Cookie notice

foodycall keeps cookies to a minimum. Everything we set is strictly needed to make the site work — signing you in, remembering your RSVP, and protecting login from cross-site forgery. There’s no banner because there’s nothing to consent to that the GDPR’s “strictly necessary” exemption doesn’t already cover.

What we set

• fc_session_foodycall — your login session. An opaque token; the matching record on our side stores the user id and an expiry. HttpOnly, SameSite=Lax, Secure in production. Cleared when you sign out, otherwise rolls over with your activity.
• fc_oauth_state — only set for the ~30 seconds you’re bouncing through Google to sign in. Holds a random anti-CSRF value and is cleared the moment you land back on our callback page.
• fc_guest — set when you RSVP to an invite. A signed reference to your guest record so that, if you re-open the invite link from the same browser later, we can show you the right status without making you retype your email. HttpOnly, SameSite=Lax. Lasts up to a year. Clearing it just means you’ll be asked for your email again next time.

Local browser storage

Two things live in your browser’s sessionStorage and never reach our servers:

• foodycall:wizard-prefill — values you typed into the demo wizard on the home page, carried over if you choose to sign up. Cleared after we read it once, or when you close the tab.
• fc_next — the URL you were trying to reach when login redirected you, so we can send you back there. Cleared on the same redirect.

What we don’t set

No analytics cookies. No marketing pixels. No third-party trackers. No social-network buttons that phone home.

Questions or a request to clear something on our side? Mail privacy@foodycall.me.