Legal

Cookies

Last updated: 19 May 2026

nlit uses only the cookies it needs to operate the service. We do not set advertising cookies, behavioural-tracking cookies, or third-party analytics cookies that profile you individually. Because every cookie below is either strictly necessary or set by a payment processor on a purchase you initiate, no consent banner is shown.

Cookie	Purpose	Lifetime	Type
`nlit-token` HttpOnly · Secure · SameSite=Lax	Keeps you signed in. Without it you would have to re-enter your password on every page load.	Session (cleared when the browser closes or you sign out)	Strictly necessary
`oauth_state` HttpOnly · Secure (over HTTPS) · SameSite=Lax	CSRF protection for the OAuth sign-in flow (Google / Microsoft). Set only when you click an OAuth button and cleared as soon as the provider returns you to nlit.	5 minutes	Strictly necessary
`Stripe Checkout cookies` Governed by Stripe’s privacy policy	Set by Stripe inside the hosted Checkout page to process your payment and run their fraud-prevention controls. Stripe handles these cookies; nlit cannot read them.	Session / Stripe-managed	Third-party (payment)

What about analytics?

We use Vercel Analytics to track aggregated, anonymised page-view counts. Vercel Analytics is cookie-less by default — no identifier is stored in your browser and no cross-site tracking is performed. We do not run Google Analytics, Meta Pixel, Hotjar, or any other behavioural-analytics tool.

How to clear or block cookies

Every modern browser lets you delete cookies and block them per site. Doing so for nlit will sign you out and prevent you from signing in again until the auth cookie is re-allowed. The browser's help pages cover the steps for Chrome, Firefox, Safari, and Edge.

Changes to this list

If we add a new cookie that is not strictly necessary, we will update this page and — where consent is required — show a banner before setting it. The “Last updated” date at the top reflects the most recent revision.

Also see our Privacy Policy and sub-processors page.