What are cookies?
A cookie is a small piece of text that a website asks your browser to save and send back on later visits. They are how websites remember that you're signed in, what your preferences are, and similar small bits of state. “Cookies” in this policy also covers related browser storage we use, like localStorage.
What we use, specifically
Every cookie or stored value we set falls into one of two categories: strictly necessary (the site cannot function without them) or functional (they remember a preference). We do not set advertising, analytics, or marketing cookies.
| Name | Purpose | Storage | Lifetime | Category |
|---|---|---|---|---|
authjs.session-token | Keeps you signed in. Stores a signed reference to your Google session; the underlying ID token is read by our server and never exposed to JavaScript. | HTTP-only cookie | Until you sign out, the token expires, or 30 days | Strictly necessary |
authjs.csrf-token | Protects the sign-in form from cross-site request forgery. | HTTP-only cookie | Session | Strictly necessary |
authjs.callback-url | Remembers which page to return to after signing in. | Cookie | Session | Strictly necessary |
finances_portfolio_size | Remembers an optional manual portfolio-size override for the position-sizing illustration. | Cookie | 1 year | Functional |
finances.recently_viewed | Stores the last 6 tickers you opened so the Home page can show recents. | localStorage | Until cleared | Functional |
dummyfi_cookie_consent | Remembers your choice on the cookie banner so we don't show it again. | localStorage | 1 year (or until cleared) | Strictly necessary |
Third-party cookies
When you click Sign in with Google, Google may set its own cookies on accounts.google.com to complete the OAuth flow. Those cookies are governed by Google's own privacy policy and are outside our control. We do not embed any third-party trackers (advertising, social, or analytics) on our pages.
How to control cookies
- The consent banner on your first visit lets you accept or reject non-essential cookies. Strictly necessary cookies cannot be rejected — without them sign-in does not work.
- Your browser can be configured to block cookies entirely. The signed-in app will not work without cookies; the public pages will mostly still work.
- To revoke consent, clear the
dummyfi_cookie_consententry from your browser's localStorage and reload the page. The banner will reappear.
Changes
We will update this policy if we add or remove cookies, and bump the effective date at the top.
Questions
Email privacy@dummyfi.app with any cookie-related question.