Cookie Policy
How we use cookies and tracking technologies
Last updated: November 30, 2025
DRAFT - Pending Legal Review
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, improve functionality, and provide a better user experience.
Our Approach: We use minimal, essential cookies only. We do NOT use tracking, advertising, or analytics cookies.
Cookies We Use
The Elira Chat Widget uses 2 cookies for essential functionality:
1. Anonymous User ID Cookie
Name: ai_assistant_anon_id
Purpose: Links your browser to your conversation history across page visits
Value: Anonymous ID (e.g., user_abc123) - NOT your real identity
Expires: 365 days
Security: Secure (HTTPS only), SameSite=Lax
Can identify you? No - This ID cannot be linked to your real identity without the merchant's WordPress database.
2. JWT Authentication Cookie
Name: ai_assistant_jwt
Purpose: Secure API authentication for chat requests
Value: Encrypted token containing anonymous ID and store ID only
Expires: 5 minutes (auto-refreshed)
Security: HttpOnly (JavaScript cannot access), Secure, SameSite=Lax
Can identify you? No - Contains only anonymous identifiers, no personal information.
What We Do NOT Use
We are committed to minimal data collection. We explicitly do NOT use:
No Tracking Cookies
- • Google Analytics - NOT used
- • Facebook Pixel - NOT used
- • Cross-site tracking - NOT used
- • Behavioral tracking - NOT used
No Advertising Cookies
- • Google Ads - NOT used
- • Retargeting cookies - NOT used
- • Ad network cookies - NOT used
No Social Media Cookies
- • Facebook Connect - NOT used
- • Twitter integration - NOT used
- • LinkedIn tracking - NOT used
No Third-Party Cookies
- • OpenAI - Does NOT set cookies
- • CDN - No cookies for assets
- • External scripts - Minimal, no tracking
Your Cookie Rights
Right to Refuse Cookies
Click "Decline" in the consent banner when first using the chat. Note: The chat widget will not function if cookies are blocked.
Right to Withdraw Consent
Click "Revoke Consent" in widget settings at any time, or clear cookies in your browser settings.
How to Delete Cookies
- Chrome: Settings → Privacy and Security → Cookies → See all site data
- Firefox: Preferences → Privacy & Security → Cookies → Manage Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage cookies
Third-Party Services
OpenAI (AI Processing)
OpenAI processes chat messages via server-to-server API calls. No cookies are set in your browser by OpenAI. Only masked messages are sent (e.g., {{FIRST_NAME_0}}), never your real personal information.
Supabase (Database)
Supabase hosts our database on EU servers. No cookies are set in your browser by Supabase. Your browser never connects directly to Supabase.
Legal Basis
Under GDPR Article 6(1) and the ePrivacy Directive, our cookies are classified as strictly necessary for the service you explicitly requested (AI chat functionality). While consent is not legally required for strictly necessary cookies, we still obtain explicit consent via our consent banner to follow best practices.
Contact Us
Questions about our cookie usage?
HQWebs (operating Elira)
Email: hello@getelira.com
We aim to respond within 15 business days.
Quick Summary
| What We Use | What We Don't Use |
|---|---|
| ✓ 2 essential cookies | ✗ NO tracking cookies |
| ✓ Session management | ✗ NO advertising cookies |
| ✓ Secure authentication | ✗ NO analytics cookies |
| ✓ HTTPS only | ✗ NO social media cookies |
| ✓ Short JWT expiry (5 min) | ✗ NO cross-site tracking |
| ✓ Explicit consent obtained | ✗ NO selling of data |
Related Policies
- Privacy Policy - How we process personal data
- Terms of Service - Service agreement