Cookie Policy

1. What this policy covers

This page lists the cookies that the Aksusnet platform sets directly on your browser, what each one is for, and how you can change your preferences. It is a launch-baseline disclosure and MUST be reviewed by legal counsel before production sign-off for your target jurisdictions.

2. What cookies are

Cookies are small text files stored in your browser. Some are strictly necessary to deliver the service you asked for (for example, keeping you signed in). Others are not, and would only be set with your consent. We distinguish these two categories below.

3. Strictly necessary cookies

These cookies are required for core functionality — authentication, session security, and cross-site request forgery (CSRF) protection. They are set automatically when you use the platform and cannot be declined without also breaking sign-in and security checks. Under GDPR / ePrivacy they do not require consent because they are necessary for a service you explicitly requested.

• authjs.session-token / __Secure-authjs.session-token — Auth.js session identifier. Keeps you signed in between requests. HttpOnly, Secure in production, SameSite=Lax.
• __aksusnet_csrf — double-submit CSRF token used by state-changing browser requests on non-Auth.js routes (owner mutations, billing, invite acceptance). HttpOnly, Secure in production, SameSite=Lax.
• aksusnet_consent — records your cookie-consent choice so we do not re-prompt you on every page. The value includes the policy version that was displayed to you at the time of the decision and the decision timestamp, so the record doubles as proof of consent without a server-side ledger. Readable by the site so the banner knows whether to show. SameSite=Lax, Secure on https, expires after 180 days. If we materially change the disclosed cookie categories we bump the policy version and re-ask for consent.

4. Non-essential cookies

At launch the Aksusnet platform does not run any analytics, advertising, or marketing/tracking cookies. The consent banner therefore has nothing to enable today even if you click "Accept all". If we introduce non-essential cookies in the future, they will be disabled by default until you opt in, this page will be updated to list them before they load, and the change will be surfaced through the consent banner.

5. Third-party cookies

Some flows hand you off to services run by our processors. Any cookies set during that handoff are governed by the processor's own cookie policy, not this one:

• Stripe — when you open Stripe Checkout or the Stripe customer portal, Stripe may set cookies on its own domain for fraud prevention and session continuity.
• Google— if you choose "Sign in with Google", Google may set cookies on its own domain as part of the OAuth flow.

We do not control those cookies and they are not set on the Aksusnet domain. Review each provider's cookie policy for details.

6. Changing your preferences

You can reopen the consent banner at any time using the button below or the "Cookie preferences" link in the site footer. You can also clear the aksusnet_consent cookie from your browser settings; the banner will then re-ask on your next visit. Most browsers let you block or clear cookies entirely, but doing so will prevent the platform from keeping you signed in.

Cookie preferences

7. Contact

Questions about this policy? Email privacy@aksusnet.eu. See also our Privacy Policy and Terms of Service.