Cookie Policy
This Cookie Policy explains what cookies are, what cookies Lumira uses, and how you can control them. Lumira takes a minimal approach to cookies: we use only the cookies that are strictly necessary to operate the Service. We do not use tracking cookies, advertising cookies, or any cookies that profile your behaviour across other websites.
This policy applies to the Lumira web application at hellolumira.app and supplements our Privacy Policy.
1. What Are Cookies?
Cookies are small text files that a website stores on your device when you visit. They are widely used to make websites work, or work more efficiently, and to remember your preferences. Cookies can be “session cookies” (deleted when you close your browser) or “persistent cookies” (stored for a defined period).
Cookies are set either by the website you are visiting (“first-party cookies”) or by third-party services embedded on that website (“third-party cookies”). Lumira sets only first-party cookies and uses no third-party cookies.
2. Cookies We Use
Lumira uses one category of cookies: strictly necessary session cookies. These are required for the Service to function and cannot be switched off without breaking the application.
| Cookie name | Type | Duration | Purpose |
|---|---|---|---|
sb-{project}-auth-token | Session / Authentication | Up to 1 hour (access token); up to 7 days (refresh token) | Keeps you signed in to Lumira. Set by Supabase Auth when you authenticate via magic link. The access token expires after 1 hour and is refreshed automatically using the refresh token if you are still active. The refresh token expires after 7 days of inactivity. |
sb-{project}-auth-token-code-verifier | Session / Security | Session (deleted on browser close) | Used during the PKCE (Proof Key for Code Exchange) OAuth flow to verify that the magic link was initiated by the same browser session. Prevents authorisation code interception attacks. Deleted immediately after authentication completes. |
No tracking. No advertising. No profiling.
Lumira does not use Google Analytics, Meta Pixel, or any other advertising or analytics tracking cookies. We do not use cookies to build profiles of your behaviour across other websites. We do not share cookie data with advertisers, data brokers, or any third parties for commercial purposes.
3. Cookies We Do Not Use
For absolute clarity, Lumira does not use:
- Analytics cookies (e.g., Google Analytics, Mixpanel, Amplitude via cookies)
- Advertising cookies (e.g., Meta Pixel, Google Ads, DoubleClick)
- Functional / preference cookies (we store preferences in your account profile in our database, not in cookies)
- Cross-site tracking cookies
- Third-party cookies of any kind
- Fingerprinting or any cookie-equivalent tracking mechanism
We collect certain usage data (such as which features you use and when) for product analytics, but this data is stored server-side in our own database and tied to your authenticated session — not via client-side tracking cookies. See our Privacy Policy for full details.
4. Local Storage & Session Storage
In addition to cookies, Lumira uses browser localStorage and sessionStorage to improve performance. These are not cookies — they cannot be sent to servers automatically and are read only by Lumira's own JavaScript. We store:
- Auth session tokens — The Supabase Auth client stores your session tokens in localStorage as a fallback when cookies are unavailable (e.g., in some Safari configurations). This data is the same as the cookie-based session described in Section 2.
- UI state — Temporary interface state such as which check-in step you are on, to prevent data loss if you accidentally navigate away. This data is transient and never sent to our servers.
localStorage data persists until you clear your browser's site data or sign out of Lumira. sessionStorage data is deleted when you close the browser tab.
5. Managing & Deleting Cookies
You can control and delete cookies through your browser settings. All major browsers allow you to:
- View cookies currently stored on your device
- Delete cookies individually or in bulk
- Block cookies from specific websites
- Block all third-party cookies (this will not affect Lumira, which uses none)
Important: If you delete or block Lumira's authentication cookies, you will be signed out and will need to sign in again. Because these cookies are strictly necessary for the Service to function, blocking them will prevent you from using Lumira.
Browser cookie settings guides:
6. Cookie Consent
Under the UK PECR (Privacy and Electronic Communications Regulations), EU ePrivacy Directive, and similar legislation, strictly necessary cookies do not require your prior consent. Because Lumira uses only strictly necessary cookies, we do not display a cookie consent banner.
If we were ever to introduce non-essential cookies (for analytics or functionality), we would update this policy, add a consent mechanism, and notify you in advance.
7. Changes to This Policy
We will update this Cookie Policy if we change the cookies we use. Material changes — such as introducing new categories of cookies — will be communicated via email or a prominent in-app notice at least fourteen (14) days before the change takes effect. The version number and effective date at the top of this page indicate the current version.
8. Contact
If you have questions about our use of cookies, please contact us:
See also our Privacy Policy and AI & Data Practices for complete information on how we handle your data.