8.6 KiB
LetsBe Biz — Cookie Policy
Version: 1.0 Date: February 26, 2026 Authors: Matt (Founder), Claude (Drafting) Status: Draft — Requires Legal Review Before Publication Companion docs: Privacy Policy v1.0, Terms of Service v1.0
Important: This Cookie Policy is a comprehensive draft covering the LetsBe Biz website and Hub application. It must be reviewed by qualified legal counsel before publication. It is not legal advice.
1. What Are Cookies?
Cookies are small text files that websites store on your device (computer, tablet, or phone) when you visit them. They serve various purposes — from keeping you logged in to helping us understand how visitors use our website. Similar technologies include local storage, session storage, and tracking pixels; this policy covers all of these.
2. How We Use Cookies
LetsBe uses a minimal, privacy-first approach to cookies. We categorize cookies into three groups, and only one group is set without your consent.
2.1 Strictly Necessary Cookies
These cookies are essential for the website and Hub to function. They cannot be disabled.
| Cookie | Purpose | Duration | Set By |
|---|---|---|---|
| Session cookie | Keeps you logged into the Hub | Session (expires when you close the browser) | LetsBe |
| CSRF token | Protects against cross-site request forgery attacks | Session | LetsBe |
| Authentication state | Maintains your login across page loads in the Hub | Session or persistent (up to 30 days if "remember me" selected) | LetsBe |
| Cookie consent preference | Remembers your cookie consent choice | 12 months | LetsBe |
| Region preference | Remembers your selected data center region | 12 months | LetsBe |
Legal basis: Strictly necessary for the provision of the service you requested (GDPR Art. 6(1)(b); ePrivacy Directive Art. 5(3) exemption).
2.2 Analytics Cookies
These cookies help us understand how visitors interact with our website. They are only set with your explicit consent.
| Cookie | Purpose | Duration | Set By |
|---|---|---|---|
| Analytics session | Tracks page views and visitor behavior within a session | Session | Self-hosted analytics (Umami or equivalent) |
| Analytics visitor ID | Distinguishes unique visitors (anonymized) | 12 months | Self-hosted analytics |
What we use: We use self-hosted, privacy-focused analytics (planned: Umami). Unlike Google Analytics, our analytics tool:
- Runs on our own infrastructure (no data sent to third parties)
- Does not use fingerprinting
- Does not track across websites
- Anonymizes visitor data by default
- Complies with GDPR without requiring consent in some configurations — but we ask for consent anyway as a matter of respect
Legal basis: Consent (GDPR Art. 6(1)(a); ePrivacy Directive Art. 5(3)).
2.3 Marketing Cookies
These cookies help us measure the effectiveness of our email campaigns and marketing content. They are only set with your explicit consent.
| Cookie | Purpose | Duration | Set By |
|---|---|---|---|
| Email campaign tracking | Identifies which email campaign brought you to the website | Session | LetsBe (via UTM parameters) |
What we do NOT use:
- No third-party advertising cookies
- No social media tracking pixels (Facebook, LinkedIn, Twitter/X, etc.)
- No retargeting or remarketing cookies
- No cross-site tracking of any kind
- No data management platforms or ad exchanges
Legal basis: Consent (GDPR Art. 6(1)(a); ePrivacy Directive Art. 5(3)).
3. Your Choices
3.1 Cookie Consent Banner
When you first visit the LetsBe website, a cookie consent banner will appear with three options:
- Accept all — Enables all cookie categories (strictly necessary + analytics + marketing)
- Reject all — Only strictly necessary cookies are set (analytics and marketing are blocked)
- Customize — Opens a panel where you can enable or disable each category individually
Your choice is saved for 12 months. You can change your preferences at any time.
3.2 Changing Your Preferences
You can update your cookie preferences at any time by:
- Clicking the "Cookie Settings" link in the website footer
- Clearing your browser cookies (which resets the consent banner)
- Using your browser's built-in cookie management tools
3.3 Global Privacy Control (GPC)
We honor the Global Privacy Control signal. If your browser sends a GPC signal (supported in Firefox, Brave, DuckDuckGo, and others), we treat it as an opt-out of all non-essential cookies, consistent with CCPA requirements and emerging EU regulatory guidance.
3.4 "Do Not Track" (DNT)
We also honor the "Do Not Track" browser header. When detected, non-essential cookies are not set, regardless of any prior consent.
3.5 Browser-Level Controls
Most browsers allow you to block or delete cookies through their settings. Note that blocking strictly necessary cookies may prevent the Hub from functioning correctly. Here are links to cookie settings for major browsers:
4. Third-Party Cookies
We do not use third-party cookies. All cookies set on the LetsBe website and Hub are first-party cookies set by LetsBe. We do not embed third-party scripts, ad networks, social media widgets, or tracking pixels that would set their own cookies.
The only external service involved in payment processing (Stripe) operates on its own domain during checkout and sets its own cookies there — not on the LetsBe website.
5. Cookies in the Hub Application
When you are logged into the Hub (the LetsBe Biz application interface), the following cookies are used:
| Cookie | Purpose | Duration |
|---|---|---|
| Session token | Maintains your authenticated session | Session or up to 30 days ("remember me") |
| CSRF protection | Prevents cross-site request forgery | Session |
| UI preferences | Stores display preferences (theme, sidebar state) | Persistent (12 months) |
These are all strictly necessary or functional cookies and do not require consent. No analytics or tracking cookies are set within the Hub application.
6. Data Retention for Cookie Data
| Data | Retention |
|---|---|
| Cookie consent preference | 12 months, then re-prompted |
| Analytics data (if consented) | 24 months, then automatically purged |
| Session cookies | Deleted when browser session ends |
| Persistent cookies | Expire per the durations listed above |
Analytics data is stored on our own infrastructure (self-hosted) and is never shared with third parties.
7. Changes to This Policy
We may update this Cookie Policy from time to time. When we make changes, we will update the "Version" and "Date" at the top of this document. For material changes (e.g., introducing new cookie categories or third-party cookies), we will reset the consent banner so you can make a fresh choice.
8. Contact
If you have questions about our use of cookies, contact us at:
- Email: privacy@letsbe.solutions
- Or use the contact form on our website
For broader privacy questions, see our Privacy Policy.
9. Open Questions (Internal — Remove Before Publication)
| # | Question | Status | Notes |
|---|---|---|---|
| 1 | Analytics tool confirmation | Open | Planned: Umami (self-hosted). Confirm before publication. |
| 2 | Privacy/contact email | Open | Same as Privacy Policy — fill in when decided |
| 3 | Cookie banner implementation | Open | Choose provider: custom-built, Klaro, Cookiebot, or similar GDPR-compliant consent manager |
| 4 | GPC technical implementation | Open | Verify that the website and Hub respect Sec-GPC: 1 header |
| 5 | Stripe checkout cookies | Open | Verify whether Stripe Elements (embedded checkout) sets any cookies on letsbe.solutions domain or only on Stripe's domain |
10. Changelog
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2026-02-26 | Initial draft. Three cookie categories (strictly necessary, analytics, marketing). Self-hosted analytics (Umami planned). No third-party cookies. GPC and DNT honored. Consent-first model with accept all / reject all / customize. Aligned with Privacy Policy v1.0 §12. |
This document is a draft requiring legal review. It should not be published or relied upon as legal advice.