Cookie Policy
Last updated: July 5, 2026
1. What this policy covers
This Cookie Policy explains how CalStory uses cookies, local storage, IndexedDB, and other client-side state. It is a companion to our Privacy Policy; together they describe what data is stored on your device and what is sent over the network.
CalStory is open source. You can audit the full client code on GitHub to verify every storage key we set.
2. What we store on your device
CalStory uses three categories of client-side storage. None of them is used for advertising or cross-site tracking.
a. Functional — required for the app to work
firebase:authUser:— Firebase Auth session token. Lets you stay signed in across page refreshes. Set by Firebase's own SDK; not a CalStory cookie.calstory_profile_cache— A cached copy of your onboarding profile (height, weight, age, units, goal). Lets the dashboard render instantly while the real data loads from Firestore.calstory_streak_cache— Last computed streak number, so the streak badge animates in immediately.
b. Preferences — written by CalStory, easy to clear
ft_themeandtheme— your theme preference (light / dark / system). Used to render the correct palette on the next page load.calstory_navbar_style— floating vs pill navbar layout. Cosmetic only.calstory_dynamic_bg— whether you enabled the dynamic background on the dashboard. Cosmetic only.gemini_api_key— your personal Gemini API key, if you chose to use one. Stored in your browser only; never sent to any CalStory-controlled server. Lives underlocalStorageencrypted with your user-id-derived key.
c. Analytics — none
CalStory does not use Google Analytics, Meta Pixel, Hotjar, Mixpanel, or any third-party analytics tool. The dashboard's "dynamic background" setting is a CSS animation that runs entirely on your device.
3. What we do NOT store
- No advertising IDs (Google Advertising ID, IDFA).
- No third-party tracking pixels (Facebook, Twitter, TikTok, LinkedIn).
- No fingerprinting techniques (canvas, audio context, font enumeration).
- No data sold to data brokers, ad networks, or analytics vendors.
4. How to clear your data
You can clear all CalStory-specific data at any time without deleting your account.
a. From the app
Settings → Style → "Reset all preferences" (coming soon). For now, the steps below work the same way.
b. From your browser
- Open DevTools (right-click → Inspect, or Cmd/Ctrl+Shift+I).
- Go to Application → Local Storage (or Storage in Firefox).
- Select the CalStory origin and click Clear All.
c. To delete your account
Settings → Account → Delete account. This permanently removes your profile, meals, workouts, and any cached data on our servers. The cookies above are also cleared on the next page load.
5. Third-party cookies set by CalStory's dependencies
Two services can set their own cookies on the CalStory origin:
- Firebase Auth —
firebase:authUser:session token. Managed by Firebase; see Firebase's privacy policy. - Google Fonts — used for typography. Google may log requests; the CSS is inlined on the landing page where possible to avoid the round-trip.
6. Changes to this policy
We will update this page when we add or remove any client-side storage. The "Last updated" date at the top changes on every change. For material changes (a new third-party service, a new analytics vendor) we will also surface a banner inside the app for 30 days.
7. Contact
Questions about cookies or storage? Email support@calstory.app.
See also: Privacy Policy · Terms of Service