Cookie Policy

Last updated: December 14, 2024

1. Introduction

This Cookie Policy explains how FamilyCard AI ("we," "our," or "us") uses cookies and similar technologies when you visit our website and use our Service. This policy should be read in conjunction with our Privacy Policy.

2. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

Cookies can be:

Session Cookies: Temporary cookies that expire when you close your browser
Persistent Cookies: Cookies that remain on your device for a set period or until you delete them
First-Party Cookies: Set by the website you're visiting
Third-Party Cookies: Set by a different domain than the one you're visiting

3. Cookies We Use

FamilyCard AI uses a minimal, privacy-focused approach to cookies. We only use strictly necessary cookies required for the Service to function.

3.1 Strictly Necessary Cookies

These cookies are essential for you to use our Service. Without these cookies, our Service cannot function properly.

Cookie Name	Purpose	Duration	Type
`session`	Maintains your logged-in state and authenticates your session. This cookie stores a secure JWT (JSON Web Token) that identifies you as a logged-in user.	30 days from last activity	First-party, Persistent

3.2 Cookies We Don't Use

For your privacy and transparency, here's what we do NOT use:

Analytics Cookies: We do not use Google Analytics, Mixpanel, or similar analytics tools
Advertising Cookies: We do not serve ads or use advertising tracking cookies
Social Media Cookies: We do not embed social media tracking pixels
Third-Party Tracking: We do not allow third parties to track you on our website

4. How Our Session Cookie Works

Our session cookie is essential for authentication and user experience:

4.1 What It Contains

User ID: Your unique identifier in our system
Email Address: Your registered email
Expiration Time: When the session expires (30 days from last activity)
Digital Signature: A cryptographic signature to prevent tampering

4.2 Security Features

HttpOnly: The cookie cannot be accessed by JavaScript, protecting against XSS attacks
Secure: The cookie is only transmitted over HTTPS in production
SameSite: The cookie uses SameSite=Lax to protect against CSRF attacks
Encrypted: The cookie content is signed and encrypted using industry-standard JWT

4.3 When It's Created

The session cookie is created when you:

Click the magic link in your login email
Complete the registration process for a new account

4.4 When It Expires

The session cookie is deleted when:

You click the "Logout" button
30 days have passed since your last activity
You clear your browser cookies

5. Managing Cookies

5.1 Your Browser Settings

You can control and/or delete cookies through your browser settings. Here's how to manage cookies in popular browsers:

Google Chrome

Settings → Privacy and security → Cookies and other site data → See all cookies and site data

Mozilla Firefox

Settings → Privacy & Security → Cookies and Site Data → Manage Data

Safari

Preferences → Privacy → Manage Website Data

Microsoft Edge

Settings → Cookies and site permissions → Cookies and site data → See all cookies and site data

5.2 What Happens If You Block Cookies

Important: If you block or delete our session cookie, you will not be able to use FamilyCard AI. The session cookie is essential for:

Maintaining your logged-in state
Accessing your account and generated cards
Creating new holiday cards
Managing your subscription

We respect your choice to manage cookies, but please understand that our Service requires this cookie to function.

6. Do Not Track

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Because we do not use analytics or advertising cookies, we do not track you regardless of your DNT setting.

Our session cookie is necessary for the Service to function and is not affected by DNT settings.

7. Third-Party Services

While we don't use third-party cookies, we do use third-party services:

7.1 Stripe (Payment Processing)

When you make a purchase, you are redirected to Stripe's secure checkout page. Stripe may set its own cookies according to their Privacy Policy. These cookies are set directly by Stripe, not by FamilyCard AI.

7.2 AI Processing

We use Replicate's API for AI image generation. Replicate does not set cookies on our website. Your photos are transmitted directly to their API via secure server-to-server communication.

8. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for legal reasons. If we make significant changes, we will notify you by:

Updating the "Last updated" date at the top of this policy
Posting a notice on our website
Sending you an email notification (for material changes)

9. Contact Us

If you have questions about our use of cookies or this Cookie Policy, please contact us:

Email: [email protected]
Support: [email protected]

Summary

TL;DR: FamilyCard AI uses only one essential cookie (the session cookie) to keep you logged in. We don't use analytics, advertising, or tracking cookies. Your privacy is important to us.