Effective 14 July 2026

Cookie and Storage Notice

This notice explains the first-party cookies and browser storage currently used by FeedbackPilot. The application does not add advertising pixels, behavioural tracking, session replay, cross-site profiling, or a browser identifier for product analytics.

This notice should be read with the Privacy Notice.

Current inventory

Storage used by FeedbackPilot

3 first-party items

feedbackpilot-session

CookieStrictly necessary
Purpose
Keeps a signed-in user authenticated and protects access to their workspace.
Duration
Up to 7 days, or until the user logs out or clears site data.
Controls and safeguards
First-party, HttpOnly, SameSite=Lax, Secure in production, and available across the application path.

feedbackpilot-google-oauth

CookieStrictly necessary
Purpose
Protects the temporary PKCE and intent state when a user chooses Google login or signup.
Duration
Up to 10 minutes, and cleared after the Google authentication callback.
Controls and safeguards
First-party, signed, HttpOnly, SameSite=Lax, Secure in production, and restricted to the Google callback path.

feedbackpilot-theme

Local storageAppearance preference
Purpose
Remembers whether the user selected the light or dark appearance.
Duration
Until the user changes it, removes it through the Cookie and Storage Notice, or clears site data.
Controls and safeguards
Stores only light or dark, is not used to identify or profile the user, and has a direct free removal control.

Server-side product analytics

Product analytics is currently disabled. When enabled, FeedbackPilot counts signed-in active accounts through existing authenticated server requests. This does not write or read an analytics cookie, local-storage key, advertising identifier, tracking pixel, or browser fingerprint. The related daily database record and account-level objection control are described in the Privacy Notice and Account and security settings.

Why a general consent banner is not currently shown

FeedbackPilot currently uses browser storage only for requested authentication and security functionality or to remember an appearance choice. It does not load optional browser tracking before a visitor makes a choice.

If browser-based analytics, advertising, session recording, or another non-essential storage or access technology is introduced, FeedbackPilot will reassess consent requirements, update this inventory, and prevent that technology from loading before any required choice is made.

Your controls

The appearance preference is saved only after you choose light or dark mode. You can switch it through FeedbackPilot's appearance control or remove the saved value below and return to your device setting.

Logging out removes the active authentication cookie. You can also remove cookies and local storage through your browser settings, although doing so will sign you out and reset saved appearance preferences.

Signed-in users can exclude their account from product analytics through Account and security settings.

Choosing Google login or signup opens Google-hosted pages. Google may use its own security technologies under Google's notices.

Stripe-hosted checkout and billing-portal pages are separate services and may use their own essential security technologies under Stripe's notices.

Saved appearance preference

Checking this browser...

Questions or changes

This notice will be updated when browser storage or tracking changes. Questions can be sent to support@feedbackpilot.co.uk.