COOKIE POLICY

Last updated: 18.04.2026

This Cookie Policy explains which cookies and similar technologies we use on Reimgen, for which purposes, on which legal basis and how you can manage your settings.

Important: EU rules on cookies and access to terminal equipment are technology-neutral. They cover classic HTTP cookies as well as LocalStorage, SessionStorage and comparable methods that store information on your device or read information from it.

1) Controller & contact

Michael Reimer Am Langenbach 10, 48308 Senden, Deutschland Email: info@reimgen.com

2) What are cookies and "similar technologies"?

2.1 Cookies (HTTP cookies)

Cookies are small text items stored by your browser when you visit a website. Your browser may send them back on later visits. Cookies can be necessary for login/session handling or to store settings.

2.2 LocalStorage/SessionStorage (Web Storage)

Web Storage stores data directly in the browser, for example as key-value pairs. Unlike cookies, this data is not automatically sent to the server with every request, but it can be read and written by JavaScript in the browser.

2.3 Other device technologies

Depending on the integration, comparable technologies may also be used, such as SDK IDs or pixels. Currently, in addition to cookies, we use LocalStorage and SessionStorage for syncing your cookie setting, technical first-party telemetry, auth/security flows and bot protection.

3) Categories: which types do we use?

We use two categories:

A) Strictly necessary technologies - required to provide the service you explicitly request, such as login/session, OAuth security, Turnstile bot protection, technical telemetry and storing your cookie choice.
B) Statistics/analytics technologies - help us understand how Reimgen is used and are loaded only after opt-in.

4) Consent & cookie banner

4.1 Prior blocking

Cookie-based analytics is not loaded by default. We load Google Analytics 4 and the related scripts only after you explicitly choose "Accept all". Vercel Web Analytics may additionally be used without cookies for aggregated site statistics.

4.2 Equal choice: Essential only vs. Accept all

You can choose "Essential only" and continue using Reimgen. There is no cookie wall; access does not depend on accepting analytics.

4.3 Withdrawal/change at any time

You can change your choice or withdraw consent at any time through "Cookie settings" in the website footer. If you change from "Accept all" back to "Essential only", we stop analytics measurement as far as possible and try to delete already-set analytics cookies.

4.4 Global Privacy Control (GPC)

If your browser sends a Global Privacy Control signal, we treat this privacy-friendly as a preference for "Essential only" and may store that choice so you are not asked repeatedly.

4.5 Consent versioning

We version cookie consent, for example "v1". If purposes, tools or categories change materially, we may need to ask for your choice again.

5) Cookie/technology inventory

The table below lists cookies and device-related storage technologies used in our current implementation.

Some cookies are set only when you use certain functions, such as login. Depending on the browser, version and Google configuration, individual analytics cookies may vary. We update this list when changes are made.

Legend:

"Set before opt-in?" refers to consent-required categories.
"Session" means the item is deleted when the browser is closed.

