Cookie Policy
Last updated: June 3, 2026
About Cookies
Cerebelus uses cookies and similar tracking technologies on our website. This Cookie Policy explains what cookies are, how we use them, your choices regarding them, and your rights under applicable data protection laws.
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently, provide a better user experience, and give website operators usage information. Cookies can be "first-party" (set by us) or "third-party" (set by other services we use).
Legal Basis for Cookies
Strictly necessary cookies do not require consent — they are essential for the website to function (GDPR Recital 47, ePrivacy Directive Art. 5(3)).
Analytics and marketing cookies are only activated after you give explicit consent through our cookie banner. They are blocked by default until you accept, and you can change your preferences at any time.
Strictly Necessary Cookies
These cookies are essential for the website to function. They enable core features like authentication, security, and user preferences. They cannot be disabled without breaking the site.
Legal basis: these cookies rely on the ePrivacy 'strictly necessary' exemption (Directive 2002/58/EC, Art. 5(3)), so no consent is required to store them. Any subsequent processing of the data relies, where applicable, on our legitimate interest in providing a secure, functioning service (GDPR Art. 6(1)(f)).
| Cookie | Provider | Purpose | Duration | Place of processing / transfer |
|---|---|---|---|---|
| sb-*-auth-token | Supabase Auth | Authentication session token managed by Supabase | Session | European Union (configurable region) — DPA in place |
| __Secure-next-auth.* | Next.js | Framework session cookies for Next.js | Session | First-party — processed within the EU |
| consent_preferences | Consent System | Stores your cookie consent preferences | 365 days | First-party — processed within the EU |
| NEXT_LOCALE | Locale Preference | Stores your selected language so navigation stays in the right locale | 1 year | First-party — processed within the EU |
| preferred_currency | Currency Preference | Stores your preferred display currency (EUR or USD) | 1 year | First-party — processed within the EU |
| funnel_type | Funnel State | Stores the active signup funnel type for session continuity | 1 hour | First-party — processed within the EU |
| funnel_answers | Funnel State | Stores quiz answers during the signup funnel flow | 1 hour | First-party — processed within the EU |
| funnel_step | Funnel State | Stores the current step in the signup funnel | 1 hour | First-party — processed within the EU |
| __stripe_mid | Stripe Payments Europe, Ltd. | Stripe fraud-prevention id, set when a checkout or pricing widget loads. Required to process payments securely. | 1 year | Third-party — Stripe (payment processing). See stripe.com/privacy. |
| __stripe_sid | Stripe Payments Europe, Ltd. | Stripe session id for fraud prevention during a single checkout session. | 30 minutes | Third-party — Stripe (payment processing). See stripe.com/privacy. |
Marketing Cookies
These cookies are used to deliver relevant advertisements and measure campaign effectiveness. They are blocked until you give explicit consent and can be disabled at any time.
Legal basis: your explicit consent (GDPR Art. 6(1)(a)). These cookies are not set until you accept them.
| Cookie | Provider | Purpose | Duration | Place of processing / transfer |
|---|---|---|---|---|
| attribution_data | Attribution | Stores referral and campaign attribution data (UTMs, affiliate code) for cross-session tracking | 30 days | First-party — stored in your browser, processed within the EU |
| _fbp | Meta Platforms Ireland Ltd. / Meta Platforms Inc. | Meta Pixel browser identifier for ad targeting and measurement | 90 days | United States (international transfer — EU-US Data Privacy Framework) |
| _fbc | Meta Platforms Ireland Ltd. / Meta Platforms Inc. | Meta click identifier from ad URL parameters | 90 days | United States (international transfer — EU-US Data Privacy Framework) |
Third-Party Cookies
Some cookies are set by third-party services we embed (e.g. payment, analytics or advertising providers). Each one is listed individually in the tables above, with its provider, purpose, duration, place of processing and a link to that provider's privacy policy. Non-essential third-party services are only loaded after you give consent. We do not control how these providers process data once collected; please review their privacy policies for details.
Managing Your Cookie Preferences
When you first visit our site, you will see a cookie consent banner where you can accept or reject optional cookies. You can change your preferences at any time by clicking the cookie settings link in our website footer.
To withdraw consent already given, reopen the preferences from the footer link and reject the optional categories, or clear cookies through your browser settings. Withdrawal is as easy as granting consent and takes effect immediately.
You can also control cookies through your browser settings. Below are links to cookie management for the most common browsers:
To opt out of interest-based advertising across multiple sites, visit:
Consequences of Disabling Cookies
You are free to block or delete cookies. However, if you disable strictly necessary cookies:
- Authentication may not work — you may be unable to log in or stay logged in
- Payment processing may fail — Stripe requires cookies for secure transactions
- Your preferences (language, theme) may not be saved between visits
- Some features may not function correctly or may be unavailable
Disabling optional cookies (analytics, marketing) will not affect the core functionality of the service.
Contact Us
If you have questions about our use of cookies, please contact us through the support section in your account.