Back to Legal Center

Cookie Policy

Last Updated: May 24, 2026

1. Introduction

This Cookie Policy explains how Stellar Synergy Labs S.R.L. ("Company", "we", "us", "our") uses cookies and similar client-side technologies when you access the Services.

This Policy should be read together with our Privacy Policy.

Our use of cookies and similar technologies is governed by:

  • Romanian Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector (transposing the ePrivacy Directive 2002/58/EC, as amended by Directive 2009/136/EC); and
  • the General Data Protection Regulation (Regulation (EU) 2016/679 — "GDPR") and Romanian Law no. 190/2018, where any personal data is processed via such technologies.

The enforcement authority in Romania for both frameworks is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)https://www.dataprotection.ro.

3. What are cookies?

Cookies are small text files stored on your device when you visit a website. Similar technologies — such as the browser's local storage, session storage, IndexedDB, and device-side identifiers used by native apps — may be used for the same or comparable purposes. In this Policy, the word "cookies" refers to all of these technologies unless otherwise stated.

4. How we use cookies

We use cookies and similar technologies strictly to:

  • enable core functionality (e.g., authentication, session management);
  • maintain secure sessions;
  • prevent fraud and abuse;
  • ensure system stability and performance.

We do not use cookies for:

  • advertising;
  • behavioural profiling;
  • cross-site tracking.

5. Categories of cookies we use

5.1 Unauthenticated browsing of the public marketing site

When you only browse the public pages of stellarsynergylabs.com (home, About, Stellar Stream, Stellar ONE, Docs, Legal, Contact, etc.) and you are not signed in, we do not set or read any cookies on your device. No session cookie, no analytics cookie, no advertising cookie.

If this changes in the future, we will update this Policy and display a compliant consent interface where required by Article 5(3) of Law no. 506/2004 and EDPB Guidelines 03/2022 on consent.

5.2 Authenticated sessions (Client Area)

When you sign in to the Client Area, our API backend (hosted at api.stellarsynergylabs.com) sets two HttpOnly, Secure session cookies. These cookies are scoped to Domain=.stellarsynergylabs.com, which means they are sent to both the API backend and to the public marketing site (stellarsynergylabs.com) while you remain signed in — but, being HttpOnly, they cannot be read by JavaScript on any site, including ours.

These cookies are used for:

  • authentication and session management (keeping you signed in);
  • session refresh (so you don't have to re-enter your password every 15 minutes when the short-lived access token expires).

They are strictly necessary to provide the authenticated Client Area service you have explicitly requested and therefore do not require your consent under Article 5(3) of Romanian Law no. 506/2004 ("information-society service explicitly requested by the subscriber or user").

You can clear them at any time by signing out, or by deleting cookies for stellarsynergylabs.com in your browser settings.

5.3 Advertising / tracking cookies

We do not use advertising or third-party tracking cookies on either domain, and we do not currently plan to introduce them. If this changes, we will update this Policy and (where required) obtain your prior consent.

The complete list of cookies that may be placed on your device by our Services is below. None of these cookies are set unless you sign in to the Client Area.

access_token

  • Set by: api.stellarsynergylabs.com
  • Domain: .stellarsynergylabs.com (apex + all subdomains)
  • Path: /
  • Lifetime: 15 minutes (Max-Age=900)
  • Flags: HttpOnly, Secure, SameSite=None
  • Purpose: Short-lived JWT that authenticates each request to the API while you are signed in.

refresh_token

  • Set by: api.stellarsynergylabs.com
  • Domain: .stellarsynergylabs.com (apex + all subdomains)
  • Path: /v1/auth/refresh
  • Lifetime: 30 days (Max-Age=2592000)
  • Flags: HttpOnly, Secure, SameSite=None
  • Purpose: Used solely to obtain a new access_token when the previous one expires, without forcing you to re-enter your password.

Notes:

  • Both cookies are HttpOnly — they cannot be read by client-side JavaScript on any page.
  • Both cookies are Secure — they are only sent over HTTPS.
  • SameSite=None is required because the Client Area (stellarsynergylabs.com) and the API (api.stellarsynergylabs.com) are different origins.
  • The refresh_token is path-scoped to /v1/auth/refresh, so it is only sent to the refresh endpoint and never to any other API route or to the marketing site.
  • Cookie names and lifetimes are managed by the API backend and may evolve. We will update this list if names, lifetimes, paths, or flags change in a way that is material to users.

You can verify exactly what is set on your device at any time by opening your browser's developer tools (DevTools → Application → Cookies on Chromium-based browsers).

7. Managing cookies

You can control cookies through your browser settings — for example, by blocking, deleting, or limiting cookies. Instructions are available in your browser's help pages.

Please note that disabling strictly necessary cookies will prevent the Client Area from working — you will not be able to sign in. Browsing the public marketing site is unaffected because no cookies are placed there.

We do not provide a separate cookie-consent banner because we only place cookies that are strictly necessary for a service you explicitly request (signing in). If we later introduce non-essential cookies, we will display a compliant consent interface as required by Article 5(3) of Law no. 506/2004 and EDPB Guidelines 03/2022 on consent.

8. Third-party providers

We may use trusted third-party providers — such as hosting and payment processors — that may set their own cookies when you interact with their interfaces (for example, on payment pages served by our payment processor). We do not control those cookies and your interaction with them is subject to the provider's own policies. Where applicable, those providers are bound by data-processing agreements that meet the requirements of Article 28 GDPR.

9. Storage duration

Cookies are either:

  • session cookies, deleted when the browser session ends; or
  • persistent cookies, stored for a limited time as set out in Section 6.

Retention is set to the minimum period necessary for the cookie's purpose.

10. International use

Because the Services are available globally, cookie-related data may be processed in different jurisdictions. Where personal data is transferred outside the European Economic Area, we apply the safeguards described in our Privacy Policy, Section 10.

11. Updates to this Policy

This Cookie Policy may be updated from time to time to reflect changes in our practices or in applicable law. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For questions regarding this Policy:

  • Email: [email protected] (subject prefix [Privacy] or [Cookies])
  • Post: Stellar Synergy Labs S.R.L., Str. Victoriei nr. 187, Bl. 8, Sc. 1, Et. P, Ap. 5, Băilești, Dolj County, 205100, Romania

You also have the right to lodge a complaint with ANSPDCP at https://www.dataprotection.ro.