Skip to content
h8lio

Cookie policy

This policy describes the cookies and similar technologies used by the h8lio platform (the application served at h8l.io). It complements the privacy policy.

This documentation site (resources.h8l.io) itself sets no cookies and uses no local storage.

Section titled “What is a cookie (and a similar technology)?”

A cookie is a small data file placed on your device by a website. Local storage (localStorage) is a similar technology that lets an application keep data in your browser without sending it automatically with every request. h8lio relies mostly on local storage; the only true cookies are set by our payment provider at checkout.

NameTypePurposeSet byDuration
Auth0 sessionlocalStorageKeep the authenticated sessionAuth0 (via h8lio)Until sign-out or session expiry
h8lio.settingslocalStorageDisplay preferences (theme, language, current organization)h8lioPersistent until cleared by the User
__stripe_midCookiePayment fraud preventionStripe1 year
__stripe_sidCookiePayment fraud prevention (session)Stripe30 minutes
  • Auth0 session: when you sign in, h8lio keeps your authentication session in your browser’s local storage. Without it you could not stay signed in from one page to the next. The identity provider (Auth0) may also set its own cookies on its login domain, governed by its privacy policy.
  • Stripe cookies (__stripe_mid, __stripe_sid): set only when you reach the payment step, they let Stripe detect and prevent fraud. See Stripe’s privacy policy.

These are essential to operate the service and cannot be disabled without preventing authentication or payment.

  • h8lio.settings: keeps your preferences (light/dark theme, language, last organization visited) so you do not have to set them again on each visit. You can clear them at any time from your browser settings.

h8lio measures page traffic with Umami, a tool self-hosted by Byzaneo within the European Union. Umami is fully cookieless and neither stores nor reads anything on your device: data is aggregated and anonymized (no organization identifier is sent). See the dedicated section of the privacy policy.

Prior consent is only required for cookies and trackers that are not strictly necessary to the service. The only cookies we use (Stripe) are strictly necessary for payment security. Our audience measurement, in turn, is cookieless: since no tracker is set, the question of consent does not arise (this approach goes beyond the conditions of the CNIL exemption for cookie-based audience measurement). We use no advertising cookies and no third-party trackers. No consent banner is therefore needed; only the transparency obligation applies, which this page fulfils.

You can review, block, or delete cookies and local storage data at any time from your browser settings. The procedure varies by browser:

Blocking the strictly necessary cookies (Stripe) may prevent a payment from completing. Clearing local storage will sign you out and reset your preferences.

Cookie retention periods are listed in the table above. Local storage data persists until you clear it. Anonymized audience statistics (Umami) are kept for at most 13 months.

This cookie policy is an integral part of our privacy policy, which details all personal data processing and your rights under the GDPR.

For cookie questions, write to privacy@h8l.io.


Version 1.1 (2026-06-05)