Legal
Cookie Policy
This Cookie Policy explains how Leny ("Leny," "we," "us," or "our") uses cookies and similar tracking technologies on our websites and applications (the "Services"). Although the term "cookie" is used throughout, this policy also covers technologies that are technically distinct from cookies but serve a similar purpose, including browser localStorage, sessionStorage, pixels, and software development kits. Where this policy refers to "cookies and similar technologies," we mean all of the above.
If you have questions, contact us at info@leny.ai.
Contents
1. What this policy covers
This policy applies to the Leny website, the patient chat experience, and the clinician assistant. It explains:
- The categories of cookies and storage we use.
- The specific keys we set in your browser today.
- The third-party services that may set their own cookies or storage when you use Leny.
- The choices you have to control these technologies.
This policy should be read together with our Privacy Policy, which describes how we handle personal information more broadly.
2. What are cookies and similar technologies
A cookie is a small text file that a website asks your browser to store. Cookies can be set by the site you are visiting ("first-party") or by a third party whose code runs on the page ("third-party"). They can persist after you close the tab ("persistent") or be erased when you close it ("session").
Leny relies primarily on browser storage APIs rather than traditional cookies for its first-party functionality:
- localStorage: persistent key-value storage that remains until explicitly cleared.
- sessionStorage: key-value storage that is wiped when the tab or browser is closed.
These are not cookies in the strict technical sense, but they raise the same privacy and consent questions, so we describe them together below.
3. Categories we use
Leny uses two categories. We do not use advertising, marketing, or "data sale" cookies, and we do not run remarketing pixels.
3.1 Strictly necessary
Required to operate core functionality such as keeping you signed in, distinguishing guest sessions, and remembering in-app state. These cannot be disabled through a consent banner because the Services would not function without them. They do not require prior consent under EU/UK rules.
3.2 Analytics
Used to understand how the Services are used so we can improve them — for example, which pages are visited, which features are used, and where errors occur. In the EU, UK, and other jurisdictions that treat analytics cookies as non-essential, we will request your consent before these are set.
4. Cookies and storage we use today
| Name | Type | Category | Purpose | Retention |
|---|---|---|---|---|
leny_token |
localStorage | Strictly necessary | Stores your authentication bearer token so you stay signed in across sessions. | Until logout or manually cleared. |
leny_is_guest |
localStorage | Strictly necessary | Flags the current session as a guest (unregistered) user. | Until logout or manually cleared. |
leny_username |
localStorage | Strictly necessary | Stores your display name for personalization in the UI. | Until logout or manually cleared. |
leny_is_admin |
localStorage | Strictly necessary | Flags accounts with administrative privileges to render admin UI. | Until logout or manually cleared. |
Leny_v21 |
localStorage | Strictly necessary | Application state snapshot: selected role, language, user name, usage metrics, and votes. | Until manually cleared. |
leny-audience |
localStorage | Strictly necessary | Remembers your selected tab on the welcome page (patient vs. clinician). | Until manually cleared. |
leny_hero_state |
sessionStorage | Strictly necessary | Hands off hero/landing state between pages within a single tab. | End of browser tab/session. |
leny_value_card_seen |
sessionStorage | Strictly necessary | Prevents the signup nudge card from re-appearing in the same session. | End of browser tab/session. |
fbTrained |
sessionStorage | Strictly necessary | One-time guard for the feedback toast notification. | End of browser tab/session. |
PostHog identifiers (e.g. ph_*) |
Cookie / localStorage (set by us.i.posthog.com) |
Analytics | Product analytics: anonymous user/session identification, feature usage events. | Up to 1 year. |
We will update this table when keys are added or removed.
5. Third-party services
Some features rely on third parties whose own cookies, storage, or server logs may be created when you use Leny.
Deepgram (voice)
When you use voice features, audio is sent to Deepgram for transcription. Deepgram does not set cookies in your browser through Leny, but it does process the audio server-side. See Deepgram's privacy policy for details.
PostHog (analytics)
We use PostHog (host: us.i.posthog.com) for product analytics.
PostHog drops its own cookies and writes to localStorage to maintain an anonymous distinct ID
and session information. We use PostHog to understand feature usage and diagnose issues — not
for advertising. Where required by law, we will gate PostHog behind your consent.
Google Fonts
We load typefaces from fonts.googleapis.com and fonts.gstatic.com.
Google does not set cookies through this asset request, but Google's servers will see your
IP address and basic request metadata each time fonts are fetched. If you
would prefer not to share this information with Google, you can block third-party requests to
those domains in your browser.
6. Your choices
Cookie banner (EU/UK)
If you visit Leny from the EU, UK, or another region with similar rules, you will be shown a consent banner that lets you accept or reject Analytics cookies. Strictly necessary storage is set without consent because the Services cannot run without it. You can change your choice at any time from the cookie preferences link in the footer.
Do Not Track and Global Privacy Control
Most browsers offer a Do Not Track (DNT) signal. Because there is no industry consensus on how DNT should be honored, Leny does not currently change its behavior based on DNT.
We do, however, honor Global Privacy Control (GPC) signals where applicable. If your browser sends a GPC signal, we will treat it as a valid opt-out of the "sale" or "sharing" of personal information under laws such as the California Consumer Privacy Act (CCPA/CPRA). Note: Leny does not sell personal information today, so this is more about respecting your stated preference than changing what we already do.
California residents will also see a "Do Not Sell or Share My Personal Information" link in our footer.
Browser settings
You can manage cookies and clear browser storage directly in your browser. Note that clearing storage will sign you out of Leny and reset preferences such as language. Help pages from common browsers:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Settings → Privacy → Manage Website Data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
To clear localStorage or sessionStorage specifically, use your browser's developer tools (Application → Storage) or the same "Clear browsing data" controls listed above.
7. Changes to this policy
We may update this policy from time to time to reflect changes to the technologies we use or to legal requirements. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be communicated through the Services or by email where appropriate.
8. Contact us
Questions, complaints, or requests related to this Cookie Policy can be sent to:
Leny
Email: info@leny.ai