neumind
Cookies notice
The cookies and similar technologies we use, why we use them, and how to manage them.
This notice explains the cookies and similar technologies we use on the Neumind website (neumind.io, neumind.co.uk), the professional dashboard, and where applicable inside our mobile applications.
It sits alongside our Privacy Notice, which covers what we do with personal data more broadly, and our Sub-processors register, which names every third party that processes data on our behalf.
What cookies are
Cookies are small text files that are stored on your device when you visit a website. We also use similar technologies — local storage, session storage, and pixels. Where this notice refers to “cookies,” it means any of these technologies.
We use cookies for four reasons:
- Strictly necessary — to make our services work (signing you in, keeping your session secure).
- Functional — to remember your preferences (theme, language).
- Analytics — to understand how the professional dashboard is used so we can improve it.
- Marketing — we do not currently use marketing cookies.
You have control over which categories you accept. Strictly-necessary cookies are always set because the service does not function without them; you can refuse or withdraw consent for the others at any time.
Lawful basis
- Strictly necessary cookies are set under PECR regulation 6(4) (the strictly-necessary exemption) — no consent required.
- Functional, analytics, and any future marketing cookies are set on the basis of your consent (PECR regulation 6(2) and UK GDPR Article 6(1)(a)).
How to manage cookies
Our consent banner. When you first visit our site, our cookie banner asks you to accept or refuse non-essential cookies. You can change your preference at any time using the persistent settings link in the banner footer.
Note (2026-04-27): Our cookie consent banner is being upgraded to provide category-level choice. Until that upgrade ships (target v0.1 cycle), the banner is binary: accept or decline. In the binary banner, the functional cookies (theme preference, UI prefs) are set regardless of your choice — we treat them as strictly-necessary in this gap window because there is no separate functional control. Choosing “Decline” means we set only those strictly-necessary cookies; choosing “Accept” additionally sets the analytics cookies listed below. We do not currently set any cookie that requires consent for marketing purposes.
Your browser controls. All modern browsers allow you to view, restrict, or delete cookies. Refer to your browser’s help pages:
What we set
The cookies and similar technologies listed below are what we currently set. We will update this list when material changes happen and notify you inside the product where the change affects you.
Strictly necessary
| Cookie / technology | Purpose | Retention | First / third party |
|---|---|---|---|
| Auth0 session cookie | Keeps you signed in across pages | Session (cleared on browser close) or up to 24 hours, whichever is shorter | Third party (auth0.com) |
| AWS load-balancer cookie | Routes your requests to the correct application server | Session | First party |
| Cookie-consent state | Remembers whether you accepted or refused non-essential cookies; we re-prompt for consent every 12 months | 12 months | First party |
| CSRF token | Protects forms from cross-site request forgery attacks | Session | First party |
Functional
| Cookie / technology | Purpose | Retention | First / third party |
|---|---|---|---|
| Theme preference | Remembers whether you chose light or dark mode | 12 months | First party |
| Local-storage UI preferences | Remembers minor in-product preferences (sidebar collapsed/expanded, last-viewed tab) | Until you clear browser data | First party |
Analytics — consent required
| Cookie / technology | Purpose | Retention | First / third party |
|---|---|---|---|
| PostHog session ID | Identifies your session for product-analytics + session-recording in the professional dashboard. PostHog is configured to mask passwords and health-data fields automatically. PostHog is set only on the professional dashboard — not on the marketing website, not inside the mobile apps. | 30 days rolling | Third party (posthog.com / EU-hosted) |
PostHog is one of our sub-processors; it processes pseudonymised event data on our instructions under a Data Processing Agreement. We do not use PostHog for marketing, ad targeting, or tracking across other websites.
Marketing — we do not currently use marketing cookies
We do not run Google Ads, Facebook Pixel, LinkedIn Insight Tag, or any other advertising / cross-site tracking technology on Neumind. If we add any in future, we will update this notice and ask for your consent before setting them.
Cookies set by embedded third parties
Some pages on our marketing website embed content from third parties (for example, Typeform forms in onboarding flows). These third parties may set their own cookies under their own privacy policies — refer to:
- Typeform Privacy Notice — for cookies set when you complete an onboarding form
We treat these embeds as third-party cookies; they require your consent on the same basis as our analytics cookies, and they are not set if you decline non-essential cookies.
What we do not set
For clarity, we do not set:
- Cookies for behavioural advertising or retargeting
- Cookies that track you across other websites
- Social-media share buttons that load third-party tracking (we use share links that open the social-media app directly, not embedded widgets)
- Cookies set by analytics tools other than PostHog (no Google Analytics, no Mixpanel — Mixpanel was retired 2026-04-27 and is not in our current sub-processor stack)
Cookies on the mobile applications
Our mobile applications (iOS + Android) do not use HTTP cookies in the conventional browser sense. They use equivalent technologies:
- Auth0 secure storage (strictly necessary) — keeps you signed in. Cleared on sign-out or on app uninstall.
- Firebase Cloud Messaging device token (strictly necessary for receiving notifications) — manage push notifications via your iOS or Android system notification settings.
- Firebase Analytics (consent-respecting; subject to platform-level consent flags) — manage via iOS App Tracking Transparency prompts (Settings → Privacy & Security → Tracking) or Android Privacy Dashboard / Data Safety controls. Cleared on app uninstall.
- RevenueCat anonymous identifier (strictly necessary for subscription management) — cleared on app uninstall.
These are detailed in the Privacy Notice § Data Collection Methods.
Updates to this notice
We will refresh this notice when our cookie usage changes materially. The latest version is always at https://share.neumind.io/legal/cookies. Material updates are also notified inside the product (login modal on the professional dashboard).
Contact
Questions about this notice or about a specific cookie: privacy@neumind.io or dpo@neumind.io.
Complaints: you have the right to complain to the UK Information Commissioner’s Office (ICO) at any time. Our ICO registration number is ZB038508.