# Cookie Policy — Stellar Synergy Labs **URL:** https://stellarsynergylabs.com/legal/cookies **Markdown mirror:** https://stellarsynergylabs.com/legal/cookies.md **Last Updated:** May 24, 2026 --- ## 1. Introduction This Cookie Policy explains how **Stellar Synergy Labs S.R.L.** ("Company", "we", "us", "our") uses cookies and similar client-side technologies when you access the Services. This Policy should be read together with our [Privacy Policy](/legal/privacy). ## 2. Legal framework Our use of cookies and similar technologies is governed by: - **Romanian Law no. 506/2004** on the processing of personal data and the protection of privacy in the electronic communications sector (transposing the ePrivacy Directive 2002/58/EC, as amended by Directive 2009/136/EC); and - the **General Data Protection Regulation (Regulation (EU) 2016/679 — "GDPR")** and **Romanian Law no. 190/2018**, where any personal data is processed via such technologies. The enforcement authority in Romania for both frameworks is the **Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)** — [https://www.dataprotection.ro](https://www.dataprotection.ro). ## 3. What are cookies? Cookies are small text files stored on your device when you visit a website. Similar technologies — such as the browser's local storage, session storage, IndexedDB, and device-side identifiers used by native apps — may be used for the same or comparable purposes. In this Policy, the word "cookies" refers to all of these technologies unless otherwise stated. ## 4. How we use cookies We use cookies and similar technologies strictly to: - enable core functionality (e.g., authentication, session management); - maintain secure sessions; - prevent fraud and abuse; - ensure system stability and performance. We do **not** use cookies for: - advertising; - behavioural profiling; - cross-site tracking. ## 5. Categories of cookies we use ### 5.1 Unauthenticated browsing of the public marketing site When you only browse the public pages of `stellarsynergylabs.com` (home, About, Stellar Stream, Stellar ONE, Docs, Legal, Contact, etc.) and you are **not signed in**, we do **not** set or read any cookies on your device. No session cookie, no analytics cookie, no advertising cookie. If this changes in the future, we will update this Policy and display a compliant consent interface where required by Article 5(3) of Law no. 506/2004 and EDPB Guidelines 03/2022 on consent. ### 5.2 Authenticated sessions (Client Area) When you sign in to the Client Area, our **API backend** (hosted at `api.stellarsynergylabs.com`) sets two **`HttpOnly`, `Secure`** session cookies. These cookies are scoped to `Domain=.stellarsynergylabs.com`, which means they are sent to both the API backend **and** to the public marketing site (`stellarsynergylabs.com`) while you remain signed in — but, being `HttpOnly`, they cannot be read by JavaScript on any site, including ours. These cookies are used for: - authentication and session management (keeping you signed in); - session refresh (so you don't have to re-enter your password every 15 minutes when the short-lived access token expires). They are **strictly necessary** to provide the authenticated Client Area service you have explicitly requested and therefore do **not** require your consent under Article 5(3) of Romanian Law no. 506/2004 ("information-society service explicitly requested by the subscriber or user"). You can clear them at any time by signing out, or by deleting cookies for `stellarsynergylabs.com` in your browser settings. ### 5.3 Advertising / tracking cookies We do **not** use advertising or third-party tracking cookies on either domain, and we do not currently plan to introduce them. If this changes, we will update this Policy and (where required) obtain your prior consent. ## 6. Cookie list The complete list of cookies that may be placed on your device by our Services is below. **None of these cookies are set unless you sign in to the Client Area.** ### `access_token` - **Set by:** `api.stellarsynergylabs.com` - **Domain:** `.stellarsynergylabs.com` (apex + all subdomains) - **Path:** `/` - **Lifetime:** 15 minutes (`Max-Age=900`) - **Flags:** `HttpOnly`, `Secure`, `SameSite=None` - **Purpose:** Short-lived JWT that authenticates each request to the API while you are signed in. ### `refresh_token` - **Set by:** `api.stellarsynergylabs.com` - **Domain:** `.stellarsynergylabs.com` (apex + all subdomains) - **Path:** `/v1/auth/refresh` - **Lifetime:** 30 days (`Max-Age=2592000`) - **Flags:** `HttpOnly`, `Secure`, `SameSite=None` - **Purpose:** Used solely to obtain a new `access_token` when the previous one expires, without forcing you to re-enter your password. Notes: - Both cookies are `HttpOnly` — they cannot be read by client-side JavaScript on any page. - Both cookies are `Secure` — they are only sent over HTTPS. - `SameSite=None` is required because the Client Area (`stellarsynergylabs.com`) and the API (`api.stellarsynergylabs.com`) are different origins. - The `refresh_token` is path-scoped to `/v1/auth/refresh`, so it is only sent to the refresh endpoint and never to any other API route or to the marketing site. - Cookie names and lifetimes are managed by the API backend and may evolve. We will update this list if names, lifetimes, paths, or flags change in a way that is material to users. You can verify exactly what is set on your device at any time by opening your browser's developer tools (DevTools → Application → Cookies on Chromium-based browsers). ## 7. Managing cookies You can control cookies through your browser settings — for example, by blocking, deleting, or limiting cookies. Instructions are available in your browser's help pages. Please note that disabling strictly necessary cookies will prevent the Client Area from working — you will not be able to sign in. Browsing the public marketing site is unaffected because no cookies are placed there. We do **not** provide a separate cookie-consent banner because we only place cookies that are strictly necessary for a service you explicitly request (signing in). If we later introduce non-essential cookies, we will display a compliant consent interface as required by Article 5(3) of Law no. 506/2004 and EDPB Guidelines 03/2022 on consent. ## 8. Third-party providers We may use trusted third-party providers — such as hosting and payment processors — that may set their own cookies when you interact with their interfaces (for example, on payment pages served by our payment processor). We do not control those cookies and your interaction with them is subject to the provider's own policies. Where applicable, those providers are bound by data-processing agreements that meet the requirements of Article 28 GDPR. ## 9. Storage duration Cookies are either: - **session cookies**, deleted when the browser session ends; or - **persistent cookies**, stored for a limited time as set out in Section 6. Retention is set to the minimum period necessary for the cookie's purpose. ## 10. International use Because the Services are available globally, cookie-related data may be processed in different jurisdictions. Where personal data is transferred outside the European Economic Area, we apply the safeguards described in our [Privacy Policy](/legal/privacy), Section 10. ## 11. Updates to this Policy This Cookie Policy may be updated from time to time to reflect changes in our practices or in applicable law. The "Last updated" date at the top of this page reflects the most recent revision. ## 12. Contact For questions regarding this Policy: - **Email:** [support@stellarsynergylabs.com](mailto:support@stellarsynergylabs.com) (subject prefix `[Privacy]` or `[Cookies]`) - **Post:** Stellar Synergy Labs S.R.L., Str. Victoriei nr. 187, Bl. 8, Sc. 1, Et. P, Ap. 5, Băilești, Dolj County, 205100, Romania You also have the right to lodge a complaint with **ANSPDCP** at [https://www.dataprotection.ro](https://www.dataprotection.ro).