1. What is a cookie?
A cookie is a small text file stored on your device by your browser when you visit a website. Cookies can be "first-party" (set by the site you are visiting) or "third-party" (set by another domain). Similar technologies such as localStorage, sessionStorage, and IndexedDB store information locally in your browser and are covered by this policy where we use them.
2. Why we use cookies and local storage
We use first-party cookies and local storage to:
- Keep you signed in during your session.
- Protect your account from common web attacks (for example, CSRF protection and session binding).
- Remember conveniences you enable on a device (such as a trusted-device token or PIN quick-unlock).
- Remember simple preferences like time zone and idle-timeout setting.
- Measure basic, anonymous website usage so we can improve the Service.
3. The cookies we set
| Name / type | Purpose | Category | Lifetime |
|---|---|---|---|
session (first-party) |
Keeps you signed in. Marked HttpOnly, Secure, and SameSite so it cannot be read by scripts or sent cross-site. | Strictly necessary | Until you sign out, or up to the idle timeout you select (15, 60, or 240 minutes) |
| CSRF token (first-party) | Protects form submissions from cross-site request forgery. | Strictly necessary | Session |
trusted_device (first-party, optional) |
If you choose "trust this device" during two-factor login, allows you to skip the email code on that device. | Functional (opt-in) | 30 days, or until you revoke it from Profile, change your password, or sign out |
| PIN quick-unlock state (first-party local storage) | If you enable PIN quick-unlock, stores an encrypted token on the device so you can unlock with a PIN. | Functional (opt-in) | Until you disable PIN unlock, clear browser data, or it expires |
| Preference storage (first-party local storage) | Stores non-sensitive preferences such as display settings. | Functional | Until cleared |
| Anonymous analytics cookie (first-party) | Distinguishes unique visits so we can count page views without identifying you. No cross-site tracking. | Analytics (first-party) | Up to 12 months |
4. Third-party cookies
When you begin a checkout, you are directed to a Stripe-hosted checkout page. Stripe sets its own cookies there for fraud prevention and session management. Those cookies are governed by Stripe's privacy and cookie practices, not ours. We do not embed third-party advertising or social-media pixels on familymedapp.com.
5. Your choices
- Strictly necessary cookies cannot be turned off without breaking core functionality such as signing in.
- Functional cookies (trusted device, PIN unlock) are set only if you opt in. You can revoke trusted devices and disable PIN unlock from your Profile at any time.
- Analytics cookies. Because we use only first-party, anonymous analytics with no cross-site tracking, no advertising use, and no sale of data, most privacy frameworks treat these as low-risk. Where required by law, we will display a consent banner before setting them.
- Browser controls. You can block or delete cookies through your browser settings. Note that doing so will sign you out and may break features.
- "Do Not Track." We honor your browser's "Do Not Track" or "Global Privacy Control" signal where applicable law requires it.
6. Changes to this policy
We may update this Cookie Policy from time to time. The "Last updated" date above shows when it was most recently revised. Material changes will be announced in the app or by email.
7. Contact
Questions about cookies? Email help@familymedapp.com.