Cookie Policy

1. What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They serve various purposes, such as keeping you logged in or ensuring security.

2. Which Cookies Do We Use?

Our website exclusively uses technically necessary cookies in accordance with Section 25(2) of the German Telecommunications Telemedia Data Protection Act (TTDSG). These do not require consent, as they are essential for providing the service.

3. Why Are These Cookies Technically Necessary?

Session Cookies (sid/sv)

These cookies store your login information so that you do not have to log in again on every page visit. They contain:

• Session selector (hashed ID)
• HMAC validator for integrity verification
• No personal data in plain text

CSRF Token

Protects you against CSRF attacks, in which attackers attempt to perform actions on your behalf. Without this cookie, we could not ensure that requests are actually coming from you.

OAuth State and Verifier

These temporary cookies (10 minutes) are only used during the login process to ensure the security of the OAuth2 flow:

• State: Prevents CSRF attacks during the OAuth redirect
• Verifier: PKCE (Proof Key for Code Exchange) for additional security

Login Loop Protection (ehrp_login_loop)

This very short-lived cookie (30 seconds) prevents endless redirect loops that can occur in certain session states during login. It counts redirects and breaks the cycle after a maximum of 2 repetitions.

Cookie Notice (ehrp_cookie_notice_dismissed)

Stores whether you have already dismissed the cookie notice banner so that it is not displayed again on every page visit. This cookie does not contain any personal data.

Cloudflare Security (cf_clearance)

Set by our infrastructure provider Cloudflare only when suspicious traffic is detected. After a successful security check (e.g., challenge), this cookie confirms that you are a real user and prevents repeated checks within 30 minutes.

4. Managing Cookies

You can manage and delete cookies in your browser:

Google Chrome

1. Open Settings → Privacy and Security → Cookies and other site data
2. Select "See all site data and permissions"
3. Search for "leveo.app" and delete the cookies

Mozilla Firefox

1. Open Settings → Privacy & Security → Cookies and Site Data
2. Click "Manage Data"
3. Search for "leveo.app" and remove the cookies

Safari

1. Open Settings → Privacy
2. Click "Manage Website Data"
3. Search for "leveo.app" and remove the cookies

Microsoft Edge

1. Open Settings → Cookies and site permissions
2. Select "See all cookies and site data"
3. Search for "leveo.app" and delete the cookies

Note: Disabling or deleting these cookies will cause the login functionality to stop working. You will be automatically logged out and will not be able to log in again until you allow cookies.

5. No Tracking or Marketing Cookies

We do not use any of the following cookies:

• Tracking cookies (e.g., Google Analytics, Facebook Pixel)
• Advertising cookies (e.g., Google Ads, retargeting)
• Social media cookies (e.g., Facebook Like button, Twitter)

The cf_clearance cookie is set by our infrastructure provider Cloudflare on our domain and serves exclusively security purposes — it is not used for tracking or advertising (see Sections 2 and 3).

6. Browser Settings for Cookie Control

Block All Cookies

You can block all cookies in your browser. However, please note that this will impair the functionality of many websites, including Leveo.

Block Third-Party Cookies Only

A good balance between privacy and functionality is to block only third-party cookies. All cookies on our website — including cf_clearance from Cloudflare — are set on the leveo.app domain and are therefore first-party cookies. Blocking third-party cookies will not affect functionality.

7. Further Information

For more information about data protection, please refer to our:

• Privacy Policy
• Terms of Service
• Imprint

Cookie Policy effective date: February 11, 2026