top of page

Enlaye Cookie Policy

Last Updated: May 10, 2026

1. Introduction

This Cookie Policy explains how Enlaye, Inc. (“Enlaye,” “we,” “our,” or “us”) uses cookies and similar technologies on our websites and applications, including the public Marketing Site at www.enlaye.com (with French content available at /fr, also reachable via the redirected domain www.enlaye.fr) and the Enlaye Risk Lifecycle Management™ Platform at www.enlaye.app (together, the “Services”).

This Cookie Policy is a sub-document of the Enlaye Privacy Policy and should be read together with it. The Privacy Policy describes how Enlaye collects, uses, and discloses personal data more generally, including the rights you have as a data subject and the contact information for exercising those rights.

This Cookie Policy is consistent with the EU General Data Protection Regulation 2016/679 (“EU GDPR”), the UK GDPR, the EU ePrivacy Directive 2002/58/EC and its national-law transpositions, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), and Quebec Law 25.

This Cookie Policy is published in English and French. The two language versions are intended to be substantively identical and to convey the same information.

 

2. What Cookies and Similar Technologies Are

Cookies are small text files placed on your device when you visit a website. They are read by the website on your subsequent visits and are used for purposes such as keeping you logged in, remembering your language preference, and understanding how the site is used. Cookies set by the website you are visiting (in our case, by Enlaye or by a service we operate, such as Wix on the marketing site or Clerk on the Platform) are called first-party cookies. Cookies set by other parties whose code runs on the page are called third-party cookies; on Enlaye’s properties, this category is currently limited to Google Analytics on the marketing site.

Similar technologies include:

  • Local storage — a browser-based storage mechanism similar to cookies but with larger capacity. Enlaye uses local storage in the Platform for product-analytics identifiers and user-interface state.

  • Session storage — a per-tab storage mechanism that is cleared when the tab is closed.

  • Web beacons / tracking pixels — small graphical elements embedded in pages or emails to record opens and engagement. Enlaye does not currently deploy advertising web beacons; we may use lightweight delivery-confirmation pixels in transactional emails.

This Cookie Policy applies to all of these technologies wherever the same regulatory framework applies to them as to cookies.

 

3. Why We Use Cookies and Similar Technologies

We use cookies and similar technologies to:

  • operate the marketing site and the Platform and keep them secure;

  • authenticate you and maintain your session when you log into the Platform;

  • remember your preferences (such as language and user-interface state);

  • understand how the marketing site is used so that we can improve it (analytics);

  • protect against bots, fraud, and abuse.

We do not use cookies or similar technologies for advertising, retargeting, cross-context behavioral advertising, or social-network sharing. We do not deploy advertising pixels, retargeting tags, social-share trackers, or mobile advertising IDs.

 

4. Cookies and Similar Technologies on Each Site

Enlaye operates two distinct web properties with different cookie footprints. We describe each separately.

4.1 The marketing Site

The public marketing site is hosted on Wix and is reachable in English at www.enlaye.com and in French at www.enlaye.com/fr (also accessible via the redirected domain www.enlaye.fr). Cookie behavior is the same regardless of which path or domain is used, because the marketing site is a single Wix property serving language-localized content from the same origin.

Cookie management on the marketing site is handled by Usercentrics for Wix, a Consent Management Platform that classifies cookies and similar technologies into the following categories and gates them behind your consent choices:

  • Essential — required for the site to function (the Wix platform itself and the Usercentrics consent management service). Always loaded; not subject to consent.

  • Functional — site-behavior and preferences cookies. Loaded after functional consent.

  • Analytical — first-party site analytics (Google Analytics 4). Blocked until analytical consent is given. Both the English and French paths report into the same GA4 property, with Google Signals off, so GA4 operates as first-party analytics and is not used for cross-context behavioral advertising.

  • Marketing — third-party content with associated tracking, currently limited to YouTube video embeds. Blocked until marketing consent is given.

The cookie banner is displayed to all visitors and lets you accept all cookies, deny non-essential cookies, or save partial preferences at the category level. You can re-open your preferences at any time from the link in the site footer.

Representative cookies on the marketing site:

  • bSession (Wix) — Site session continuity. Strictly necessary. Retained for the session.

  • hs (Wix) — Server-session binding (HTTPOnly). Strictly necessary. Retained for the session.

  • server-session-bind (Wix) — Server-session binding. Strictly necessary. Retained for the session.

  • ssr-caching (Wix) — Server-side rendering cache. Strictly necessary. Retained for approximately 1 day.

  • svSession (Wix) — Visitor session identifier. Strictly necessary. Retained for up to 18 months.

  • XSRF-TOKEN (Wix) — CSRF protection. Strictly necessary. Retained for the session.

  • wixLanguage (Wix) — Language preference between English and French paths. Functional. Retained for approximately 12 months.

  • _ga (Google Analytics) — First-party analytics. Analytics (consent-gated). Retained for approximately 24 months.

  • _ga_<id> (Google Analytics) — First-party analytics. Analytics (consent-gated). Retained for approximately 24 months.

4.2 The Platform

The Platform is a logged-in B2B service. All cookies and similar technologies on the Platform are strictly necessary for the service you have requested as an authenticated user, and are therefore not subject to consent. The Platform does not display a cookie banner because no consent is required for the cookies it uses.

