Cookie Policy

MemVoice Application

Version: 1.0
Last Updated: [DATE]

1. GENERAL INFORMATION

1.1 Data Controller

The data controller is [COMPANY NAME] with its registered office at [ADDRESS], Tax ID: [TAX ID], Company Registration: [REGISTRATION], e-mail: [EMAIL].

1.2 Contact

For matters regarding the cookie policy, you can contact us at:

E-mail: [EMAIL]
Address: [ADDRESS]
Data Protection Officer: [DPO EMAIL] (if applicable)

2. WHAT ARE COOKIES?

Cookies are small text files stored on the user’s end device (computer, tablet, smartphone) while using the web application. These files contain information that allows the device to be recognized during subsequent visits and are necessary for the proper functioning of modern web applications.

3. LEGAL BASIS

The use of cookies is governed by:

Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
ePrivacy Directive 2002/58/EC
California Consumer Privacy Act (CCPA) for California residents
Lei Geral de Proteção de Dados (LGPD) for Brazilian users
Other applicable local privacy laws

4. TYPES OF COOKIES USED

4.1 Necessary Cookies (Functional)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) / contractual necessity

Name	Purpose	Retention Period	Provider
`sessionKey`	User authentication	30 days	MemVoice
`userPrefs`	User preferences	1 year	MemVoice
`authToken`	Authorization token	24 hours	MemVoice
`__cf_bm`	Bot protection	30 minutes	Cloudflare
`cf_clearance`	Security verification	1 year	Cloudflare

4.2 Analytics Cookies

Legal basis: Art. 6(1)(a) GDPR (consent) / CCPA opt-in

Name	Purpose	Retention Period	Provider
`_ga`	Google Analytics	2 years	Google Analytics
`_gid`	Session identifier	24 hours	Google Analytics
`_gat`	Request rate limiting	1 minute	Google Analytics
`ajs_anonymous_id`	Behavior analysis	1 year	Segment

4.3 Marketing Cookies

Legal basis: Art. 6(1)(a) GDPR (consent) / CCPA opt-in

Name	Purpose	Retention Period	Provider
`fbp`	Facebook tracking	90 days	Facebook
`_twitter_sess`	Twitter/X integration	Session	Twitter/X
`li_sugr`	LinkedIn tracking	90 days	LinkedIn
`utm_source`	Traffic source	6 months	MemVoice

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Name	Purpose	Retention Period	Provider
`oauth_token`	OAuth token	1 hour	Various providers
`social_login_state`	Login state	15 minutes	MemVoice

5. AI PROVIDER COOKIES

5.1 AssemblyAI

Purpose: Processing audio recordings for transcription
Cookies: session_id, api_key_hash
Retention: 30 days
Legal basis: Consent (Art. 6(1)(a) GDPR)

5.2 OpenAI

Purpose: Generating AI summaries and content
Cookies: openai_session, csrf_token
Retention: 24 hours
Legal basis: Consent (Art. 6(1)(a) GDPR)

5.3 Anthropic

Purpose: AI content generation as backup service
Cookies: sessionKey, activitySessionId
Retention: 30 days
Legal basis: Consent (Art. 6(1)(a) GDPR)

6. PAYMENT COOKIES

6.1 LemonSqueezy

Purpose: Payment processing
Cookies: lemon_session, cart_id
Retention: 30 days
Legal basis: Contract performance (Art. 6(1)(b) GDPR)

7. CLOUDFLARE INFRASTRUCTURE

Cloudflare is our CDN and security service provider. It automatically sets the following cookies:

Name	Purpose	Duration	Type
`__cflb`	Load balancing	Session	Functional
`__cf_bm`	Bot protection	30 minutes	Functional
`cf_clearance`	Security verification	1 year	Functional

8. MANAGING COOKIES

8.1 Browser Settings

You can manage cookies through your browser settings:

Chrome:

Open Chrome → Settings → Privacy and security
Click “Cookies and other site data”
Manage settings

Firefox:

Open Firefox → Settings → Privacy & Security
“Cookies and Site Data” section
Manage settings

