behavior analysis • Cookies: _ga, _gid, _gat • Privacy Policy: policies.google.com/privacy • Data Location: United States • Opt-out: tools.google.com/dlpage/gaoptout

**Database & Backend:** **Supabase** • Purpose: Database services (no direct cookies) • Privacy Policy: supabase.com/privacy • Data Location: Configurable by region

We do not have control over third-party cookies. Please refer to the respective privacy policies for detailed information about their data practices.

**Browser Do Not Track:** Some browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing not be tracked.

**Our Response:** Currently, there is no industry-wide standard for how websites should respond to DNT signals. Our Service: • Recognizes and respects browser DNT signals where technically feasible • Disables non-essential analytics when DNT is enabled • Continues to use strictly necessary cookies required for Service operation

**Global Privacy Control (GPC):** We also recognize and honor Global Privacy Control signals, which indicate your preference not to have your data sold or shared.

**Alternative Options:** If you wish to limit tracking: • Use our cookie preference controls • Enable DNT or GPC in your browser • Use browser extensions that block tracking • Review your browser's privacy settings

Cookie data may be transferred to and processed in countries outside your country of residence.

**Transfer Destinations:** • United States (authentication, analytics providers) • Various locations (CDN edge nodes) • Singapore (our headquarters)

**Safeguards:** We ensure appropriate protections for international transfers:

**For EU/EEA Users:** • Standard Contractual Clauses with service providers • Transfers to countries with adequacy decisions • Supplementary measures where required

**For Singapore Users:** • Compliance with PDPA transfer requirements • Contractual protections with overseas recipients

**For All Users:** • Data processing agreements with third parties • Security measures to protect data in transit • Regular review of provider compliance

For more information about international transfers, please see our Privacy Policy.

We retain cookie data for the following periods:

**Session Cookies:** • Deleted when you close your browser • No persistent storage

**Persistent Cookies:** • Authentication cookies: Up to 1 year • Preference cookies: Up to 1 year • Analytics cookies: Up to 2 years (set by Google Analytics) • Consent records: Up to 1 year

**Server-Side Data:** • Session logs: 90 days • Analytics data: 24 months (aggregated) • Security logs: 12 months

**Your Right to Deletion:** You can delete cookies at any time by: • Clearing cookies in your browser settings • Using our cookie preference controls • Requesting deletion through privacy@letaria.app

After deletion, some cookies may be reset on your next visit if you have consented to them.

You have the following rights regarding cookie data:

**Right to Information:** • Know what cookies we use • Understand the purposes of each cookie • Identify third parties that set cookies

**Right to Consent:** • Choose which non-essential cookies to accept • Withdraw consent at any time • Not be penalized for refusing non-essential cookies

**Right to Access:** • Request information about cookie data we hold • Understand how your data is processed

**Right to Deletion:** • Delete cookies from your browser • Request deletion of associated server-side data • Clear your cookie preferences

**Regional Rights:**

**EU/EEA (GDPR):** • Right to lodge a complaint with a supervisory authority • Right to data portability

**California (CCPA):** • Right to know what personal information is collected • Right to opt-out of sale (we do not sell data) • Right to non-discrimination

**Singapore (PDPA):** • Right to access personal data • Right to correct personal data • Right to withdraw consent

**To Exercise Your Rights:** Contact us at privacy@letaria.app with your request.

We may update this Cookie Policy from time to time to reflect: • Changes in the cookies we use • New regulatory requirements • Updates to our Service • Feedback from users

**Notification of Changes:** When we make changes, we will: • Update the "Last Updated" date at the top of this policy • Post the revised policy on our website • For material changes, display a notice on the Service • Request renewed consent if required for new cookies

**Review:** We encourage you to review this Cookie Policy periodically. The current version is always available at letaria.app/cookies.

**Continued Use:** Your continued use of the Service after changes take effect constitutes acknowledgment of the updated Cookie Policy. For consent-based cookies, we will request new consent where required.

If you have questions about our use of cookies or this Cookie Policy, please contact us:

**General Inquiries:** Email: privacy@letaria.app

**Data Protection Officer:** Email: dpo@letaria.app

**Support:** Email: support@letaria.app

**Response Time:** We aim to respond to inquiries within 5 business days.

**Regulatory Contacts:** You can also contact your local data protection authority:

**Singapore:** Personal Data Protection Commission (PDPC) - www.pdpc.gov.sg **EU:** Your local Data Protection Authority **Japan:** Personal Information Protection Commission (PPC) - www.ppc.go.jp **Australia:** Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au **Saudi Arabia:** Saudi Data & AI Authority (SDAIA) - www.sdaia.gov.sa **UAE:** UAE Data Office **UK:** Information Commissioner's Office (ICO) - www.ico.org.uk