Cookie Policy
Effective date: April 22, 2026
1. What Are Cookies
Cookies are small text files that a website places on your device when you visit it. They allow the website to remember information about your visit – preferences, authentication state, security flags – so that the next page you load can behave consistently. Some cookies are essential for the website to work. Others help us understand how visitors use the site, or enable features such as secure payment and referral attribution.
This policy uses the term “cookies” broadly. It also covers similar client-side storage technologies – browser localStorage, sessionStorage, and first-party cache entries – that serve the same purpose. Wherever this policy refers to a “cookie”, the disclosure applies equally to those equivalent technologies, consistent with Article 5(3) of Directive 2002/58/EC as amended.
2. Legal Basis
We comply with the EU ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC), the General Data Protection Regulation (Regulation (EU) 2016/679), and, where applicable, the UK GDPR and the UK Privacy and Electronic Communications Regulations 2003 (PECR). Visitors located in California may also exercise the rights described in the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA / CPRA).
Strictly necessary cookies are placed automatically and do not require your consent, because without them the website you have requested cannot function. Non-essential cookies – analytics and product-marketing attribution – are placed only after you have given explicit, informed, freely given consent through the cookie banner that appears the first time you visit ewpire.com. You can change your consent at any time by re-opening the cookie settings panel below, and withdrawing consent has the same legal weight as granting it.
3. Cookies We Use
We group cookies into four categories: Strictly Necessary, Functional, Analytics, and Marketing Attribution. Only the first two are placed without your consent. The remaining two require you to accept the relevant category in the cookie banner. We do not sell personal information, we do not share data with third-party advertising networks for cross-site behavioural profiling, and we do not use “Do Not Sell”-triggering third parties.
3.1 Strictly Necessary
These cookies and storage mechanisms are essential for the website to function – payment processing, security, and consent state. Disabling them would break checkout or the referral dashboard. They cannot be switched off from the cookie banner.
3.2 Functional
Functional cookies remember non-essential preferences you have set – for example, your displayed currency when you visit the pricing page from a country we have detected. They do not track you across other websites and they do not feed our analytics.
3.3 Analytics (only with consent)
Analytics cookies help us understand which marketing pages convert, which agents customers research before subscribing, and where the checkout funnel loses users. These cookies are loaded only after you accept the Analytics category in the cookie banner. If you decline, no analytics cookies are set and no event is transmitted to the providers listed in section 5.
3.4 Marketing Attribution (pending – only with consent)
Marketing attribution cookies allow us to measure which outbound campaign, search engine, or external article brought a visitor to ewpire.com, so that we can decide where to invest our marketing budget. These cookies do not build a long-term behavioural profile of you across unrelated sites – we limit them to first-party attribution of our own campaigns.
Current status (April 22, 2026):no marketing-attribution cookie is currently loaded on ewpire.com. When we activate Meta Pixel and LinkedIn Insight Tag (planned Q2–Q3 2026), the cookie banner will be updated to expose a separate Marketing toggle before any such cookie is placed. Until that banner update ships, Marketing cookies remain off by default regardless of any previous consent you have given for Analytics.
3.5 Referral Attribution (session-only, no persistent cookie)
The ewpire Partner Programme pays a commission to bloggers and creators who refer paying subscribers to us. When you arrive via a partner link (for example, a link containing ?ref=abc123or similar), we store the encoded partner identifier in your browser's sessionStorage for the duration of your current browser tab so that if you subscribe on the same visit we can credit the partner. The value is not a persistent cookie, is not readable on other websites, contains only the identifier, and is deleted automatically when you close the tab.
We are preparing a persistent 30-day referral cookie as a planned product enhancement (Q2–Q3 2026). That persistent cookie will only be placed after the cookie banner has been updated with a dedicated Referral Attribution toggle and you have accepted it. Until that update ships, we rely solely on the session-only mechanism described above, which falls within the “strictly necessary for a service explicitly requested by the user” exemption in Article 5(3) of Directive 2002/58/EC where you follow a partner link.
3.6 Advertising / Tracking Cookies
We do not use advertising or tracking cookies. ewpire does not serve targeted ads, does not use retargeting pixels, does not share cookie data with advertising networks, and does not participate in any real-time bidding or cross-site behavioural profiling.
4. Cookie Reference Table
The table below lists every cookie, localStorage, and sessionStorage key that ewpire or our strictly necessary third-party providers place when you use ewpire.com. Consent-gated cookies are listed only if they will be loaded once the corresponding category is accepted.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| Strictly Necessary | ||||
| ewpire_cookie_consent | ewpire | Stores your category-by-category cookie consent preferences | localStorage | Persistent (until cleared) |
| __cf_bm | Cloudflare | Bot management – distinguishes humans from automated bots to protect the website | Cookie | 30 minutes |
| cf_clearance | Cloudflare | Records that a challenge (CAPTCHA or JS challenge) was passed by this browser | Cookie | 30 minutes |
| __stripe_mid | Stripe | Fraud prevention – machine identifier set during payment processing | Cookie | 1 year |
| __stripe_sid | Stripe | Fraud prevention – session identifier set during payment processing | Cookie | 30 minutes |
| Functional | ||||
| currency | ewpire | Stores your currency preference (EUR / USD / GBP) based on geographic detection | Cookie | 30 days |
| Analytics (only with consent) | ||||
| _ga, _ga_<id> | Google Analytics 4 | Distinguishes unique visitors and measures site usage | Cookie | 2 years (rolling) |
| _gid | Google Analytics 4 | Distinguishes unique visitors within a 24-hour window | Cookie | 24 hours |
| _clck | Microsoft Clarity | Persists user identifier for anonymised heatmaps and session replay | Cookie | 1 year |
| _clsk | Microsoft Clarity | Session identifier for Clarity heatmaps and session replay | Cookie | 24 hours |
| Referral Attribution (session-only) | ||||
| ewpire_ref | ewpire | Stores the partner identifier that referred you, for commission attribution within this browser tab | sessionStorage | Until the tab is closed |
Marketing Attribution providers (Meta Pixel, LinkedIn Insight Tag) are documented in section 5 but are not currently active. When activated they will appear in this table and a dedicated banner toggle will be shown before any cookie is placed.
