Tresor AI - Cookie Notice

1. What cookies and similar technologies are

Cookies are small text files placed on your device when you visit a website. We also use comparable browser technologies such as localStorage, which stores information in your browser rather than in a cookie. In this Notice, "cookies" refers to both unless stated otherwise.

Cookies can be:

• First-party (set by Tresor) or third-party (set by a provider we use).
• Session cookies, which are deleted when you close your browser, or persistent cookies, which remain for a set period.

2. Our consent model

Our website is designed to run cookieless until you give consent. This means:

• Before you choose: only strictly necessary cookies are active. No analytics or marketing cookies are set.
• If you accept: we enable the analytics cookies described below. You can withdraw consent at any time.
• If you decline: no analytics or marketing cookies are set.

Strictly necessary cookies do not require consent, because they are essential to provide a service you have requested (for example, keeping you signed in). All other cookies are used only on the basis of your consent (Art. 6(1)(a) GDPR), which you give, refuse, or withdraw via our cookie banner or your browser settings.

3. Strictly necessary cookies

These are required for the website and Workspace to function and cannot be switched off through our banner.

The consent preference itself is stored in localStorage under analytics-consent so we do not ask again on every visit.

4. Analytics cookies (consent required)

We use PostHog to understand how our website and product are used, so we can improve them. PostHog events are metadata-only and never contain the content of your prompts, documents, or conversations. These cookies are set only after you consent.

More than one PostHog project may be active (for example, an additional PostHog instance is loaded by the embedded Productlane widget - see Section 7). If you decline, PostHog runs in a privacy-preserving mode that does not store identifying data in your browser.

5. Marketing and advertising cookies

We do not use marketing or advertising cookies. If this changes in the future, we will update this Notice and request your consent before any such cookie is set.

6. How to manage or withdraw your consent

You can change your choices at any time:

• Cookie banner / settings: reopen the cookie settings on our website to update or withdraw consent.
• Browser settings: most browsers let you block or delete cookies and clear localStorage. Disabling strictly necessary cookies may stop parts of the Services from working.
• PostHog opt-out: declining analytics in our banner opts you out of PostHog tracking.

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

7. Third-party providers

Where a third party sets cookies through our website, that provider also processes the resulting data under its own privacy terms:

• PostHog - product and website analytics. See PostHog's privacy documentation at posthog.com/privacy .
• Stripe - payment processing and fraud prevention, active only once you enter the signup / payment flow. See Stripe's cookie policy at stripe.com/legal/cookies-policy .
• Productlane - an embedded customer-feedback / changelog widget.

A full list of the processors we work with is set out in Section 5 of our Privacy Policy .

8. Changes to this Notice

We may update this Notice when our use of cookies changes or when the law changes. We will update the "Last updated" date above and, for material changes, ask for renewed consent where required.

9. Contact

You also have the right to lodge a complaint with the Commission nationale pour la protection des donnees (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg, cnpd.public.lu .