Cookie Policy
Last updated: May 15, 2026
1. What cookies are
Cookies are small text files that websites save on the user's device to store information useful for site operation or browsing experience. Alongside cookies, similar technologies exist such as localStorage, sessionStorage, and fingerprinting, which serve similar purposes. This policy treats them as equivalent from a regulatory perspective.
2. Types of cookies used
Strictly necessary technical cookies
No consent required under Art. 122 of Italian Legislative Decree 196/2003 (implementing the ePrivacy Directive). Essential for site operation (session, language, consent registry).
Analytics / monitoring cookies
Require explicit user consent. Currently disabled by default (Sentry for error tracking, opt-in via consent).
Profiling / marketing cookies
NOT used by Lens Veritas. No retargeting, no advertising pixels, no social plugins with trackers.
3. Full list of first-party technical cookies
| Name | Type | Duration | Purpose |
|---|---|---|---|
| nlv_lang | HTTP cookie | 365 days | Interface language |
| nlv_palette | HTTP cookie | 365 days | Visual theme (Noir / Bureau) |
| nlv_font | HTTP cookie | 365 days | Font family |
| nlv_ai_consent | HTTP cookie | 365 days | Server-side mirror of "AI features" consent (required to gate Veritas analysis) |
| sb-<project>-auth-token | HTTP cookie (Supabase) | Session | User authentication (registered users only) |
| nlv_consent_v2 | localStorage | 6 months | Stores cookie consent choices |
| nlv_session_id | localStorage | Persistent | Anonymous session identifier (UUID) for the consent registry |
| nlv_layout | localStorage | Persistent | Article layout preference (grid / list) |
| nlv_accent_<palette> | localStorage | Persistent | Custom accent color per palette |
4. Third-party cookies and trackers
Third-party services that process data for technical or functional purposes. Services marked as consent-based are activated only after explicit acceptance via the cookie banner.
| Service | Category | Purpose | Privacy |
|---|---|---|---|
| Vercel | Technical | Hosting, IP/UA logs for security | β |
| Supabase | Technical (auth) | User authentication and database | β |
| Upstash Redis | Technical (cache) | Article cache (TTL ~3 minutes) | β |
| Google OAuth | Technical (login) | Sign-in with Google account (optional) | β |
| Meta / Facebook OAuth | Technical (login) | Sign-in with Facebook account (optional) | β |
| DeepSeek | AI Processing | Veritas analysis + translations (primary provider) | β |
| Anthropic (Claude API) | AI Processing | News anti-bias analysis (fallback if DeepSeek unavailable) | β |
| Google (Gemini API) | AI Processing | On-demand article voice synthesis | β |
| Sentry | Analytics | Error monitoring (not yet active) | β |
| NewsAPI / GNews / The Guardian / GDELT | Technical (server-side) | Article sources β server-side queries only, no cookies in the browser | β |
| Replicate | Technical (server-side) | AI image generation for social media β server-side only | β |
Lens Veritas does not use Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, Mixpanel, Plausible, or any other tracking platform. Fonts (Geist) are self-hosted via next/font and do not result in requests to external CDNs.
5. Legal basis for processing
- Technical cookies β legitimate interest of the Data Controller in the proper functioning of the service (Art. 6(1)(f) GDPR)
- Analytics / AI cookies β explicit user consent (Art. 6(1)(a) GDPR), given via the cookie banner
- Authentication cookies β performance of the contract with the registered user (Art. 6(1)(b) GDPR)
6. Consent duration
The consent given is valid for 6 months. Upon expiry you will be asked again. You can change or withdraw consent at any time via the "Manage cookie preferences" button in the site footer or by reopening the banner below:
7. How to manage cookies
You can manage your cookies in two ways:
- Via the "Manage consent" button in the site footer (changes only your Lens Veritas choices)
- From browser settings (delete saved cookies, block future cookies from all sites):
Disabling technical cookies may cause some parts of the site to malfunction (e.g. login session persistence).
8. Consent registry
Each consent given is recorded in a secure database (Supabase) containing: session identifier, accepted/rejected categories, timestamp, IP address (anonymised after 12 months), and policy version. This registry is kept as proof of consent under Art. 7(1) GDPR. You can request access, rectification, or deletion of this information by writing to paolo_fantinel@hotmail.com.
9. Changes to this Cookie Policy
Any significant changes will trigger a new consent request upon next access. The date of last modification is shown at the top of this page.