Cookie Policy
Effective Date: 20 February 2026 | Version: 1.3 | Last Revised: 23 February 2026
| Legal Entity | Limeslime Ltd, a private limited company registered in England and Wales |
|---|---|
| Registered Address | Stoney Works, 8 Stoney Lane, London, United Kingdom, SE19 3BD |
| Contact | legal@endlessly.io |
| Applicable Law | UK Privacy and Electronic Communications Regulations (PECR) 2003 (as amended by the Data (Use and Access) Act 2025); UK GDPR |
PLAIN-LANGUAGE SUMMARY (not legally binding)
| ℹ This Cookie Policy explains what cookies and tracking technologies we use in the Endlessly app and website. Key points: (1) Strictly necessary cookies are always active — they make the App work. (2) Analytics cookies are now placed on an opt-out basis under the Data (Use and Access) Act 2025 (in force 5 February 2026) — you can opt out at any time via App Settings > Privacy. (3) Marketing and advertising cookies always require your explicit consent. (4) We never use cookies to track or advertise to child users. (5) Third-party SDKs (e.g., Firebase, Mixpanel, Stripe) may set their own identifiers — these are all listed in this document. |
|---|
1. WHAT ARE COOKIES AND SIMILAR TECHNOLOGIES?
1.1 Cookies are small text files placed on your device by websites and applications. They allow services to remember your preferences, keep you logged in, and understand how you use the service.
1.2 In addition to traditional cookies (used primarily on our website at endlessly.io), the Endlessly mobile app uses similar tracking technologies including:
- SDKs (Software Development Kits): Third-party code libraries embedded in the App that may collect data about your device and usage. Examples include Firebase Analytics and Mixpanel.
- Device Identifiers: Unique identifiers associated with your mobile device (e.g., IDFA on iOS, Android Advertising ID on Android) that allow analytics and advertising services to recognise your device across sessions.
- Local Storage: Data stored locally on your device by the App to remember your preferences and session state.
- Pixels and Web Beacons: Small transparent images used on our website to track page visits and email opens.
1.3 Throughout this Policy, we use the term “cookies” to refer collectively to all of these technologies unless we specify otherwise.
2. LEGAL BASIS FOR USING COOKIES
2.1 Our use of cookies is governed by the UK Privacy and Electronic Communications Regulations 2003 (“PECR”), as amended, and UK GDPR. Under these laws:
- Strictly necessary cookies: We can place these without your consent as they are essential for the App to function. They are placed on the basis of our legitimate interests in providing a working service.
- All other cookies: We require your prior, freely given, specific, informed, and unambiguous consent before placing these cookies. You give this consent through our cookie consent banner (website) or App Settings > Privacy (mobile app).
2.2 You have the right to withdraw consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal, but it will mean we stop placing non-essential cookies on your device going forward.
| ℹ Data (Use and Access) Act 2025 — Analytics Cookie Rules Now in Force: Section 112 of the Data (Use and Access) Act 2025 (DUAA 2025), together with the new Schedule A1 to PECR, came into force on 5 February 2026 (Commencement No. 6). These provisions allow analytics cookies used solely to generate aggregate statistics for the purpose of improving the service to be placed on an opt-out basis under Regulation 6(1) PECR (as amended), rather than requiring prior opt-in consent. Accordingly, we have updated the legal basis for analytics cookies in this Policy from ‘Consent’ to ‘Opt-out (DUAA 2025 / PECR Schedule A1 exemption)’. You may still opt out of analytics cookies at any time via App Settings > Privacy or our cookie preference centre. Marketing and advertising cookies continue to require your explicit opt-in consent and are unaffected by these changes. Note also that PECR maximum fines have been increased to £17.5 million or 4% of global annual turnover (whichever is higher), in line with the DUAA 2025 amendments. |
|---|
| ⚠ We never place non-essential cookies or tracking technologies on the devices of child users (under 13, or under the applicable local minimum age), regardless of any consent given. |
|---|
3. CATEGORIES OF COOKIES WE USE
3.1 Strictly Necessary Cookies
These cookies are essential for the App and website to function. Without them, you would not be able to log in, make purchases, or use core features. They cannot be disabled.
| Cookie / Identifier | Provider | Purpose | Duration |
|---|---|---|---|
| session_token | Endlessly (Limeslime Ltd) | Maintains your login session so you stay logged in while using the App | Session (expires on logout) |
| auth_refresh_token | Endlessly (Limeslime Ltd) | Securely refreshes your authentication without requiring re-login | 30 days |
| csrf_token | Endlessly (Limeslime Ltd) | Protects against Cross-Site Request Forgery (CSRF) attacks | Session |
| app_locale | Endlessly (Limeslime Ltd) | Stores your language preference for the App interface | 1 year |
| stripe_mid | Stripe | Fraud prevention and secure payment processing | 1 year |
| stripe_sid | Stripe | Session identifier for secure checkout flows | Session |
| __stripe_orig_props | Stripe | Maintains state during payment flows | Session |
3.2 Functional Cookies
These cookies remember your preferences and personalise your experience. They are not essential but improve usability. They require your consent.
