Cookie Policy
Effective date: 1 June 2026
Last updated: 7 July 2026
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. Similar technologies (such as local storage and session storage) may be used for the same purposes described below. This page lists what Codelivly actually sets — no more, no less.
2. The short version
We use cookies to keep you signed in, protect your account, and remember preferences. We do not use third-party advertising or cross-site tracking cookies. Our only measurement is first-party performance data, and it loads only if you accept in the cookie banner.
3. Strictly necessary (always on)
These are required for signing in and account security. Blocking them breaks login.
| Name | Purpose | Duration |
|---|---|---|
__Host-access-token | Keeps you signed in during a session (HttpOnly — scripts cannot read it) | ~15 minutes, refreshed automatically |
refreshToken | Renews your session so you stay signed in (HttpOnly) | 7 days, or 30 days with "Remember me" |
csrf-token | Protects forms against cross-site request forgery | Matches your session |
verification_token, oauth_pending | Short-lived cookies used only during email verification or Google/GitHub/LinkedIn sign-in flows | Minutes |
4. Functional
| Name | Purpose | Duration |
|---|---|---|
codelivly-theme | Remembers your theme preference | 1 year |
| Browser local storage | UI preferences and your cookie-consent choice (cookie_consent) | Until you clear it |
5. Measurement (only with your consent)
If you click Accept in the cookie banner, we collect first-party performance measurements (page speed / web vitals) to improve the platform. This is our own measurement — no advertising networks, no cross-site tracking, and nothing loads if you decline. You can change your choice anytime by clearing the cookie_consent entry in your browser's local storage.
6. Third-party cookies
- Stripe — sets cookies during card checkout for payment security and fraud prevention.
- PayPal — sets cookies when you are redirected to PayPal to pay.
- Google / GitHub / LinkedIn — set cookies during sign-in with those providers only.
- Cloudflare Turnstile — bot protection on some forms.
- Embedded media (e.g. YouTube/Vimeo players in lessons or posts) — may set cookies when you play a video.
Those cookies are governed by each provider's own policy.
7. Managing cookies
You can control cookies through your browser settings — block, delete, or get alerted before cookies are stored. Blocking strictly necessary cookies will prevent you from signing in.
For more about how we process personal data, see our Privacy Policy.
8. Contact
Questions about this Cookie Policy: [email protected]