Cookie Policy
Last updated: March 24, 2026
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help the site remember your preferences and keep you logged in. Some are essential for the site to work; others help us understand how people use the site so we can improve it.
2. Cookies We Use
BandAid Poster uses a minimal set of cookies — all first-party and necessary for the site to function. We do not use advertising, marketing, or cross-site tracking cookies.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| ba_session | Keeps you logged in. Contains an encrypted session token (AES-256-GCM). HTTP-only — cannot be read by JavaScript. | Essential, first-party | 7 days |
| google_oauth_state | CSRF protection during Google sign-in. Validates that the OAuth response came from a request we initiated. | Essential, first-party | 10 minutes |
| invite_code | Preserves your invite code across the Google OAuth redirect so it can be applied after sign-in. | Essential, first-party | 10 minutes |
3. Analytics Technologies
We use Vercel Analytics and Vercel Speed Insights to understand page-view volume and real-user performance (Core Web Vitals). These tools are privacy-friendly:
- They do not set cookies
- They do not track individual users
- They do not collect personal information
- Data is aggregated and anonymous
No Google Analytics, Facebook Pixel, or other third-party tracking scripts are loaded on this site.
4. Browser Fingerprinting
To prevent abuse (e.g., ban evasion and automated poster generation), we collect a hashed browser fingerprint composed of canvas rendering, screen dimensions, timezone, and user-agent data. This hash is stored server-side for security purposes only:
- Not used for advertising, profiling, or cross-site tracking
- Not shared with any third party
- Automatically purged after 30 days
5. Third-Party Cookies
BandAid Poster itself does not set third-party cookies. However, when you interact with Stripe during checkout, Stripe may set its own cookies for fraud detection and payment security. These cookies are governed by Stripe's Privacy Policy.
6. Local Storage
We use your browser's local storage (not a cookie) to remember that you have acknowledged this cookie notice. This data stays on your device and is never sent to our servers.
7. Your Choices
Because all of our cookies are strictly necessary for the site to function (authentication and security), we do not offer an opt-out for these cookies. If you disable cookies in your browser, you will not be able to log in.
You can clear cookies at any time through your browser settings. This will log you out and remove all BandAid Poster cookies from your device.
8. California Residents (CCPA / CalOPPA)
Under the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA), you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of your personal information
- Not be discriminated against for exercising your privacy rights
We do not sell your personal information. We do not share personal information with third parties for their direct marketing purposes. We do not use your data for targeted advertising.
To exercise any of these rights, contact us at jarviscarlsen@gmail.com.
9. Do Not Track
We honor Do Not Track (DNT) browser signals. Because we do not use tracking cookies or third-party analytics that track individuals, our site behaves the same regardless of your DNT setting.
10. Changes to This Policy
We may update this cookie policy from time to time. The "Last updated" date at the top will reflect when changes were made.
11. Contact
Questions about our use of cookies? Email us at jarviscarlsen@gmail.com.