Cookies
Last updated: September 2025
Scope: this policy applies to the domains lixsa.ai and app.lixsa.ai. The subdomain partners.lixsa.ai is operated by tolt.io and follows its own policy.
1. What are cookies and similar technologies?
Cookies are small files that websites place on your device to remember information. They can be first-party or third-party. Related technologies like localStorage and sessionStorage, pixels, and SDKs serve similar purposes (measurement, security, personalization, advertising, etc.).
2. Who is responsible?
Walkon Livos S.L. (Lixsa.ai), CIF/VAT B13674783, Alfonso el Magnánimo 13, Office 1B, 46003, Valencia, Spain. Privacy contact: hi@lixsa.ai. For information about personal data, see our Privacy Policy.
3. Consent management (CMP) and how it works
We use a Cookie Consent Management Platform (CMP) with granular categories and controls. Until you give consent, in the EU/EEA we block non-essential cookies. You can change or withdraw your consent at any time via the “Cookie settings” link in the footer.
Technical recommendation: for your implementation we suggest Usercentrics CMP (compatible with IAB TCF v2.2 and Google Consent Mode v2) for coverage and auditability. Lightweight alternative: Cookiebot. In both cases we will enable Consent Mode v2 for Google tools.
Suggested banner (first layer): buttons for Accept all, Reject all, and Customize. Consent will be requested again every 12 months or when purposes/third parties change materially.
4. Cookie categories
- Necessary (consent-exempt): enable essential functions (login, security, load balancing, basic preferences).
- Preferences/Functional: remember interface or language choices.
- Statistics/Analytics: measure usage and performance (e.g., Google Analytics, Microsoft Clarity).
- Marketing/Advertising: remarketing, campaign measurement, and ad profiles (e.g., Google Ads, Meta Pixel, LinkedIn Insight Tag).
5. Tools and third parties we may use
- Google Analytics (GA4) — analytics; Google Privacy Policy.
- Microsoft Clarity — analytics and interaction maps; Microsoft Privacy.
- Google Ads / Remarketing — marketing; Google Ads Policy.
- Meta Pixel (Facebook/Instagram) — marketing; Meta Privacy Policy.
- LinkedIn Insight Tag — marketing; LinkedIn Privacy.
- reCAPTCHA (forms) — security; Google Privacy Policy.
- CDN (Google) — performance/security; Google Privacy Policy.
- Stripe — payments in our signup flow; Stripe Privacy.
- Shopify Billing — payments if signup is via the Shopify Marketplace; Shopify Terms.
- WhatsApp Business Platform — messaging channel; WhatsApp Business Policy.
These tools are only activated according to each site’s configuration (public page vs. app) and your consent, except for strictly necessary ones.
6. Cookies and storage in the app (app.lixsa.ai)
- Authentication and session: we use sessionStorage to preserve session and UI state. We may also set session cookies to keep you logged in for up to 7 days when “remember me” is enabled.
- Embedded content/third parties: some modules (e.g., reCAPTCHA) may set necessary cookies for security.
7. Cookie inventory (reference)
The following inventory is illustrative. The CMP will display the current inventory per domain, category, provider, purpose, and expiry. In any case, durations will not exceed the maximum allowed by law.
7.1 Necessary
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| __cf_bm / cf_clearance (if applicable) | CDN (Google/Cloud) | Distinguish legitimate traffic, mitigate bots, maintain access after challenge | up to session / variable | Third-party |
| _grecaptcha / reCAPTCHA tokens | Spam/abuse prevention in forms | variable (security) | Third-party | |
| lixsa_session / auth_* (e.g.) | Lixsa | Maintain session and account security | up to 7 days | First-party |
7.2 Preferences/Functional
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| ui_lang / theme | Lixsa | Remember language/theme | variable | First-party |
7.3 Statistics/Analytics
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _ga / _ga_* | Google Analytics | Measure sessions/users and events | up to 24 months | First-party |
| _gid | Google Analytics | Distinguish users | 24 hours | First-party |
| _clck | Microsoft Clarity | Site user identifier | up to 12 months | First-party |
| _clsk | Microsoft Clarity | Group page views into a session | 24 hours | First-party |
7.4 Marketing/Advertising
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _fbp / fr | Meta | Ad delivery and measurement | up to 90 days | Third-party |
| IDE / ANID / NID | Google Ads | Frequency, targeting, campaign measurement | variable (up to 24 months) | Third-party |
| li_sugr / bcookie / bscookie / lidc | Insights/measurement and security | 1 day to 24 months | Third-party |
8. How to accept, reject, or change your consent
- Use the “Cookie settings” link (footer) to open the CMP panel and accept/reject by category.
- You can withdraw consent at any time from the same panel.
- You can also delete cookies from your browser (Settings > Privacy > Cookies). Note that deleting them may remove saved preferences.
9. Geographic scope and prior blocking
We use the same banner globally. In the EU/EEA we implement prior blocking of non-essential cookies until you give consent (GDPR/ePrivacy compliance).
10. Use of WhatsApp Business and channel policies
When using WhatsApp via Lixsa, the Customer must strictly comply with the WhatsApp Business (Cloud/API) Terms and Policies: https://www.whatsapp.com/legal/business-policy. The Customer is solely responsible for compliance, including template use, messaging windows, and recipient consent.
11. Updates to this Policy
We may update this Policy to reflect legal or technical changes (new cookies/third parties). When the change is material, we will display a notice on the site and request consent again if necessary.
12. Contact
For any questions about cookies or privacy: hi@lixsa.ai. Supervisory authority: AEPD (Spain).