Safari:

Safari → Preferences → Privacy
Manage cookies

During your first visit to the application, we display a consent banner that allows you to:

Accept all cookies
Reject non-essential cookies
Manage cookie categories in detail

8.3 Preference Center

You can change your cookie preferences at any time:

Click the “Cookie Settings” icon at the bottom of the page
Select cookie categories
Save preferences

9. INTERNATIONAL DATA TRANSFERS

9.1 Destination Countries

Some cookies may be processed in countries outside the EU:

United States:

Google Analytics (Adequacy Decision 2023/C XXX/01)
AssemblyAI (Standard Contractual Clauses)
OpenAI (EU-US Data Privacy Framework)
Anthropic (EU-US Data Privacy Framework)
Facebook (EU-US Data Privacy Framework)
LemonSqueezy (Standard Contractual Clauses)

Canada:

Some Cloudflare servers (Adequacy Decision 2002/2/EC)

9.2 Safeguards

All transfers are protected by:

European Commission adequacy decisions
Standard Contractual Clauses (SCC)
EU-US Data Privacy Framework certifications
Binding Corporate Rules

10. USER RIGHTS

Right of access (Art. 15) - information about processed data
Right to rectification (Art. 16) - correction of incorrect data
Right to erasure (Art. 17) - “right to be forgotten”
Right to restriction (Art. 18) - limitation of processing
Right to portability (Art. 20) - data transfer
Right to object (Art. 21) - objection to processing

10.2 CCPA Rights (California Residents)

Right to know - information about collected data
Right to delete - deletion of personal information
Right to opt-out - opt-out of sale of personal information
Right to non-discrimination - equal treatment regardless of privacy choices

10.3 LGPD Rights (Brazilian Users)

Right to confirmation - confirmation of data processing
Right to access - access to personal data
Right to correction - correction of incorrect data
Right to anonymization - anonymization of personal data

10.4 How to Exercise Rights

To exercise your rights, send a request to: [EMAIL]

Response will be provided within 30 days (GDPR) or 45 days (CCPA) from receipt of the request.

11. RETENTION PERIODS

11.1 Basic Periods

Functional cookies: Until end of session or according to declared time
Analytics cookies: 24 months from last activity
Marketing cookies: 90 days from last activity
Login cookies: Until logout or consent withdrawal

11.2 Automatic Deletion

The system automatically deletes cookies after the declared time expires or when:

User withdraws consent
User deletes account
Data becomes unnecessary for the purpose

12. SECURITY

12.1 Technical Measures

Encryption: All cookies are encrypted with AES-256 algorithm
HTTPS: Transmission only through secure connections
Secure flag: Cookies transmitted only via HTTPS
HttpOnly: Protection against XSS attacks
SameSite: Protection against CSRF attacks

12.2 Organizational Measures

Regular security audits
Staff training
Incident response procedures
Activity monitoring

13. POLICY UPDATES

13.1 Changes

The cookie policy may be updated due to:

Changes in legal regulations
New application functionalities
Changes in service providers
Recommendations from supervisory authorities

13.2 Notifications

We will inform about significant changes:

By email (if we have your address)
Through in-app notification
Information on the main page

14. COMPLAINTS TO SUPERVISORY AUTHORITY

14.1 Right to Complain

You have the right to lodge a complaint with a supervisory authority:

European Users: Contact your local Data Protection Authority or:

European Data Protection Board: www.edpb.europa.eu

California Residents:

California Attorney General: www.oag.ca.gov

Brazilian Users:

Autoridade Nacional de Proteção de Dados (ANPD): www.gov.br/anpd

14.2 Other Jurisdictions

You can also contact the supervisory authority in your country of residence.

15. FINAL PROVISIONS

15.1 Effectiveness

This cookie policy is effective from the date indicated in the document header.

15.2 Language

In case of discrepancies between language versions, the English version is binding for international users, and the Polish version for Polish users.

15.3 Contact

All questions regarding the cookie policy should be directed to: [EMAIL]