Cookie policy

A cookie is a small text file placed on the user's device (computer, tablet, smartphone) by the server of the visited site or a third-party server, which can be read on subsequent visits to the same site or partner sites.

Cookies are used in particular to remember user preferences, keep a session open, measure audience or, in some cases, deliver targeted advertising. The term “cookie” also covers other tracking technologies such as invisible pixels, browser local storage identifiers (localStorage, sessionStorage), digital fingerprinting and similar identifiers.

Anonyx SASU uses only the following categories of cookies and trackers:

2.1 Cookies strictly necessary for the Service

These cookies and equivalent trackers are essential to provide a service expressly requested by the user and do not require prior consent under Article 82 of the French Data Protection Act.

• sessionId: authenticated user session identifier (HttpOnly, Secure, SameSite=Lax). Duration: browser session.
• anonyx_trusted_device: recognition of a trusted device after multi-factor authentication (MFA) to avoid prompting again on each login (HttpOnly, Secure, SameSite=Lax). Duration: up to 30 days.
• Session CSRF token: protection against Cross-Site Request Forgery attacks, stored within the server-side session. Duration: session.

2.2 Functional trackers (local storage)

Anonyx stores certain preferences directly in your browser's local storage (localStorage), which is legally treated as a cookie under Article 82 of the French Data Protection Act. These trackers are necessary for a consistent experience between visits:

• anonyx_language: preferred language (fr/en). Duration: until cleared by the user.
• anonyx-theme: preferred theme (light/dark/system). Duration: until cleared.
• anonyx-auth: client-side authentication state (user identifier, organisation, role). Cleared on sign-out.

2.3 Audience-measurement cookies

No audience-measurement cookie or tracker is currently deposited on anonyx.io. Should Anonyx later deploy a measurement tool (Plausible or equivalent), it will be configured to qualify for the CNIL exemption — no cross-site tracking, no data transfer to third parties outside the EU — and its activation will require your explicit consent through the management banner where applicable.

2.4 Third-party cookies: Stripe (payment)

When you initiate a payment, you are redirected to the secure pages of Stripe Payments Europe Ltd (stripe.com/privacy), hosted on the checkout.stripe.com domain. In that context Stripe sets its own cookies (notably __stripe_mid and __stripe_sid) strictly necessary for fraud prevention and transaction completion. These cookies are set on the Stripe domain, not on anonyx.io.

2.5 No advertising cookies

No advertising, retargeting, marketing-profiling or social-network cookie is deposited on anonyx.io.

You can at any time express, change or withdraw your choices regarding non-strictly-necessary cookies and trackers through the consent banner integrated in the Site, accessible at any time via the “Manage my cookies” link in the footer, or directly through your browser settings.

Browser configurations vary; please refer to your browser's official documentation:

• Google Chrome: support.google.com/chrome/answer/95647
• Mozilla Firefox: support.mozilla.org
• Apple Safari: support.apple.com/guide/safari
• Microsoft Edge: support.microsoft.com

Refusing or deleting strictly necessary cookies may prevent certain pages or features from working, in particular authentication and the persistence of user preferences.

Strictly necessary session cookies are removed when the browser closes. Preference trackers (language, theme) persist until the user clears them. Consent choices are stored for up to six (6) months before a new request is made, in line with CNIL guidelines.

Anonyx SASU reserves the right to amend this policy to reflect changes to the Service or CNIL guidance. Any substantial change will be brought to users' attention and, where applicable, will trigger a new consent request. The last-updated date appears at the top of this document.

For any question relating to this cookie policy or to exercise your rights, please contact our Data Protection Officer at dpo@anonyx.io. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).