5.1 Strictly necessary technologies

Name	Provider	Category	Purpose	Type/attributes	Retention	Set before opt-in?
reimgen_cookie_consent	Reimgen (first-party)	Essential	Stores your cookie choice, for example "v1:essential" or "v1:all", so we can respect your setting on later visits.	HTTP cookie; Path=/; SameSite=Lax; Secure on HTTPS	1 year (Max-Age)	Set once you make a choice; if Global Privacy Control is active, "essential only" may be stored automatically.
reimgen_cookie_consent_mirror	Reimgen (first-party)	Essential	Synchronizes your cookie choice between tabs/windows on a best-effort basis. Stores a small JSON object with version, choice and timestamp.	LocalStorage entry (Web Storage)	Until you delete it in your browser	Set once you make a choice; if Global Privacy Control is active, "essential only" may be stored automatically.
__Host-reimgen_pl / reimgen_pl	Reimgen (first-party)	Essential	Security/login function ("pending login"). Enables completion of the login flow.	HTTP cookie; HttpOnly; SameSite=Lax; Secure in production; Path=/	10 minutes	Yes, only during the login flow.
__Host-authjs.session-token / authjs.session-token (possibly next-auth.* / legacy variants)	Reimgen (first-party; Auth.js/NextAuth)	Essential	Session management for the signed-in state.	HTTP cookie; usually HttpOnly/Secure depending on environment/configuration	Up to 30 days	Yes, only if you are signed in or a session exists.
authjs.csrf-token / __Host-authjs.csrf-token (possibly next-auth.*)	Reimgen (first-party; Auth.js/NextAuth)	Essential	CSRF protection and security.	HTTP cookie; attributes depend on configuration	Session or short term	Yes, when security/auth functions are used.
__Host-authjs.callback-url / authjs.callback-url (possibly next-auth.callback-url)	Reimgen (first-party; Auth.js/NextAuth)	Essential	Stores a return URL after login/redirect.	HTTP cookie	Usually session or short term	Yes, only when auth/redirect is used.
authjs.pkce.code_verifier / authjs.state / authjs.nonce / authjs.challenge (possibly __Host- or next-auth.* variants)	Reimgen (first-party; Auth.js/NextAuth)	Essential	Secures OAuth sign-ins through Google, Apple or Microsoft with PKCE, state, nonce/challenge and prevents manipulation in the redirect flow.	HTTP cookie; attributes depend on Auth.js/environment	Short term, typically minutes and at most until the login flow ends	Yes, only when OAuth login is used.
reimgen_public_telemetry	Reimgen (first-party)	Essential	Stores technical first-party telemetry such as consent status, anonymous event/client identifiers or deduplication information so necessary security, error and product functions work consistently.	HTTP cookie or client-side first-party storage depending on current delivery	Up to 1 year or until you delete site data in the browser	Yes, to the extent used for necessary technical telemetry.
reimgen.publicTelemetryToken / reimgen.uxFlow.<flow> / reimgen.perf.pendingRoute / reimgen.lastPage / reimgen.funnel.visitSent / reimgen.authModalOpen / reimgen.gallery.image-reuse / generator-image-drafts:<module>	Reimgen (first-party)	Essential	Stores temporary technical first-party data, for example telemetry tokens, event deduplication, navigation/performance state, login return path, modal state, image reuse or local generator drafts.	SessionStorage and/or LocalStorage (Web Storage)	Mostly SessionStorage until the tab is closed; local generator drafts remain until site data is deleted or the app replaces/deletes the entry	Yes, to the extent used for necessary technical purposes.
Cloudflare Turnstile tokens/storage	Cloudflare	Essential	Bot and abuse protection for protected forms and auth/security flows. Cloudflare may process technical browser data, challenge status and tokens for this purpose.	Cookie, LocalStorage or comparable Cloudflare challenge/token technology	Short term or according to Cloudflare configuration	Yes, only for protected forms/flows.

5.2 Statistics/analytics, only after consent

Where activated, we use Google Analytics 4. GA4 scripts are loaded only after your consent ("Accept all").

According to Vercel, Vercel Web Analytics and Vercel Speed Insights do not use cookies. For that reason they are not listed as cookies in the table; they may be used for aggregated, cookie-less site and performance statistics.

Name	Provider	Category	Purpose	Type/attributes	Retention	Set before opt-in?
_ga	Reimgen (first-party), set through Google Analytics	Analytics	Distinguishes users/client IDs and enables recognition.	HTTP cookie set client-side through JavaScript	Up to 2 years (typical GA default)	No.
_ga_[property-specific suffix]	Reimgen (first-party), set through Google Analytics	Analytics	Stores/manages session state and tracking information for GA4. The concrete name is generated by Google from the configured GA4 Measurement ID.	HTTP cookie set client-side through JavaScript	Up to 2 years (typical GA default)	No.
_gid / _gat (if set by GA)	Reimgen (first-party), set through Google Analytics	Analytics	Short-lived identifiers/throttling depending on setup.	HTTP cookie set client-side through JavaScript	Typically 24 hours (_gid) or minutes (_gat)	No.

6) Google Consent Mode v2

If you choose "Accept all", we use Google Consent Mode v2 with GA4 for analytics and set the analytics storage consent signal to granted:

analytics_storage = granted

We use Google Analytics for statistics. We currently do not use our own advertising or remarketing tags and our banner does not grant consent for ad_storage, ad_user_data or ad_personalization. If we activate marketing technologies in the future, we will update this policy and provide a separate choice where required.

If you choose "Essential only" or withdraw consent, we stop sending pageview events to GA/gtag as far as possible and set analytics_storage to denied. We also try to delete already-set GA cookies.

7) Legal bases

7.1 Strictly necessary technologies

Device access: the legal exception for strictly necessary technologies.
GDPR: Article 6(1)(b) GDPR for account/service performance and/or Article 6(1)(f) GDPR for security and stable operation.

7.2 Analytics (GA4)

Device access: consent.
GDPR: Article 6(1)(a) GDPR and Article 7 GDPR.

8) Third-party providers and international transfers

When Google Analytics is used, data may be transferred to Google and processed in third countries such as the United States. Details on recipients, safeguards such as SCC/DPF and retention periods are provided in our Privacy Policy in the analytics/Google section.

9) Browser settings

You can delete cookies and site data in your browser at any time. This also removes local storage such as LocalStorage. If you delete cookies, you may need to set preferences again and sign in again.

10) Changes to this Cookie Policy

We may update this Cookie Policy if tools, categories or legal requirements change. The date under "Last updated" indicates the latest update.