Cookie Policy

Last updated: July 5, 2026

1. What this policy covers

This Cookie Policy explains how CalStory uses cookies, local storage, IndexedDB, and other client-side state. It is a companion to our Privacy Policy; together they describe what data is stored on your device and what is sent over the network.

CalStory is open source. You can audit the full client code on GitHub to verify every storage key we set.

2. What we store on your device

CalStory uses three categories of client-side storage. None of them is used for advertising or cross-site tracking.

a. Functional — required for the app to work

  • firebase:authUser: — Firebase Auth session token. Lets you stay signed in across page refreshes. Set by Firebase's own SDK; not a CalStory cookie.
  • calstory_profile_cache — A cached copy of your onboarding profile (height, weight, age, units, goal). Lets the dashboard render instantly while the real data loads from Firestore.
  • calstory_streak_cache — Last computed streak number, so the streak badge animates in immediately.

b. Preferences — written by CalStory, easy to clear

  • ft_theme and theme — your theme preference (light / dark / system). Used to render the correct palette on the next page load.
  • calstory_navbar_style — floating vs pill navbar layout. Cosmetic only.
  • calstory_dynamic_bg — whether you enabled the dynamic background on the dashboard. Cosmetic only.
  • gemini_api_key — your personal Gemini API key, if you chose to use one. Stored in your browser only; never sent to any CalStory-controlled server. Lives under localStorage encrypted with your user-id-derived key.

c. Analytics — none

CalStory does not use Google Analytics, Meta Pixel, Hotjar, Mixpanel, or any third-party analytics tool. The dashboard's "dynamic background" setting is a CSS animation that runs entirely on your device.

3. What we do NOT store

  • No advertising IDs (Google Advertising ID, IDFA).
  • No third-party tracking pixels (Facebook, Twitter, TikTok, LinkedIn).
  • No fingerprinting techniques (canvas, audio context, font enumeration).
  • No data sold to data brokers, ad networks, or analytics vendors.

4. How to clear your data

You can clear all CalStory-specific data at any time without deleting your account.

a. From the app

Settings → Style → "Reset all preferences" (coming soon). For now, the steps below work the same way.

b. From your browser

  1. Open DevTools (right-click → Inspect, or Cmd/Ctrl+Shift+I).
  2. Go to Application → Local Storage (or Storage in Firefox).
  3. Select the CalStory origin and click Clear All.

c. To delete your account

Settings → Account → Delete account. This permanently removes your profile, meals, workouts, and any cached data on our servers. The cookies above are also cleared on the next page load.

5. Third-party cookies set by CalStory's dependencies

Two services can set their own cookies on the CalStory origin:

  • Firebase Auth firebase:authUser: session token. Managed by Firebase; see Firebase's privacy policy.
  • Google Fonts — used for typography. Google may log requests; the CSS is inlined on the landing page where possible to avoid the round-trip.

6. Changes to this policy

We will update this page when we add or remove any client-side storage. The "Last updated" date at the top changes on every change. For material changes (a new third-party service, a new analytics vendor) we will also surface a banner inside the app for 30 days.

7. Contact

Questions about cookies or storage? Email support@calstory.app.

See also: Privacy Policy · Terms of Service