Cookie Policy

Cookies are small text files placed on your device by a website. Breviya also uses related technologies — localStorage and sessionStorage — that store data locally in your browser. This policy covers all of these mechanisms.

These cookies are essential for the service to work. They cannot be disabled without breaking core functionality. Breviya uses only the following strictly necessary cookies:

• Session token (next-auth.session-token / __Secure-next-auth.session-token). Set by NextAuth on login. Authenticates your requests to the Breviya API and keeps you signed in. Expires according to your session settings (default 30 days). Marked HttpOnly and Secure — inaccessible to JavaScript.
• CSRF token (next-auth.csrf-token). Protects forms and API mutations from cross-site request forgery. Set on first page load, renewed on auth events.
• Callback URL (next-auth.callback-url). Stores the post-login redirect target. Short-lived; cleared after redirect.

Breviya uses browser localStorage to persist your preferences locally — no server call needed. These are not tracking cookies; no data is shared with third parties.

• breviya-locale. Your selected language (en or es). Read on every page load to set the display language before a server render.
• breviya-theme. Light or dark mode preference.
• breviya-belief-checkin-week. Stores which calendar week you last completed the weekly belief check-in so the prompt does not re-appear in the same week.
• Session wizard state. If you are mid-way through an onboarding or programme flow, partial wizard state may be stored locally to survive a page refresh. Cleared on completion or after 24 hours.

Breviya does not use Google Analytics, Meta Pixel, advertising networks, or any third-party tracking or analytics cookies. There are no third-party cookies set on breviya.com pages at all. If this changes in the future, this policy will be updated before the cookies are placed, and you will be given an opportunity to consent.

When you visit the billing or subscription sections of Breviya, Stripe may set cookies to support fraud prevention and payment processing. These cookies are set by Stripe under their own domain and are governed by Stripe's Privacy Policy. Breviya does not control or access these cookies.

You can manage cookies in several ways:

• Browser settings. All major browsers let you view, block, or delete cookies. Blocking strictly necessary cookies will prevent login from working.
• LocalStorage. You can clear localStorage at any time through browser developer tools (Application → Local Storage → breviya.com). This will reset your language and theme preferences to defaults.
• Account deletion. Deleting your Breviya account removes all server-side data. Locally stored preferences are cleared when you clear site data in your browser.

If Breviya adds any new cookies or tracking technologies, this policy will be updated before they are placed and the last-updated date will change. Continued use of the service after an update constitutes acceptance of the revised policy. For material changes that affect your rights, we will notify you by email at the address on your account.

Questions about this cookie policy can be directed to the Breviya team via the contact details in the Privacy Policy.