Cookie Policy
Every cookie and storage key GovLens uses, the purpose, the retention, and how to control consent.
Effective date: 2026-05-10 · Last updated: 2026-05-10
This Cookie Policy explains how Trelvio Technology OÜ(operator of GovLens, "we") uses cookies and similar storage technologies on govlens.eu and related services. Read together with the Privacy Policy.
1. What is a cookie?
A cookie is a small text file that a website asks your browser to store. Cookies let us recognise your device on subsequent visits. We also use localStorage and sessionStorage — browser-side storage with similar effects but not sent on every request.
Under Article 5(3) of the ePrivacy Directive (Estonian Electronic Communications Act §103¹), we may set strictly necessary cookies without consent. All other categories require your prior, freely-given, specific, informed and unambiguous consent.
2. Cookies and storage we use
2.1 Strictly necessary (no consent required)
govlens_session— authenticates your sign-in session. 30 days (60 days with "remember me"). HttpOnly, Secure, SameSite=Lax. First-party.cf_verified_ui— stores result of Cloudflare Turnstile bot challenge. Session. First-party.LOCALE_COOKIE,NEXT_INTL_LOCALE— language preference. 1 year / session. First-party.__cf_bm— Cloudflare bot mitigation set by our CDN. 30 minutes. Third-party (Cloudflare).gl-cookie-consent— your consent choice for non-essential categories. 12 months. First-party.
2.2 Functional (consent-based)
gl-signed-in(localStorage) — UI hint to render signed-in state quickly. Until cleared.gl-pro-tier(localStorage) — UI hint of subscription tier. Until cleared.govlens-theme(localStorage) — light/dark theme preference. Until cleared.notification-preferences(localStorage) — in-product notification opt-ins. Until cleared.feedback-dismissed-*,pwa-install-dismissed,SESSION_COUNT_KEY(sessionStorage) — suppresses repeated UI prompts within one tab. Tab session.
2.3 Analytics (consent-based)
ph_*(sessionStorage) — pseudonymous distinct ID, session ID, feature flags (PostHog, EU region).sentry-trace,sentry-replay— correlates an in-flight error with a backend trace; optional session replay (Sentry, EU region).
2.4 Payment (set only at checkout)
__stripe_mid,__stripe_sid— fraud prevention during card payment (Stripe). 1 year / 30 minutes.
We do not use advertising cookies. We do not share data with ad networks.
3. How we ask for consent
On your first visit and after a material change to this Policy you will see a cookie banner with three actions:
- Accept all — enables analytics and functional cookies;
- Reject non-essential — only strictly necessary cookies are set;
- Customise — choose categories individually.
Your choice is stored in gl-cookie-consent (12 months) and you can change it at any time via the Cookie settings link in the footer.
4. How to control cookies in your browser
You can block or delete cookies in your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy
- Edge: Settings → Cookies and site permissions
Blocking strictly necessary cookies will break sign-in.
5. Third-party cookie policies
- Stripe: stripe.com/cookies-policy/legal
- Cloudflare: cloudflare.com/cookie-policy
- PostHog: posthog.com/privacy
- Sentry: sentry.io/privacy
6. Changes
We will update this Policy whenever we add or remove cookies. Material changes trigger a fresh consent prompt.
7. Contact
Questions: privacy@trelvio.eu.
See also: Privacy Policy · Terms of Service · Imprint