Cookie Policy
Last updated: 2026-05-25
Short version:we set one strictly-necessary session cookie when you sign in. We don't use analytics, advertising, or tracking cookies anywhere on the site. That's why you didn't see a cookie consent banner.
The one cookie we set
| Name | Purpose | Lifetime | Required? |
|---|---|---|---|
| fixaeo_session | Keeps you signed in across page loads. Without it the app would forget you after every navigation. | 30 days, rolling | Yes — auth |
This cookie is HttpOnly (JavaScript on the page can't read it), SameSite=Lax(other sites can't use it for CSRF), and only sent over HTTPS in production. It's scoped to .fixaeo.com so the same login works on the marketing site and the app.
Strictly-necessary cookies like this one are exempt from consent under EU ePrivacy Directive Article 5(3) — you can't run an authenticated app without them.
Cookies we explicitly don't use
- Analytics cookies — we use Cloudflare Web Analytics and Ahrefs Analytics, both of which are cookieless by design (they aggregate hashed IPs server-side, never set persistent identifiers).
- Advertising / remarketing — we don't run paid ads and don't embed any ad network pixels. Google Analytics 4 was removed on 2026-05-25 specifically to avoid the
_gacookie it sets. - Social trackers— no Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel, X conversion tracking. Sharing links to fixaeo.com from social platforms doesn't pass any unique identifier back to us.
- Session replay— no Hotjar, FullStory, Microsoft Clarity, or LogRocket. We don't record your screen.
Payment checkout (Lemon Squeezy)
When you start a subscription we redirect you to Lemon Squeezy, our Merchant of Record, on their own domain (lemonsqueezy.com). Any cookies set there are first-party to Lemon Squeezy and governed by their privacy policy, not ours — they're never set on, and never reach, fixaeo.com.
How to control cookies
Since the only cookie we set is required for sign-in, the only way to refuse it is to not sign in. The free public scanner at the top of the homepage works without any cookies at all — visit, scan a URL, see the result, leave. No account, no persistence.
Most browsers also let you block or delete cookies per-site via Preferences → Privacy. Blocking fixaeo_session will sign you out.
Changes to this policy
If we ever add a non-essential cookie we'll update this page first, and you'll see a consent banner before the cookie is set. Until you see that banner, this page is the complete picture.
Questions? See our Privacy Policy or email hello@fixaeo.com.