Cookie Policy of the "Your Legal Help" Application

Last updated: 12 February 2026

1. What are cookies?

Cookies are small text files stored on the user's device (computer, tablet, smartphone) by a web browser when using a web application. Cookies can be read by our Application on subsequent visits. In addition to cookies, we also use similar browser storage technologies (e.g. localStorage, sessionStorage), which are collectively referred to in this policy as "cookies".

2. Who is the data controller?

The joint controllers of the data processed through cookies are:

  1. Krzysztof Gołaszewski, ul. Miętowa 1E/8, 81‑589 Gdynia, Poland
  2. Paweł Kozielecki, ul. Juraty 4/1, 80‑299 Gdańsk, Poland

E‑mail: kontakt@twojapomocprawna.pl

Detailed information about the processing of personal data can be found in the Application's Privacy Policy.

3. Legal basis

The use of cookies is based on:

  • Article 173 of the Polish Telecommunications Act of 16 July 2004 — with regard to storing and accessing information on the user's terminal device,
  • Article 6(1)(f) GDPR (legitimate interest of the controller) — with regard to cookies that are strictly necessary for the functioning of the Application,
  • Article 6(1)(a) GDPR (consent) — with regard to analytical cookies and any other cookies that are not strictly necessary for the provision of the service.

4. Types of cookies used

4.1 Strictly necessary (technical) cookies

These cookies are essential for the proper functioning of the Application. They do not require the user's consent, as the Application cannot function correctly without them (Article 173(3) of the Polish Telecommunications Act).

Cookie name Provider Purpose Retention period Type sb-access-token Supabase Access token authenticating the user's session Until logout or token expiry (default: 1 hour) Necessary sb-refresh-token Supabase Refresh token enabling session extension without re‑login Until logout or expiry (default: 7 days) Necessary Session / CSRF cookies Your Legal Help (first‑party) Maintaining the user's session and protection against CSRF (Cross‑Site Request Forgery) attacks Duration of the session (until browser is closed or the user logs out) Necessary

Note: Supabase may also store session tokens in the browser's localStorage. These serve the same function as session cookies and are treated as technically necessary.

4.2 Analytical cookies

These cookies help us understand how users interact with the Application, enabling us to improve it. They are set only after the user has given consent.

Cookie name Provider Purpose Retention period Type _ga Google Analytics (Google LLC) Distinguishing unique users by assigning a randomly generated identifier 2 years Analytical _ga_<ID> Google Analytics (Google LLC) Maintaining session state in Google Analytics 4 2 years Analytical

Google Analytics collects anonymous statistical data about the use of the Application (including pages visited, visit duration, device type, and browser). This data is processed by Google LLC.

More information about how Google processes data: How Google uses data from sites and apps that use Google services.

IP anonymization: In Google Analytics 4, users' IP addresses are automatically anonymized and are not stored in full form.

5. Third‑party cookies

Some cookies may be set by third parties (so‑called third‑party cookies):

Provider Purpose Privacy policy Google LLC (Google Analytics) Analytics — only with user consent Google Privacy Policy Supabase Inc. Authentication and session management Supabase Privacy Policy

Data processed by Google LLC may be transferred to the United States under the safeguards described in our Privacy Policy (section on international data transfers).

6. Managing cookie consent

6.1 Cookie banner

On the user's first visit to the Application, we display an information banner that allows the user to:

  • accept all cookies (necessary and analytical),
  • reject optional cookies (accept only necessary cookies),
  • customize preferences — individually select cookie categories.

Analytical cookies (Google Analytics) are not set until the user gives consent.

6.2 Changing or withdrawing consent

The user may change or withdraw their cookie consent at any time by:

  • clicking the "Cookie settings" / "Manage cookies" link available in the Application's footer,
  • deleting cookies directly in the browser's settings.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6.3 Managing cookies in the browser

Regardless of the cookie banner, the user may manage cookies through their browser settings:

  • Google Chrome: Settings → Privacy and security → Cookies
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy
  • Microsoft Edge: Settings → Cookies and site permissions

Note: Blocking or deleting necessary (technical) cookies may cause the Application to malfunction, including loss of login sessions.

7. Cookie retention periods

Category Retention period Necessary cookies (session) Duration of the session — until the browser is closed or the user logs out Supabase tokens (access) Up to 1 hour (default) Supabase tokens (refresh) Up to 7 days (default) Google Analytics (_ga, _ga_<ID>) Up to 2 years from the last activity

8. Impact of cookies on privacy

  • Necessary cookies do not collect data that identifies the user for purposes other than authentication and security.
  • Analytical cookies collect anonymized statistical data. They do not allow direct identification of the user, but may constitute personal data within the meaning of the GDPR (online identifiers — Article 4(1) GDPR), which is why they require consent.
  • We do not use cookies for marketing, advertising, or user profiling purposes.

9. Changes to the cookie policy

We reserve the right to update this cookie policy, in particular in the event of changes to the technologies used, addition of new cookie categories, or changes in legislation. Users will be notified of significant changes via the cookie banner or the Application.

The date of the most recent update is indicated at the top of this document.

10. Contact

For matters relating to cookies and privacy, please contact:

Krzysztof Gołaszewski — ul. Miętowa 1E/8, 81‑589 Gdynia, Poland Paweł Kozielecki — ul. Juraty 4/1, 80‑299 Gdańsk, Poland E‑mail: kontakt@twojapomocprawna.pl