Cookies Policy

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They are used to ensure the website functions correctly, securely, and efficiently.

MeByFace uses strictly necessary cookies required for authentication, security, and service delivery, as well as optional analytics cookies to improve our service.

We do not use:

• advertising cookies
• marketing cookies
• social media tracking pixels
• cross-site tracking technologies

2. Cookies and Local Storage Technologies We Use

2.1 Strictly Necessary Cookies (No Consent Required)

These cookies are essential for website operation under Article 5(3) of the ePrivacy Directive.

Supabase Authentication Cookies

Characteristics:

• HTTP-only
• Secure (HTTPS only)
• SameSite protection enabled
• Not accessible via JavaScript
• Required for login and account access

Without these cookies, users cannot access the dashboard, reports, or subscription features.

Legal basis: GDPR Art. 6(1)(b) — contract performance.

2.2 Analytics Cookies (Consent Required)

MeByFace uses Google Analytics (measurement ID: G-6W8Q6EL5DJ) to understand how visitors interact with the website. These cookies are only set after you provide consent via the cookie banner.

Google Analytics collects:

• Pages visited and time spent
• General geographic region (country/city level)
• Device type and browser
• Referral source

This data is anonymized and used solely to improve the website experience. We do not combine analytics data with personal account data.

Legal basis: GDPR Art. 6(1)(a) — consent.

2.3 Functional Local Storage (No Consent Required)

The following data may be stored in your browser's localStorage:

These do not track behavior across websites.

2.4 Security & Infrastructure Cookies

MeByFace infrastructure (Vercel + Supabase) may set security-related cookies used for:

• Load balancing
• Edge routing
• Session integrity
• CSRF protection

These are strictly necessary for service security.

3. What We Do Not Use

MeByFace does not use:

• Behavioral tracking
• Advertising retargeting
• Fingerprinting technologies
• Cross-site analytics
• Third-party marketing SDKs

There is no automated cross-site profiling via cookies.

4. Push Notifications (Not Cookies)

If you enable Web Push notifications, your browser stores:

• Endpoint URL
• p256dh encryption key
• Auth token

These are not cookies but browser push subscription data. Push notifications:

• Are optional
• Require explicit opt-in
• Can be disabled in browser settings
• Contain generic reminders only
• Are not used for marketing

Legal basis: Consent (GDPR Art. 6(1)(a)).

5. Stripe Checkout

When you initiate payment:

• You are redirected to Stripe's hosted checkout.
• Stripe may set its own cookies on stripe.com.
• These are governed by Stripe's privacy and cookies policies.
• MeByFace does not control Stripe cookies.

Payment processing is described in our Terms of Service.

6. International Users

For EU/EEA users:

• Strictly necessary cookies are used without consent (ePrivacy Art. 5(3)).
• Analytics cookies require opt-in consent via the cookie banner.

For California users:

• No “sale” or “sharing” of personal data via cookies occurs.
• No cross-context behavioral advertising is performed.

7. How to Control Cookies

You can:

• Choose “Essential Only” on the cookie banner to decline analytics cookies.
• Disable cookies in your browser settings.
• Clear localStorage via browser developer tools.
• Block cookies entirely (may break login functionality).
• Withdraw push notification permissions via browser settings.

Note: Blocking authentication cookies will prevent account access.

8. Future Changes

If MeByFace introduces:

• Marketing integrations,
• Advertising technologies,

we will:

• Update this Cookies Policy,
• Update the cookie consent banner,
• Obtain opt-in consent where legally required.

9. Contact

If you have questions about this Cookies Policy:

Mebyface, MB

Peledu g. 28

Didieji Gulbinai, Vilniaus rajonas

Lietuva

support@mebyface.com