| Cookie / Identifier | Provider | Purpose | Duration |
|---|---|---|---|
| user_prefs | Endlessly (Limeslime Ltd) | Stores your in-app settings (e.g., notification preferences, UI theme, audio settings) | 1 year |
| onboarding_state | Endlessly (Limeslime Ltd) | Remembers where you are in the onboarding flow if you exit and return | 30 days |
| last_lesson | Endlessly (Limeslime Ltd) | Saves your position in a lesson so you can resume where you left off | 7 days |
| apns_token / fcm_token | Apple / Google (Firebase) | Push notification token allowing us to send you lesson reminders and notifications | Until app reinstall or token refresh |
| intercom_id | Intercom (if used) | Identifies you to our customer support chat widget so support agents can see your history | 9 months |
3.3 Analytics Cookies and SDKs
These cookies and SDKs help us understand how users interact with the App and website, so we can improve performance and user experience. Following the commencement of DUAA 2025 s.112 and Schedule A1 to PECR on 5 February 2026, analytics cookies and SDKs used solely to generate aggregate service-improvement statistics are placed on an opt-out basis under Regulation 6(1) PECR (as amended). You may opt out at any time via App Settings > Privacy > Analytics or our cookie preference centre.
| SDK / Cookie | Type | Purpose | Data Collected | Opt-Out |
|---|---|---|---|---|
| Firebase Analytics (Google) | SDK (mobile) | Tracks in-app events, feature usage, lesson completion, and crash reports to improve App performance | Device ID, session data, event data, crash logs, IP address (anonymised) | App Settings > Privacy > Analytics |
| Firebase Crashlytics (Google) | SDK (mobile) | Collects crash reports and error logs to help us fix bugs | Device model, OS version, crash stack traces, app version | App Settings > Privacy > Analytics |
| Mixpanel | SDK (mobile + web) | Analyses user behaviour patterns, funnel performance, and feature adoption | User ID (pseudonymised), event data, session duration, device type | App Settings > Privacy > Analytics |
| Google Analytics (GA4) | Cookie (website) | Measures website traffic, page views, and marketing campaign effectiveness | IP address (anonymised), browser type, pages visited, referral source | Cookie banner > Analytics or google.com/settings/ads |
| _ga | Cookie (website) | Google Analytics primary identifier cookie | Pseudonymous user ID | 2 years (or on opt-out) |
| _ga_[ID] | Cookie (website) | Google Analytics session state | Session data | 2 years (or on opt-out) |
| mp_[token]_mixpanel | Cookie (website) | Mixpanel user identifier for web | Pseudonymous user ID | 1 year (or on opt-out) |
3.4 Marketing and Advertising Cookies
These cookies are used to show relevant advertising on the Free Tier of the App. They require your explicit consent and are never placed on child users’ devices.
| SDK / Cookie | Type | Purpose | Data Collected | Opt-Out |
|---|---|---|---|---|
| Facebook Pixel / Meta SDK | SDK (mobile + web) | Measures ad campaign effectiveness and enables retargeting on Facebook/Instagram | Device ID, IP address, behavioural data, custom events | App Settings > Privacy > Advertising |
| Google Ads (AdMob) | SDK (mobile) | Displays in-app advertisements on the Free Tier | Advertising ID, IP address, app usage data | App Settings > Privacy > Advertising or device ad settings |
| _fbp | Cookie (website) | Facebook/Meta advertising identifier | Pseudonymous user ID | 3 months (or on consent withdrawal) |
| _fbc | Cookie (website) | Tracks Facebook ad click-through attribution | Click ID from Facebook ad | 2 years (or on consent withdrawal) |
| IDE | Cookie (website) | Google DoubleClick/Ads identifier for ad personalisation | Pseudonymous user ID | 1 year (or on consent withdrawal) |
| ⚠ Advertising cookies are never placed on devices of child users (under 13, or applicable local minimum age). Child accounts are automatically excluded from all advertising tracking. |
|---|
4. THIRD-PARTY COOKIES AND SDKS
4.1 Some cookies and SDKs in the App are placed by third parties. These third parties have their own privacy policies governing their use of cookies and data. We have no control over third-party cookies once they are placed. Below are links to the privacy and cookie policies of our key third-party providers:
| Provider | Privacy / Cookie Policy URL |
|---|---|
| Google Firebase & Analytics | https://policies.google.com/privacy |
| Google AdMob | https://policies.google.com/privacy |
| Mixpanel | https://mixpanel.com/legal/privacy-policy |
| Stripe | https://stripe.com/gb/privacy |
| Apple (App Store, Apple Pay) | https://www.apple.com/legal/privacy |
| Meta / Facebook Pixel | https://www.facebook.com/privacy/policy |
| Intercom (Support Chat) | https://www.intercom.com/legal/privacy |
| PayPal | https://www.paypal.com/uk/legalhub/privacy-full |
| OpenAI (AI Features) | https://openai.com/privacy |
| Microsoft Azure (AI Features) | https://privacy.microsoft.com |
| Amazon Web Services | https://aws.amazon.com/privacy |
4.2 We regularly review our list of third-party SDKs and update this Policy when we add or remove providers. We will notify you of material changes to this list via in-app notification or email.
