Menty.

N° 03 — Legal

Cookie Policy

Last updated: May 26, 2026 · Document version 2026-05-26.v1

Draft — pending counsel review

This document is a working draft and is being reviewed by qualified counsel. Several sections are tagged [TODO LAWYER REVIEW] where the cookie inventory will be confirmed against a live audit and where the cookie consent banner UI will ship. The current text reflects Menty’s good-faith understanding of its cookie practices as of the date above and supersedes any prior published version.

This Cookie Policy explains what cookies and similar technologies Menty uses, why we use them, and the choices you have. It works together with our Privacy Policy and Terms of Service.

We do not show third-party ads, do not sell personal information, and do not share personal information for cross-context behavioral advertising — the Privacy Policy confirms this in §12. We honor the Global Privacy Control browser signal by default.

1. What are cookies?

Cookies are small text files a website stores on your device. They’re widely used to make sites work, remember preferences, keep you signed in, and support analytics. We also use similar technologies — local storage, session storage, and pixel tags (where applicable) — for the same purposes. Throughout this Policy, “cookies” includes those technologies.

Cookies are either session cookies (deleted when you close your browser) or persistent cookies (remain until expiry or until you delete them). They are either set by Menty directly (first-party) or by services Menty integrates with (third-party).

2. Categories we use

We group cookies into four categories. Strictly necessary cookies are always on — without them the Service does not work. Functional, analytics, and third-party cookies are subject to your consent where required by law (see §5 below).

2.1 Strictly necessary

Required for core functionality — authentication, security, consent recording. Cannot be turned off via the consent UI; you can still block them at the browser level but doing so will break sign-in.

  • NextAuth session cookies (next-auth.session-token, __Secure-next-auth.session-token, next-auth.callback-url, next-auth.csrf-token) — sign-in, role + view-mode resolution, CSRF defense. First-party, session + persistent (30 days).
  • Onboarding bypass (menty_onboarding_complete) — same-session safety net so users who completed onboarding aren’t looped back. First-party, 1 year.
  • Cookie consent state (menty_cookie_consent) — records your choice so we don’t prompt repeatedly. First-party, 12 months.
  • Anonymous identifier (menty_anon_id) — links pre-auth cookie consent to your ConsentReceipt audit log (see Privacy Policy §5). First-party, 12 months.

2.2 Functional

Remember non-essential preferences. Turning these off won’t break the Service but you’ll lose preference persistence.

  • Sidebar + UI state (menty:sidebar-state, menty:live-identity:<userId>) — collapsed/expanded sidebar, cached display name + avatar across navigations. First-party, persistent in sessionStorage + localStorage.
  • Locker Room last-seen (menty:lockerRoomSeenAt) — used by the unread Locker Room badge so we don’t show "new" forever. First-party, persistent.

2.3 Analytics

Menty does not currently use third-party analytics cookies (Google Analytics, Mixpanel, Segment, etc.). When we add an analytics provider, it will appear here with an opt-in prompt where required by law. [TODO LAWYER REVIEW] Confirm before publication that no analytics tag has been added since this audit.

2.4 Third-party

Set by services we integrate with for payment, video, error monitoring, and video transcoding. They each have their own cookie practices linked below.

  • Stripe (__stripe_mid, __stripe_sid) — payment processing + fraud prevention on Checkout pages. stripe.com/privacy.
  • Daily.co — set during live video sessions for call routing + quality. daily.co/privacy.
  • Mux — set on video player surfaces for adaptive streaming + playback diagnostics. mux.com/legal/privacy.
  • Sentry — application error monitoring. Sentry can set a session identifier in localStorage for trace correlation; sensitive fields are redacted server-side. sentry.io/privacy.

3. Global Privacy Control + Do Not Track

Global Privacy Control (GPC). We honor the GPC browser signal as an opt-out of sale or sharing of personal information for cross-context behavioral advertising. Because we do not engage in such sale or sharing, the signal is honored by default — its presence does not change what we do with your data, but our compliance with it is unconditional.

Do Not Track (DNT). There is no industry standard for DNT signals at this time. We do not respond to DNT specifically, but our posture above (no ad-targeting, no behavioral profiling, no sale, no share) makes the practical effect equivalent.

4. Cookie consent

Where required by law (e.g., the EU/UK ePrivacy regime), we ask for your consent before setting non-essential cookies, and we record that consent in our ConsentReceipt audit log together with the document version, source, IP, and User-Agent.

You can withdraw consent at any time:

  • Clear cookies for mentyelevate.com in your browser to drop the consent state and be re-prompted on next visit.
  • Reach out at privacy@mentyelevate.com to revoke recorded consent.
  • Manage browser cookie settings (see §5).

5. How to manage cookies in your browser

You can control and manage cookies through your browser settings. Refusing or deleting strictly-necessary cookies will prevent the Service from working (you won’t be able to sign in).

  • Chrome: Settings → Privacy and security → Cookies and other site data.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Safari: Settings → Privacy → Manage Website Data (macOS) / Settings → Safari → Block All Cookies (iOS).
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data.
  • Brave / Arc: Same path as Chrome.

For mobile, your operating system also has tracking-control settings (e.g., iOS “Tracking” under Privacy & Security; Android “Privacy”).

6. Third-party cookie control

For cookies set by third parties (Stripe, Daily.co, Mux, Sentry), you may need to visit those services’ websites to manage preferences. The links in §2.4 take you to each provider’s privacy + cookie practices.

7. Updates to this Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legal requirements, or our practices. For material changes — adding a new analytics provider, adding a new tracking technology, or changing the consent posture — we will update the “Last updated” date at the top, bump the document version constant, and, where appropriate, re-prompt for consent.

Questions

For cookie or privacy questions, email privacy@mentyelevate.com or hello@mentyelevate.com with “Cookies” in the subject line.

Menty mentors are sport coaches and educators — not licensed medical, mental-health, or psychological providers. Sessions are educational and motivational only. For injury, medical, or mental-health concerns, please consult a licensed professional.

menty.
PrivacyTermsRefundsWaiverMentorsCookiesContact

© 2026 Menty. All rights reserved.