Where a cookie is set by a third party, the retention period and purpose above reflect the provider's documentation at the date of this policy. Provider behaviour may change; in the event of conflict between this table and the provider's live documentation, the provider's live documentation governs the cookie's behaviour, and we will update this policy at the next review cycle.
5. Third-Party Providers
Some cookies on ewpire.com are set by third-party services we use to operate, secure, and measure the performance of the website. We have chosen each provider on the basis of its privacy posture and, where relevant, executed a data-processing agreement with the provider. Your consent governs whether the non-essential providers load at all.
- Stripe(Ireland / United States) – strictly-necessary payment processing and fraud prevention. Stripe sets cookies during checkout. See Stripe's Privacy Policy.
- Cloudflare(United States) – strictly-necessary bot management and DDoS protection for ewpire.com and
api.ewpire.com. See Cloudflare's Privacy Policy. - Google Analytics 4(consent-gated) – audience metrics. Google acts as our processor. See Google Privacy Policy.
- Microsoft Clarity(consent-gated) – anonymised heatmaps and session replay for the marketing pages. See Microsoft Clarity Privacy Statement.
- Meta Pixel and LinkedIn Insight Tag(planned Q2–Q3 2026, consent-gated) – first-party campaign conversion measurement. These are listed for transparency and will not load on any page until the cookie banner exposes a dedicated Marketing toggle and you accept it.
Third-party cookies classified as strictly necessary are placed without your consent because they are essential for the service you have requested. Consent-gated providers load only after your explicit acceptance. You can withdraw that acceptance at any time through the cookie settings.
6. What We Do Not Store on Your Device
We want to be explicit about several kinds of data that do not live as cookies on your browser, because we are often asked.
Messenger session tokens.When you connect a Linked Account (your Telegram bot, Slack workspace, Discord server, Microsoft Teams organisation, or the other messengers listed in our Terms of Service) to your ewpire Subscription, the OAuth token or bot credential that authorises ewpire to operate through that messenger is stored server-side, encrypted at rest inside your tenant's isolated state volume on our infrastructure. It is never written to your browser as a cookie, never transmitted to third-party analytics providers, and never leaves your tenant container in plain text.
Bring-Your-Own-Key (BYOK) API credentials. Pro and Business subscribers may provide their own API credential for a supported AI model provider. That credential is encrypted at rest using AES-256-GCM with a per-subscriber data-encryption key wrapped by a platform master key, stored server-side in our secrets store, and decrypted only in the brief window needed to route an inference request. The BYOK credential is never written to your browser as a cookie, never exposed to a messenger, never read by analytics, and never included in logs.
Messenger message content.When you or a user of one of your Linked Accounts sends a message to an AI Employee, the message and the agent's response are stored server-side in your tenant's database, subject to the retention rules in our Data Processing Agreement. Message content is never stored in a browser cookie on any device.
Visitor chat content in the support widget. Conversations with our on-site support assistant are stored server-side for up to 30 days and are then automatically deleted per our retention policy. The widget uses short-lived session identifiers in sessionStorage only, and deletes them when the tab closes.
7. How to Manage Cookies
You can manage your cookie preferences in four ways.
- – re-open the consent panel and change any category. Your update is effective immediately for future page loads; any non-essential cookies already placed for disallowed categories are cleared on the next reload.
- Browser settings– every mainstream browser lets you block or delete cookies in its settings. Blocking strictly-necessary cookies will break parts of ewpire.com that depend on them – checkout, security, and referral attribution. Quick reference:
- Clear local and session storage– the consent state and any session-only identifiers live in
localStorageandsessionStorage. Use your browser's developer tools (“Application” → “Local Storage” /“Session Storage” →ewpire.com) or clear all site data to reset them. - Contact us – you can e-mail us at [email protected] at any time to ask questions, request a data export, or exercise any other right under the GDPR, UK GDPR, or CCPA / CPRA. We reply within thirty days.
8. Changes to This Policy
We review this Cookie Policy whenever we add, remove, or materially change the cookies or equivalent technologies we use. We also review it at least annually. When we make a material change, we update the effective date at the top of this page. If we introduce a new category of non-essential cookies (for example, activating Marketing Attribution), we re-prompt you for consent through the banner before that category is activated. Non-material changes (for example, a new sub-processor within an already-consented category) are announced through a notice on this page.
9. Contact
If you have any questions about this Cookie Policy or how we use cookies, please contact us.
LeMans Labs OÜ
Estonian registry code 16872044
Valukoja 8/1, 11415 Tallinn, Harju maakond, Estonia
Legal and privacy inquiries: [email protected]
General: [email protected]
For a comprehensive description of how we handle your personal data, see our Privacy Policy and our Data Processing Agreement.