Cookie Notice

The StartManaging-Legal studio sets a small number of cookies that are strictly necessary to authenticate Firm Users and to operate the Service. We do not use cookies for advertising, cross-site tracking, or third-party analytics in the application.

Cookies set by the studio

• Session cookie (Auth.js) — holds the encrypted JWT proving the Firm User is signed in. Lifetime: rolling 30 days from last activity. Attributes: HttpOnly; Secure; SameSite=Lax.
• CSRF token (Auth.js) — pairs with the session cookie to defend against cross-site request forgery on auth endpoints. Lifetime: session.
• Active-workspace cookie (x-tenant-id) — when a Firm User belongs to more than one firm, this cookie remembers which workspace is currently selected. Lifetime: 30 days. Cleared on logout.

What we do not do

• We do not embed third-party advertising scripts or pixels in the studio.
• We do not load Google Analytics, Meta Pixel, or similar tracking on authenticated pages.
• We do not share cookie data with sub-processors except where a sub-processor (e.g. Vercel’s edge for routing) needs the bare session cookie to deliver the response.

Disabling cookies

Because the cookies above are strictly necessary to operate the Service, disabling them in the browser will sign the user out and prevent the studio from functioning. They are not subject to consent under the ePrivacy Directive’s functional-cookie exemption.

Marketing site

The marketing site at www.startmanaging-legal.com may use first-party analytics cookies (privacy-preserving, no IP retention) to understand which pages prospective customers visit. Those cookies and choices are described on the marketing-site cookie banner when it loads.

Contact

Questions to privacy@startmanaging-legal.com.