Introduction

This Cookie Policy explains how Cognyfai Limited("Heimly") uses cookies and similar technologies on the Heimly platform (heimly.ng and associated applications). Read this alongside our Privacy Policy.

What Are Cookies?

Cookies are small text files stored on your device by your web browser when you visit a website. They help websites recognise your device, remember your preferences, and improve your experience. Similar technologies include web beacons, pixels, local storage, and session storage — we refer to all of these collectively as "cookies" in this policy.

Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the Platform to function. They cannot be disabled.

• access_token / refresh_token — HTTPOnly session cookies that maintain your authenticated session securely. They are never accessible to JavaScript and expire automatically (access token: 15 minutes; refresh token: 7 days).
• csrftoken — Django CSRF protection token, prevents cross-site request forgery.

Functional Cookies

These cookies enable enhanced features and personalisation. Disabling them may affect your experience.

• org_id — remembers which organisation context you last selected in the dashboard.
• Preferences — stores your locale, dashboard layout preferences, and notification settings.

Analytics Cookies

We use analytics to understand how the Platform is used so we can improve it. These tools may set cookies on your device.

• Google Analytics 4 (GA4) — loaded from googletagmanager.com when enabled. Measures page views, navigation paths, device/browser type, and interaction events. We enable IP anonymisation in our GA4 configuration. Cookies may include _ga and _gid. Data is processed by Google LLC. See Google Privacy Policy and our Google Analytics section in the Privacy Policy.
• Vercel Analytics — when deployed on Vercel, measures page views and performance metrics. Data is anonymised and not shared with advertisers.

Marketing Cookies

We currently do not use third-party advertising or retargeting cookies. If this changes, we will update this policy and ask for your consent before setting any marketing cookies.

Third-Party Cookies

Some features of the Platform load content from third-party services that may set their own cookies, subject to their privacy policies:

• Paystack — payment processing. Cookies used to prevent fraud and secure your transaction. See Paystack Privacy Policy.
• Google (Sign in with Google) — when you authenticate via Google OAuth, Google may set cookies during the sign-in flow. We store your session using Heimly HTTP-only cookies after login completes. See Google Privacy Policy and our Google User Data section.

Managing Your Cookie Preferences

You can control cookies through your browser settings. Most browsers allow you to:

• View and delete cookies stored on your device.
• Block cookies from specific websites.
• Block all third-party cookies.
• Clear all cookies when you close the browser.

Please note that disabling strictly necessary cookies will prevent you from logging in and using the Platform. Browser-level cookie controls are separate from the in-app notification settings in your account.

For browser-specific instructions visit: allaboutcookies.org. To opt out of Google Analytics specifically, you may use the Google Analytics opt-out browser add-on.

Cookie Retention Periods

• Session cookies — deleted when you close your browser.
• access_token — expires after 15 minutes of inactivity (automatically refreshed while you are active).
• refresh_token — expires after 7 days.
• Analytics cookies (GA4) — up to 24 months (_ga); session-level cookies may expire sooner.
• Analytics cookies (general) — up to 24 months, anonymised where configured.

Updates to This Policy

We may update this Cookie Policy to reflect changes in technology or applicable law. We will post the updated policy on this page with a revised date. For significant changes, we will notify you via a banner on the Platform.

Contact

Questions about our use of cookies? Email us at info@heimly.ng.