cookies policy
every cookie Spirby sets, why, how long it lasts, and how to turn it off. the short version: we use a few essential ones, no advertising.
last updated May 13, 2026
this page lists the cookies and similar technologies that HEXELITY LABS S.R.L. ("Spirby", "we") sets when you use the service. the rest of how we handle personal data is in our privacy policy.
1. what cookies are
a cookie is a small text file a website asks your browser to store. each time your browser opens the site again, it sends the cookie back, which lets the site remember things across requests (like that you're signed in).
similar technologies (local storage, session storage) work differently under the hood but raise the same kind of question for you, so we treat them the same way in this policy.
2. essential vs non-essential
cookies fall into two camps:
- essential cookies are required to deliver a service you actively asked for. signing into an account, holding your session while you click around, and protecting forms from cross-site request forgery all need essential cookies. you can't meaningfully opt out of these without breaking the service.
- non-essential cookies include analytics, advertising, personalization, and third-party social trackers.
we use only essential cookies, plus a small number of cookies set by third parties during specific flows (most notably Polar, our payment provider, during checkout).
3. our analytics is cookieless
we use a self-hosted Plausible Community Edition instance for product analytics. Plausible does not set cookies, does not assign you a persistent identifier, and does not build a profile across visits. it counts page views and basic device information in aggregate. there is nothing to opt out of, because nothing was set in your browser.
4. cookies we set
| cookie | purpose | type | duration |
|---|---|---|---|
spirby.session | keeps you signed into the application | essential, first-party | up to 30 days, refreshed on activity |
spirby.csrf | protects forms and mutating API calls from cross-site request forgery | essential, first-party | session (cleared when you close the browser) |
spirby.tenant | remembers which organization you most recently used so we can route you back to it | essential, first-party | 90 days |
every essential cookie is marked HttpOnly (where it doesn't need to be readable by client-side code), Secure (only sent over HTTPS), and SameSite=Lax.
we do not use any advertising, retargeting, or social-media cookies.
5. cookies set by sub-processors
some pages embed services from sub-processors. those services may set their own cookies on the page. we do not control those cookies; they are governed by the sub-processor's own cookie policy.
| sub-processor | when it loads | what it sets | where to read more |
|---|---|---|---|
| Polar | only when you start checkout for a paid plan or open the Polar customer portal to manage your subscription | cookies that Polar (acting as Merchant of Record) uses for fraud prevention, payment session continuity, and compliance | https://polar.sh/legal/cookies |
| Cloudflare | on every page, as our edge / DDoS-protection layer | a __cf_bm bot-management cookie, where required | https://www.cloudflare.com/cookie-policy/ |
both Polar and Cloudflare cookies above are treated by their providers as strictly necessary for fraud prevention or security and are not used for advertising. if you block them, billing and bot-protection may not work for you.
6. customer boards
when you visit a public feedback board operated by one of our customers, the board uses the same essential cookies listed above (spirby.session, spirby.csrf) to handle voting, posting, and comment subscription. the board operator (the customer) is the data controller for that activity. they may add their own cookie disclosure, but the cookies the platform itself sets are the ones listed in this policy.
7. controlling cookies
every modern browser lets you delete cookies that have already been set, block all cookies for a site, or be prompted before accepting one. instructions:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Safari (desktop): https://support.apple.com/guide/safari/manage-cookies-sfri11471
- Safari (iOS): https://support.apple.com/HT201265
- Edge: https://support.microsoft.com/help/4027947
blocking essential cookies for spirby.com will prevent you from signing in or staying signed in.
8. updates
we may update this policy as the cookies we use change. we update the "last updated" date at the top whenever we make a substantive change. prior versions are available on request.
9. contact
questions about cookies on Spirby? email [email protected].