Cookie Policy
This Cookie Policy explains how Fimil, Inc. (“Fimil”) uses cookies and similar technologies on our website and in the application at app.fimil.dev. It should be read together with our Privacy Policy.
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. We also use related technologies such as browser local storage. We use them to keep you signed in, to protect against cross-site request forgery, to remember your preferences, and — only with your consent — to understand product usage.
2. Cookies we use
| Name | Type | Category | Purpose | Retention |
|---|---|---|---|---|
fimil_session | Cookie | Strictly necessary | Maintains your authenticated session | Session |
fimil_access_token | Cookie | Strictly necessary | Authenticates API requests | Session |
fimil_csrf | Cookie | Strictly necessary | Cross-site request forgery (CSRF) protection | Session |
fimil_cookie_consent | Cookie | Strictly necessary | Remembers your cookie-consent choice | Up to 1 year |
ph_* | Cookie + local storage | Analytics | PostHog product analytics (set only after you consent) | Up to 1 year |
Strictly necessary cookies are required for the Service to function and are not subject to consent. Analytics cookies are set only after you opt in and are removed or disabled if you withdraw consent or your browser sends a Do-Not-Track signal.
3. Analytics
When you consent, we use PostHog to collect a curated set of product-usage events. Because Fimil is a security product, we configure PostHog defensively: session recording and autocapture are disabled, and captured text and element attributes are masked, so analytics do not record finding contents, repository names, or target hostnames.
Our website and application are served through Cloudflare, which provides content delivery and edge security and may collect privacy-friendly, cookieless aggregate traffic measurements.
4. Third-party cookies
When you make a payment, our payment processor Stripe may set cookies on its own domains to process the transaction and prevent fraud. These are governed by Stripe’s privacy and cookie policies.
5. Managing cookies
You can manage analytics consent through our in-product consent controls. You can also control cookies through your browser settings — most browsers let you block or delete cookies and clear local storage. Blocking strictly necessary cookies will prevent the Service from working correctly. We honor the Do-Not-Track browser signal for analytics.
6. Changes and contact
We may update this Cookie Policy to reflect changes in the technologies we use. Questions: privacy@fimil.dev.