Cookie Policy

Every cookie and local-storage key Mivia Sign sets, and what each is for.

What we set

Mivia Sign uses a small number of cookies and browser localStorage keys. We don't use advertising cookies, cross-site tracking pixels, or third-party analytics that profile you individually. Under the EU ePrivacy Directive (Article 5(3)) and the UK Privacy and Electronic Communications Regulations (PECR, Regulation 6), strictly-necessary cookies are exempt from the consent-banner requirement, so we don't run a banner.

Cookies

  • better-auth.session_token: strictly necessary. A signed session cookie, set by the Better Auth library when you sign in. HttpOnly, Secure, SameSite=Lax, Path=/. Expires 30 days after sign-in, refreshed daily while you're active. Cross-site request forgery is prevented by the SameSite=Lax attribute and the opaque session token; no separate CSRF cookie is set. If your account has two-factor authentication turned on, this cookie is only issued after the six-digit code is verified. The password step alone does not log you in.

Local storage

We cache a small set of non-sensitive hints in browser localStorage so the app paints correctly on return visits before the session fetch finishes. None of these contain credentials or payment information.

  • mivia-tier: your current tier (free or premium). Read on page load so the correct UI shows before the session fetch returns.
  • mivia-billing-period: monthly or annual, so the pricing UI reflects your chosen cycle.
  • mivia-name: your display name, so the nav menu and account form prefill without waiting for the server.
  • mivia-email: your email, so the nav menu and account form prefill render immediately.
  • mivia-username: your chosen username, shown in the account dropdown so it paints on return visits before the session fetch returns.
  • mivia-has-plugin: whether you've paired the DAW plugin, so we can show the right call-to-action on the plugin page.
  • mivia-plugin-downloaded: whether you've downloaded a plugin installer, so we can adjust the plugin-page guidance.
  • mivia-seed: the string used to generate your typographic-face avatar (your display name, or the email local-part when no name is set). Read on page load so your avatar paints immediately.
  • mivia.attribution.v1: the marketing-attribution tags from the link you arrived on (utm_source, utm_medium, utm_campaign) and the external site that referred you, captured on your first visit. Sent to the server when you sign up and removed from your browser at the same moment. Empty if you arrived directly with no campaign tags or external referrer.

Because some of these items (your name and email) contain personal data, they're covered by the rights and retention sections of our Privacy Policy. Clearing your browser data, or switching to private/incognito mode, removes them.

Third-party cookies

Stripe sets its own cookies on its domains when you check out or use the Stripe customer portal to manage your subscription. Those cookies are governed by Stripe's privacy policy. We don't see or read them, and we don't set Stripe cookies on the Mivia domain.

We do not load Google Analytics, Plausible, PostHog, Mixpanel, or any other analytics tool. We do not embed Google Fonts, YouTube, Vimeo, or social pixels. We host our own fonts. If we ever add optional analytics in the future, we'll ask for consent first and update this page.

Your controls

  • Your browser's settings let you block, restrict, or delete cookies and local storage at any time. Blocking the strictly-necessary auth cookies will log you out.
  • Private or Incognito browsing isolates all of the above; nothing persists when you close the window.
  • Signing out clears the Better Auth session cookie and the local-storage hints that contain personal data (mivia-tier, mivia-billing-period, mivia-name, mivia-email, mivia-username, mivia-seed, mivia-has-plugin). The mivia-plugin-downloaded flag persists until you clear site data, so the plugin page remembers you've already grabbed an installer.

Changes

We'll update this page whenever the inventory changes. Material changes are announced alongside updates to the Privacy Policy.

Contact

Questions about our cookies: [email protected].

Last updated: 28 May 2026