Legal
Cookie Policy
Last updated: 28 March 2026
1. What are cookies?
Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They allow the website to recognise your device on subsequent visits and store certain information about your preferences or actions. Similar technologies, such as local storage, session storage, and pixel tags, work in a comparable way and are covered by this policy.
2. Who sets cookies on this site?
Cookies on brutalfeedback.xyz are set by Level Up (first-party cookies) and, where applicable, by third-party service providers (third-party cookies). The controller is identified in our Privacy Policy.
3. Categories of cookies we use
In accordance with Article 5(3) of the EU ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) and the GDPR, we distinguish between cookies that are strictly necessary for the service and those that require your prior consent.
3.1 Strictly necessary cookies No consent required
These cookies are essential for the website to function and cannot be switched off. They are set in response to actions you take, such as logging in or filling in forms. Legal basis: Art. 6(1)(b) GDPR (contract performance) and the ePrivacy exemption for technically necessary cookies.
| Name | Purpose | Duration | Type |
|---|---|---|---|
session | Maintains authenticated session after login | Session / 7 days | First-party, HttpOnly |
csrf_token | Prevents cross-site request forgery attacks | Session | First-party |
group_token | Stores group authentication token (localStorage) | Until logout | First-party, localStorage |
3.2 Analytics cookies Consent required
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. All data is aggregated and anonymised, we do not identify individual users. Legal basis: Art. 6(1)(a) GDPR (consent).
| Provider | Purpose | Duration | Privacy policy |
|---|---|---|---|
| Umami Analytics | Anonymised page views and session stats (self-hosted, no cross-site tracking) | Session | umami.is/privacy |
3.3 Third-party functional cookies Consent required
These cookies are set by third-party services embedded in our platform to deliver core functionality (e.g., payment processing). They may transfer data outside the EU under Standard Contractual Clauses.
| Provider | Purpose | Duration | Privacy policy |
|---|---|---|---|
| Stripe, Inc. | Fraud prevention and payment session management during checkout | Up to 1 year | stripe.com/privacy |
4. Cookie consent and how to manage your preferences
When you first visit our website, a cookie banner will ask for your consent for non-essential cookies (analytics and third-party functional). You may:
- Accept all, enable all categories of cookies.
- Accept only necessary, only strictly necessary cookies will be set.
- Customise, choose which categories to enable.
You may withdraw or change your consent at any time by clicking the "Cookie settings" link in the footer of any page. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
You can also manage cookies directly through your browser settings. Note that disabling cookies may affect the functionality of the website. For guidance on how to manage cookies in your browser, visit:
5. Do Not Track
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is currently no universally accepted standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we commit to reviewing this position as standards evolve.
6. Changes to this Cookie Policy
We may update this Cookie Policy to reflect changes in the cookies we use or for other operational, legal, or regulatory reasons. We will notify you of any material changes by displaying a prominent notice on our website or by email where appropriate. The date of the most recent revision is shown at the top of this page.
7. Contact
For any questions about our use of cookies or this policy, please contact us at: [email protected]
For information about how we process your personal data more broadly, please read our Privacy Policy.