The Platform uses three categories of strictly necessary cookies and similar technologies:

  • Authentication cookies set by our identity provider (Clerk) to keep you signed in across the Platform’s regional stacks (US, EU, CA).

  • Bot-protection cookies set by our edge network (Cloudflare) to distinguish legitimate users from automated traffic.

  • Functional cookies for language and user-interface state.

Representative cookies on the Platform:

  • __client_uat, __client_uat_<deployment> (Clerk) — Last authentication time. Strictly necessary. Retained for approximately 12 months.

  • __refresh_<deployment> (Clerk) — Authentication refresh token (HTTPOnly). Strictly necessary. Retained for approximately 12 months.

  • __session, __session_<deployment> (Clerk) — Active session token. Strictly necessary. Retained for approximately 12 months.

  • clerk_active_context (Clerk) — Active organization / context. Strictly necessary. Retained for the session.

  • cf_clearance (Cloudflare) — Bot-protection clearance. Strictly necessary. Retained for approximately 3 months.

  • locale (Enlaye) — Language preference. Functional. Retained for approximately 12 months.

  • sidebar_state (Enlaye) — UI sidebar state. Functional. Retained for approximately 12 months.

In addition, the Platform uses browser local storage for:

  • product-analytics identifiers and event metadata (provided by PostHog), used to understand how the Platform is used so that we can operate, secure, and improve it; and

  • user-interface state and language preferences cached locally for performance.

These local-storage values are first-party, stay on your device, and are read by the Platform only for the purposes described above. They are not transmitted to advertising networks and are not used for cross-context behavioral advertising.

The lists above describe representative cookies and similar technologies. Wix, Clerk, Cloudflare, and other service providers may set additional cookies in support of their own service operations, in accordance with their own privacy and cookie practices.

 

5. Cookie Banner and Your Choices

5.1 Marketing Site

When you first visit the marketing site (whether on the English path, the French path at /fr, or via the redirected domain www.enlaye.fr), a cookie banner managed by Usercentrics is displayed that lets you:

  • Accept all cookies (functional + analytical + marketing);

  • Deny all non-essential cookies, in which case Google Analytics is not loaded, YouTube embeds do not set tracking cookies, and no analytical or marketing cookie is set;

  • Save settings with partial preferences at the category level (Essential / Functional / Analytical / Marketing).

You can re-open the cookie preferences at any time from the link in the site footer. Essential cookies cannot be disabled because the site cannot function without them.

The cookie banner is displayed to all visitors and is calibrated to comply with the EU and UK ePrivacy regimes for visitors in those jurisdictions.

5.2 Platform

The Platform does not display a cookie banner because all cookies and similar technologies it uses are strictly necessary for the service you have requested as an authenticated user. Strictly necessary cookies are exempt from consent under the EU ePrivacy Directive and equivalent regimes.

5.3 Browser controls

Most browsers allow you to view the cookies stored on your device, block cookies (entirely or by site), and delete cookies. The mechanism varies by browser; consult your browser’s help documentation. Blocking strictly necessary cookies will prevent parts of the marketing site or the Platform from functioning correctly.

5.4 Global Privacy Control (GPC)

We honor the Global Privacy Control signal as an opt-out of analytical and marketing cookies on the marketing site and as a CCPA/CPRA “Do Not Sell or Share” signal where applicable. If your browser sends a GPC signal, we treat it as a request to deny non-essential cookies on the marketing site without requiring you to interact with the cookie banner.

5.5 Do Not Track (DNT)

We treat the legacy “Do Not Track” header as a non-binding indication of preference. Because there is no industry consensus on DNT and no enforceable legal standard tied to it, GPC is the more reliable opt-out mechanism and we recommend it.

 

6. Retention

  • Session cookies are deleted when you close your browser.

  • Persistent cookies are retained for the periods listed in the tables in §4. The longest retention applies to first-party analytics cookies on the marketing site (up to approximately 24 months).

  • Local storage entries persist until they are deleted, either by you (through your browser settings) or by the Service that wrote them (for example, on logout from the Platform).

 

7. Your Rights

Your rights with respect to personal data — including the rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to lodge a complaint with a supervisory authority — are described in the Enlaye Privacy Policy, including the regional addenda for EU/EEA, UK, Canadian, California, and other U.S. state residents.

To exercise any of those rights, write to privacy@enlaye.com.

For questions specifically about cookies and similar technologies on Enlaye’s properties, you can write to the same address.

 

8. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, applicable law, or our practices. Updates will be posted with a revised “Last Updated” date. Material changes will be announced through the Services and, where required by law, by direct notice to you, at least thirty (30) days before they take effect, except where a change is required by law to take effect sooner.

 

9. Contact

Enlaye, Inc. 

125 Western Avenue, Boston, MA 02163, USA (mailing address for general correspondence)

For Enlaye’s EU representative under GDPR Article 27 (Enlaye SAS, France) and for the designated person responsible for the protection of personal information under PIPEDA Principle 1 and Quebec Law 25 Article 3.1 (the Privacy & Security Manager), see the Privacy Policy §§B.1.6, B.1.7, and B.2.6.

bottom of page