Legal information

Cookie Policy

How SnackStreak uses necessary storage, remembers user-requested preferences, and blocks optional storage unless you allow it.

Last updatedMay 9, 2026
Main usesConsent choices, secure sign-in, dashboard context, optional marketing storage
Contactsupport@snackstreak.com

Overview

What cookies are

    Why SnackStreak uses cookies

    Cookies are small text files stored by your browser. We use them to remember selected preferences and to keep authenticated users signed in while they use protected parts of SnackStreak such as the dashboard and billing pages.

    Optional analytics and marketing storage is off by default. We do not currently load an analytics or advertising provider, but the consent system blocks those categories until a visitor has actively allowed them.

Cookies we use

Current storage list

    snackstreak_cookie_consent

    Storage: First-party cookie

    Category: Necessary

    Purpose: Stores your cookie choices so optional storage remains off or on according to your decision.

    Duration: Up to 6 months

    Consent: No. This remembers your consent choice.

    session / __session

    Storage: First-party cookies

    Category: Necessary

    Purpose: Keeps signed-in users authenticated on protected dashboard, billing, and API routes.

    Duration: Up to 5 days

    Consent: No. These are required for secure account access.

    userToken

    Storage: First-party cookie

    Category: Necessary

    Purpose: Temporarily synchronizes Firebase browser auth state with the server session lifecycle.

    Duration: Until logout or token refresh

    Consent: No. This supports authentication flows.

    admin_selected_restaurant

    Storage: sessionStorage

    Category: Necessary

    Purpose: Keeps the selected restaurant context while a permitted admin or super-admin works in the dashboard.

    Duration: Current browser tab session

    Consent: No. This is needed for the selected dashboard context.

    snackstreak_verify_email_last_sent_at

    Storage: localStorage

    Category: Necessary

    Purpose: Remembers the last verification email send time to enforce a short resend cooldown.

    Duration: Until browser storage is cleared

    Consent: No. This helps prevent repeated verification email requests.

    snackstreak_popup_shown

    Storage: localStorage

    Category: Marketing

    Purpose: Remembers that a visitor dismissed the optional newsletter or discount popup.

    Duration: Until browser storage is cleared

    Consent: Yes. This key is only written when marketing consent is active and is removed when marketing consent is rejected or withdrawn.

Product usage

How these cookies work in the app

    Authentication and dashboard behavior

    The session cookies are created server-side after a Firebase identity token is verified. They are used to maintain access to protected routes such as dashboard, billing, and related API requests. In the current code, these cookies are configured with an expiry of up to five days, path /, SameSite=Lax, and Secure in production.

    The userToken cookie is written from the client during auth flows so the app can keep browser auth state and server session creation in sync. It is cleared when a user logs out.

    Optional storage, including the newsletter or discount popup dismissal key, is only used after consent for the relevant category. Rejecting or withdrawing marketing consent removes that popup key.

Control

Your choices

    Managing cookie settings

    You can accept all optional storage, reject non-essential storage, or choose categories individually. Necessary storage cannot be disabled inside SnackStreak because it is required for security and requested services.

    • You can delete or block cookies from your browser settings at any time.
    • If you block authentication storage, you may not be able to sign in or use protected dashboard and billing areas correctly.
    • On shared devices, signing out after use is recommended so session-related browser data is cleared promptly.

Providers

Third-party services

    External services may use their own storage

    SnackStreak integrates with external services such as Firebase for authentication. Some third-party providers may apply their own browser storage, security mechanisms, or cookies when their services are involved. Their own privacy and cookie documentation will apply to those provider-controlled technologies.

    Google/Firebase Analytics, advertising pixels, and other optional tracking scripts are not initialized in this version of the app. If they are added later, they must be loaded through the consent gate and remain blocked until the matching category is accepted.

This page explains the product implementation. It is not a substitute for legal advice, and the final policy text should be reviewed before production use.