Home  /  Legal  /  Cookies

Legal

Cookies

Short list, plain language. We don't run ads, we don't load tag managers, we don't have a chat widget. The list is genuinely small.

What we set

Name Purpose Lifetime Type
session Authenticates you to Lossless after you sign in. 14 days, refreshed on use. Strictly necessary.
csrf Protects against cross-site request forgery on form submits. Session. Strictly necessary.
theme Remembers your light/dark theme choice. 1 year. Preference.
region Remembers whether you chose US or EU storage. 1 year. Preference.
lvid A first-party, opaque, randomly-generated identifier we use to measure our own funnel server-side — how many people land on a page, sign up, or convert. The value is a random ID signed with our server key; it carries no email, no name, no IP, no fingerprint, no cross-site identifier. It is set by us, on this domain, and never shared with any third party. 1 year. First-party analytics.

What we don't set

  • No third-party advertising cookies.
  • No third-party analytics. We do not run Google Analytics, Mixpanel, Segment, PostHog, or any other analytics service that loads in your browser, sets a cross-site identifier, or sends data anywhere except our own first-party server.
  • No cross-site identifiers.
  • No tracking pixels in our marketing emails.
  • No JavaScript pixel for analytics. The lvid measurements above are emitted server-side from our own backend — nothing extra runs in your browser to send them.

How to control them

You can clear cookies in your browser at any time. If you clear session, you'll be signed out. If you clear theme or region, those revert to defaults.

We don't show a "manage cookies" banner because we don't believe one is necessary for the four cookies above — three are strictly necessary and one is a UI preference. If you disagree, that's a fair debate; email privacy@lossless-ai.com and we'll talk about it.

Local storage

The web app uses browser local storage for: your most recent search, draft messages you haven't yet sent to chat, and the layout state of your records browser (what columns are visible, what's sorted). None of it leaves your device.

Mobile apps

The iOS and macOS apps use the system keychain for auth tokens and standard app-storage for the same UI-state items as the web app. No advertising SDKs, no analytics SDKs, no cross-app identifiers.

Updates

If we add or change a cookie, we'll update this page and email all active users.