5. COOKIES AND TRACKING WE DO NOT USE
5.1 To be transparent about our practices, we confirm that we do not use the following:
- Cookies or tracking technologies to monitor, profile, or advertise to child users (under 13 or applicable local minimum age)
- Fingerprinting techniques that attempt to identify your device using a combination of browser or device characteristics without a cookie
- Persistent cross-site tracking of your browsing activity across unrelated third-party websites
- Dark patterns or pre-ticked consent boxes to obtain consent for non-essential cookies
6. HOW TO MANAGE AND OPT OUT OF COOKIES
6.1 In the Endlessly App
You can manage all non-essential cookie and tracking preferences directly in the App:
- Go to Account > Settings > Privacy
- Toggle on or off: Analytics, Personalisation, Advertising
- Changes take effect immediately
- Withdrawing consent does not affect your ability to use core App features
6.2 On the Endlessly Website
A cookie consent banner is displayed when you first visit endlessly.io. You can:
- Accept all cookies
- Reject all non-essential cookies
- Customise your preferences by category
- Update your preferences at any time by clicking “Cookie Settings” in the website footer
6.3 Through Your Device Settings
You can also manage tracking through your device:
- iOS (iPhone/iPad): Settings > Privacy & Security > Tracking — toggle off “Allow Apps to Request to Track” or disable per-app
- Android: Settings > Privacy > Ads — select “Opt out of Ads Personalisation” or reset your Advertising ID
6.4 Through Your Browser (Website)
Most browsers allow you to manage cookies through their settings. Note that blocking all cookies may affect your ability to use some features of our website:
- Google Chrome: Settings > Privacy and Security > Cookies and other site data
- Safari: Preferences > Privacy > Manage Website Data
- Firefox: Options > Privacy & Security > Cookies and Site Data
- Microsoft Edge: Settings > Cookies and Site Permissions
6.5 Industry Opt-Out Tools
You can also opt out of interest-based advertising from many providers through industry tools:
- UK/EU: Your Online Choices — www.youronlinechoices.com
- USA: Digital Advertising Alliance — optout.aboutads.info
- USA: Network Advertising Initiative — optout.networkadvertising.org
- Google Ads: google.com/settings/ads
7. COOKIE DURATION
7.1 Cookies fall into two categories based on duration:
- Session cookies: Temporary cookies that are deleted when you close the App or browser. They are used to maintain your session state during a single use.
- Persistent cookies: Cookies that remain on your device for a set period (or until you delete them). They are used to remember your preferences and recognise you on return visits.
7.2 The specific duration of each cookie is listed in the tables in Section 3. We do not use persistent cookies with a duration longer than 2 years. Where technically possible, we set the shortest duration necessary for the cookie’s purpose.
8. CHILDREN AND COOKIES
8.1 We take special care with child users. For any user identified as under 13 (or the applicable local minimum age):
- Only strictly necessary cookies and SDKs are active
- Analytics SDKs operate in a privacy-preserving mode without advertising identifiers
- No advertising or marketing cookies are placed
- No third-party tracking for commercial purposes is enabled
- Firebase Analytics and similar SDKs are configured to disable advertising ID collection for child accounts
8.2 Parents can review and request deletion of any data collected from their child’s device by contacting legal@endlessly.io.
9. UPDATES TO THIS COOKIE POLICY
9.1 We may update this Cookie Policy when we add new SDKs or tracking technologies, change how we use existing cookies, or when required by changes in applicable law. We will notify you of material changes via in-app notification or email, and update the “Effective Date” at the top of this document.
9.2 We recommend reviewing this Policy periodically. Your continued use of the App after changes take effect constitutes acceptance of the updated Policy.
9.3 If you previously consented to non-essential cookies and we add new cookie categories, we will seek fresh consent for the new categories.
10. CONTACT US
10.1 If you have any questions about our use of cookies, or wish to exercise your rights under UK PECR or UK GDPR, please contact us:
| Company | Limeslime Ltd |
|---|---|
| Registered Address | Stoney Works, 8 Stoney Lane, London, United Kingdom, SE19 3BD |
| legal@endlessly.io | |
| ICO Registration Number | 00013253909 |
10.2 You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data or cookies correctly: ico.org.uk/make-a-complaint.
10.3 We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Act 2018. ICO Registration Number: 00013253909.
Limeslime Ltd — Cookie Policy v1.3 — Effective 20 February 2026 | Last Revised 23 February 2026
Contact
Limeslime Ltd
Stoney Works, 8 Stoney Lane
London, United Kingdom, SE19 3BD
legal@endlessly.io