Cookies and local storage
Last updated: 2026-05-11 · Consent schema version: 1
Manage your choice
You can change your choice at any time — a modal opens with toggles for each category.
1. What are cookies
A cookie is a small file a site stores in your browser. It may also be an entry in localStorage or sessionStorage. Mentor uses all of these depending on purpose (security session, language, consent schema).
We distinguish essential cookies (without which the platform doesn't work) from non-essential ones (analytics, functional, marketing) — the latter load only after explicit consent.
2. Categories in use
Below is the complete list of cookies and storage, grouped by category.
Essential cookies
Required for the app to work. No consent needed.
| Name | Storage | Party | Purpose | Retention |
|---|---|---|---|---|
| authjs.session-token | cookie | Mentor | NextAuth.js authentication session — required for any signed-in functionality. | 30 days from last sign-in |
| authjs.csrf-token | cookie | Mentor | CSRF protection on sign-in and sign-up forms. | Browser session |
| authjs.callback-url | cookie | Mentor | URL NextAuth.js redirects to after successful sign-in. | Browser session |
| mentor-tenant | cookie | Mentor | Currently active tenant when the user belongs to more than one company. | 1 year |
| mentor-locale | cookie | Mentor | Selected interface language (sl / en). | 1 year |
| mentor-theme | cookie | Mentor | Selected interface theme (light / dark / system). | 1 year |
| mentor-cookie-consent | localStorage | Mentor | Your stored consent / rejection for non-essential cookies. | 6 months or until updated |
| Plačilni piškotki | cookie | Third party | Payment processing and fraud protection cookies set by the payment partner exclusively during the Stripe checkout flow. | Several months — managed by the payment partner |
| Anti-bot piškotki | cookie | Third party | Bot detection and CAPTCHA set by the bot-protection partner exclusively when the signup form is opened. | Up to 30 days |
Analytics cookies
Anonymous traffic measurement, only with consent.
| Name | Storage | Party | Purpose | Retention |
|---|---|---|---|---|
| Analitika obiska | cookie | Third party | Anonymous traffic analytics for the public site (pageviews, entry points). All path IDs are sanitized before sending. Loaded only after your consent. | Up to 2 years |
Functional cookies
Extended UI preferences, only with consent.
We don't currently use any cookies in this category.
Marketing cookies
Advertising trackers. We don't use any right now.
We don't currently use any cookies in this category.
3. How consent works
On the first public-site visit, a banner appears. Options: Accept all, Reject non-essential, or Settings (per category).
Your choice is stored locally in localStorage together with the consent schema version number. If we add new categories or vendors in the future, the version bumps and we re-ask.
4. Reject or withdraw consent
Change your choice at any time via the "Change cookie preferences" link in the footer, or by deleting mentor-cookie-consent from your browser's local storage.
Essential cookies cannot be disabled — without them sign-in, tenant selection, login security, and checkout do not work.
5. Changes to this policy
We update this policy whenever we add or remove a vendor. The last-updated date and consent schema version are shown at the top of the page.