Cookie Policy

Last updated: May 14, 2026 — Sparkle5, LLC

This Cookie Policy explains how Luvu, operated by Sparkle5, LLC (“we”, “us”, or “our”), uses cookies on https://luvu.plus and our mobile applications. It should be read together with our Privacy Policy.

1. What Are Cookies?

Cookies are small text files stored on your device by your browser when you visit a website. They allow the website to remember information about your visit — for example, that you are logged in.

2. Cookies We Use

We use the minimum number of cookies necessary to operate the Service. We do not use advertising, tracking, or analytics cookies. The mobile app authenticates via tokens transmitted in request headers — no cookies are set for mobile app sessions.

2.1 Strictly Necessary Cookies

These cookies are required for the web interface to function. Without them you cannot log in. They are set automatically when you visit the site and do not require your consent.

Name	Purpose	Duration	Set by
session	Encrypted session cookie. Maintains your logged-in state and contains a CSRF protection token to prevent cross-site request forgery. The cookie is cryptographically signed; its contents cannot be read or modified by the browser or third parties.	Up to 31 days after login; deleted on logout or account deletion	Luvu (first-party)

2.2 Functional Cookies — Google Sign-In (requires your consent)

If you choose to sign in or register with Google, our sign-in and registration pages load Google’s Identity Services library (accounts.google.com/gsi/client). This library sets two cookies on your device. These cookies are only set after you accept cookies via our consent banner. If you select “Essential only” or ignore the banner, the Google library is never loaded and no Google cookies are set.

Name	Purpose	Duration	Set by
g_state	Tracks Google One Tap sign-in state. Google uses this to determine when to show or suppress the One Tap prompt and to manage the sign-in flow across page navigations.	Session / up to 30 days	Google LLC (third-party)
__suvt	Sign-Up Visitor Token set by Google Identity Services. Used by Google to track visitor sign-up events and measure the effectiveness of the Google Sign-In button.	Up to 13 months	Google LLC (third-party)

Google’s use of these cookies is governed by the Google Privacy Policy. You can manage Google’s data collection via My Google Account.

3. Cookie Attributes

The session cookie is set with the following security attributes:

• HttpOnly — cannot be accessed by JavaScript, reducing the risk of cross-site scripting (XSS) attacks.
• Secure — transmitted over HTTPS only; never sent over plain HTTP.
• SameSite=Lax — not sent with cross-site requests initiated by third-party sites, providing CSRF protection.

4. Legal Basis

The session cookie is strictly necessary for the operation of a service you have explicitly requested. It is exempt from prior-consent requirements under Article 5(3) of the ePrivacy Directive (as implemented in EU member states) and equivalent national laws.

The Google Sign-In cookies (g_state and __suvt) are functional cookies set by a third party (Google LLC). These are loaded only after you give your consent via our cookie banner. You may withdraw consent at any time by clearing your browser cookies and selecting “Essential only” on your next visit.

5. How to Manage Cookies

You can instruct your browser to refuse or delete cookies at any time. Deleting or blocking the session cookie will log you out and prevent you from logging back in until a new session cookie is issued.

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge

6. Changes to This Cookie Policy

If we introduce new cookies, we will update this policy, revise the “Last updated” date, and, where required by law, seek your consent before setting any new non-essential cookies.

7. Contact Us

For questions about our use of cookies, contact us at support@sparkle5.com.