effective February 28, 2026
Cookie Notice
we use a small number of cookies and similar browser-storage technologies to keep you signed in and remember light UI preferences. no ads, no cross-site tracking.
1. what we actually store
strictly necessary — used by the auth provider
- Supabase auth tokens — stored in
localStorageunder keys prefixed by your Supabase project. these contain a JWT access token and a refresh token. they keep you signed in across page reloads and let us refresh your session automatically. you cannot use DontFumble without these.
functional — UI preferences
df-onboarded:v1— a single flag that records whether you've seen the welcome modal on the chats page, so we don't show it every time you load.
third-party
- Razorpay — when you complete a purchase, Razorpay's embedded checkout may set its own cookies on the razorpay.com domain (not ours) for fraud prevention and to remember your payment preferences. these are governed by Razorpay's privacy policy.
- Google Sign-In — if you choose to sign in with Google, Google may set cookies on its own domain during the auth handshake. these are governed by Google's privacy policy.
2. what we do NOT use
- no advertising / ad-tech cookies
- no cross-site tracking / fingerprinting
- no third-party analytics that build behavioural profiles (e.g. no Google Analytics, no Mixpanel, no Hotjar — as of the effective date above)
- no email marketing pixels in transactional emails
3. managing cookies
all modern browsers let you block or delete cookies and clear localStorage from settings. blocking our auth cookies will sign you out — there's no way around this without breaking authentication. blocking the df-onboarded key will cause the welcome modal to show on every visit, but otherwise the app works normally.
4. changes
if we ever add new cookies (e.g. for limited first-party analytics), we'll update this page first and give you a way to opt out where required by law.
5. contact
questions about cookies or browser storage? email dontfumbleai@gmail.com.