Cookie Policy
Effective date: June 5, 2026
Develemit LLC, doing business as Diner Decider ("Diner Decider," "we," "us," or "our") uses a minimal set of cookies. We do not use advertising, behavioral profiling, or cross-site tracking cookies.
Quick read
We currently use exactly one cookie: dd_session. It is strictly necessary to keep you signed in. We do not use analytics, advertising, or social cookies in this build, and there is no cookie banner — banners exist to ask consent for non-essential cookies, and we don't set any.
If that changes — for example, when we add product analytics — we will update this policy, activate a consent banner with equally-prominent Accept All and Reject All buttons, and honor opt-out signals including the Global Privacy Control. We will notify signed-in users before any new cookie category is activated.
1. What cookies are
A cookie is a small text file your browser stores on your device when you visit a website. Cookies let a site remember things between page loads — like that you are signed in.
2. Cookies Diner Decider uses
Strictly necessary
These are required to deliver the Service. You cannot turn them off because the Service does not work without them. Under the EU ePrivacy Directive and equivalent laws, strictly-necessary cookies do not require consent — they require only disclosure (this document).
| Name | Set by | Purpose | Category | Duration | Notes |
|---|---|---|---|---|---|
dd_session | API (@fastify/session) | Authentication — maintains signed-in state | Strictly necessary | 30 days | HttpOnly, SameSite=Lax, Secure in production, signed with our session secret. Not used for tracking. Not shared with any third party. |
That is the entire list.
Functional
These remember preferences you have set. No functional cookies are currently set — your theme preference is stored in localStorage, not in a cookie.
Analytics
We do not set any analytics cookies today and we do not use any third-party analytics SDK in this build. If we add a product-analytics tool in the future, we will list its cookies here, activate a consent banner, and require opt-in from EU users before any data is collected.
3. What we do NOT use cookies for
- Advertising or retargeting
- Behavioral profiling or cross-site tracking
- Social media integrations
- Google Analytics, Meta Pixel, or similar third-party analytics
4. Third-party cookies during OAuth
When you sign in with Google or Apple, the identity provider redirects you to their site briefly. The provider may set its own cookies on its own domain during that flow. We do not control those cookies, and they are governed by the provider's policy:
Once you return to Diner Decider, only our own dd_session cookie remains.
5. How to manage cookies
Every modern browser lets you view, block, or delete cookies on a per-site or global basis:
For general information on managing cookies visit allaboutcookies.org.
If you block the dd_session cookie, the Service will not be able to keep you signed in.
6. Do Not Track and Global Privacy Control
- Do Not Track (DNT): we have no non-essential cookies to gate on a DNT header today. If non-essential cookies are added in the future, we will treat a DNT signal the same way as an explicit "Reject all" choice on the banner.
- Global Privacy Control (GPC): when analytics cookies are added, we will treat a GPC signal as an automatic opt-out for the requesting browser, regardless of any banner interaction. This is required by California law (CCPA / CPRA) and is good practice everywhere else.
7. Changes to this policy
If we add a new non-essential cookie category (such as analytics), we will update this document and the "Effective date," activate a consent banner on the next page load, and notify signed-in users via in-app banner or email at least 14 days before any analytics SDK begins collecting data.
8. Contact
For any question about this policy or about a specific cookie, email privacy@dinerdecider.com. For broader privacy questions, see our Privacy Policy.