Cookies notice

Live from 2026-05-18.

This page lists the cookies and similar browser-storage mechanisms the Lelemon platform uses, why they're used, and how to control them. It complements the Privacy Policy, which covers personal data more broadly.

What we use

Strictly necessary

These are required for the platform to function — without them, you can't sign in or maintain a session.

• Auth session — stores your signed-in identity for the duration of your visit.
• CSRF protection — prevents cross-site request forgery on forms and write actions.

You cannot opt out of strictly-necessary storage without losing the ability to use the platform.

Functional

Used to remember preferences you've set, so the platform behaves consistently across visits.

• Theme + appearance — light / dark / minimal preference.
• Language + locale — your chosen interface language.
• Saved events list — the events you've bookmarked.
• Cancellation grace tokens — short-lived tokens used by the one-click

unsubscribe flow so an email-footer click doesn't require login.

Analytics (consent-gated)

The behavioural activity log described in the Privacy Policy §2.2 is the only analytics-like storage we use, and only when you've explicitly accepted via the consent banner or Account Settings → Privacy. Without consent, nothing is recorded.

Third-party

• Stripe sets its own cookies on its checkout iframe to detect fraud and

maintain payment-session state. These cookies are scoped to Stripe's own domain and are governed by Stripe's privacy policy.

• Resend does not set cookies on the platform itself; their service runs

server-side only and the emails they send don't include tracking cookies.

How to control

• In-app: flip the analytics consent toggle in Account Settings → Privacy.

This affects only behavioural-data storage on this platform.

• In your browser: most browsers let you block or delete cookies entirely.

Doing so will sign you out and prevent the platform from working until you re-accept.

• Do Not Track: we honour the DNT header where set — if your browser

sends DNT=1 we treat that as a soft signal alongside our consent gate.

Questions? Email privacy@lelemon.ch.