Cookie policy
This policy describes the cookies and similar technologies used by the
h8lio platform (the application served at h8l.io). It complements the
privacy policy.
This documentation site (resources.h8l.io) itself sets no cookies
and uses no local storage.
What is a cookie (and a similar technology)?
Section titled “What is a cookie (and a similar technology)?”A cookie is a small data file placed on your device by a website.
Local storage (localStorage) is a similar technology that lets an
application keep data in your browser without sending it automatically
with every request. h8lio relies mostly on local storage; the only true
cookies are set by our payment provider at checkout.
Cookies and technologies we use
Section titled “Cookies and technologies we use”| Name | Type | Purpose | Set by | Duration |
|---|---|---|---|---|
| Auth0 session | localStorage | Keep the authenticated session | Auth0 (via h8lio) | Until sign-out or session expiry |
h8lio.settings | localStorage | Display preferences (theme, language, current organization) | h8lio | Persistent until cleared by the User |
__stripe_mid | Cookie | Payment fraud prevention | Stripe | 1 year |
__stripe_sid | Cookie | Payment fraud prevention (session) | Stripe | 30 minutes |
Strictly necessary
Section titled “Strictly necessary”- Auth0 session: when you sign in, h8lio keeps your authentication session in your browser’s local storage. Without it you could not stay signed in from one page to the next. The identity provider (Auth0) may also set its own cookies on its login domain, governed by its privacy policy.
- Stripe cookies (
__stripe_mid,__stripe_sid): set only when you reach the payment step, they let Stripe detect and prevent fraud. See Stripe’s privacy policy.
These are essential to operate the service and cannot be disabled without preventing authentication or payment.
Functional
Section titled “Functional”h8lio.settings: keeps your preferences (light/dark theme, language, last organization visited) so you do not have to set them again on each visit. You can clear them at any time from your browser settings.
Audience measurement — cookieless
Section titled “Audience measurement — cookieless”h8lio measures page traffic with Umami, a tool self-hosted by Byzaneo within the European Union. Umami is fully cookieless and neither stores nor reads anything on your device: data is aggregated and anonymized (no organization identifier is sent). See the dedicated section of the privacy policy.
Why we do not show a consent banner
Section titled “Why we do not show a consent banner”Prior consent is only required for cookies and trackers that are not strictly necessary to the service. The only cookies we use (Stripe) are strictly necessary for payment security. Our audience measurement, in turn, is cookieless: since no tracker is set, the question of consent does not arise (this approach goes beyond the conditions of the CNIL exemption for cookie-based audience measurement). We use no advertising cookies and no third-party trackers. No consent banner is therefore needed; only the transparency obligation applies, which this page fulfils.
Managing cookies and local storage
Section titled “Managing cookies and local storage”You can review, block, or delete cookies and local storage data at any time from your browser settings. The procedure varies by browser:
Blocking the strictly necessary cookies (Stripe) may prevent a payment from completing. Clearing local storage will sign you out and reset your preferences.
Retention
Section titled “Retention”Cookie retention periods are listed in the table above. Local storage data persists until you clear it. Anonymized audience statistics (Umami) are kept for at most 13 months.
Relation to the privacy policy
Section titled “Relation to the privacy policy”This cookie policy is an integral part of our privacy policy, which details all personal data processing and your rights under the GDPR.
Contact
Section titled “Contact”For cookie questions, write to privacy@h8l.io.
Version 1.1 (2026-06-05)