Cookie Policy

Last updated: 29 April 2026

1. What this policy covers

This Cookie Policy explains how Xygnius uses cookies and similar storage technologies on xygnius.com and its subdomains. It supplements our Privacy Policy.

“Cookies” here also covers other client-side storage we use to recognise your browser between visits — local storage, session storage, and IndexedDB — because EU regulators treat them equivalently under the ePrivacy Directive (Art. 5(3)).

2. Manage your preferences

You can change your cookie choices at any time. We will not set non-essential cookies unless and until you opt in, and you can withdraw that opt-in just as easily.

3. Categories we use

We group cookies into four categories. Only the first is set without your consent:

Strictly necessary — required for the Service to function. Cannot be disabled. Includes session cookies, CSRF tokens, OAuth state nonces, theme preference, and infrastructure cookies (Cloudflare bot management, load balancing).
Preferences — remember non-essential UI choices across visits, e.g. language, dismissed banners, sidebar layout.
Analytics — pseudonymous product-usage analytics (PostHog) so we can see which features get used and where flows break. No third-party advertising.
Marketing — retargeting and ad-conversion pixels. None active today; this category is reserved for future use and will only fire if you opt in.

4. Cookies we set

Name	Category	Purpose	Duration	Provider
`better-auth.session_token`	Necessary	Authenticates your signed-in session — without it the app cannot recognise you between page loads.	7 days (rolling)	First-party
`xygnius_cookie_consent`	Necessary	Stores your cookie-consent choices so we can honour them on every page.	12 months	First-party
`xygnius_ga_oauth_nonce`	Necessary	Single-use anti-CSRF token for the Google Analytics connect flow. Expires within minutes.	~10 min	First-party
`theme`, `theme-id`	Necessary	Remembers your dark/light + theme variant choice so the page does not flash on first paint.	12 months	First-party
`__cf_bm`, `cf_clearance`	Necessary	Cloudflare bot management and DDoS protection in front of our infrastructure.	30 min – 1 year	Cloudflare
`ph_*`	Analytics (opt-in)	PostHog product analytics — anonymous usage, feature engagement, funnel tracking. Only set if you accept the “Analytics” category.	12 months	PostHog

This list reflects the cookies in use as of the “last updated” date. Names of third-party cookies may change as their providers update their products. We review this list periodically.

5. Browser controls

Most browsers let you block or delete cookies through their settings. Blocking strictly-necessary cookies will prevent the Service from working. Helpful pages from major browsers:

6. Changes to this policy

We will update this page and bump the cookie-consent version (forcing a re-prompt) whenever we add a new processor in the optional categories. Material changes are also surfaced in-app at least 14 days before they take effect.

7. Contact

Questions about cookies: [email protected].