Leafra← Back to site

Cookie Policy

Last updated: 17 April 2026

Leafra keeps cookies to a minimum. This page lists everything we set and how to control it.

Cookies we set

  • leafra.landing.lang (local storage, not a cookie): remembers the language you selected. No personal data.
  • leafra.session (1st-party cookie, httpOnly, Secure, SameSite=Lax): keeps you logged into the app. Essential.
  • leafra.csrf (1st-party cookie, httpOnly, Secure): prevents cross-site request forgery. Essential.

What we don\u2019t set

  • No Google Analytics / Meta Pixel / Tiktok Pixel / any ad tracker.
  • No cross-site tracking cookies.
  • No third-party session replay.

Opt-in analytics

If you accept the in-app analytics toggle, we use a privacy-friendly, self-hosted PostHog instance with IP anonymisation. You can switch it off at any time from Settings → Privacy.

Controlling cookies

Most browsers let you block cookies in settings. Blocking essential cookies will prevent login. For non-essential choices, use our Settings → Privacy toggle.

Contact

Questions? Write to privacy@leafra.app.