Cookie & Tracking Policy

Version 0.1-draft · Effective 2026-04-29

Status: DRAFT — for attorney review. Effective Date: [Effective Date] Version: 0.1-draft Read alongside: Privacy Policy, EULA / Terms of Use.

This policy explains the cookies, local-storage keys, and similar identifiers FishFinder Engine uses on the website and in our mobile and watch apps.

1. What we use today

Cookies set by FishFinder Engine

Cookie / key	Type	Purpose	Lifetime
Anonymous tenant cookie (name from `settings.tenant_cookie_name`, prefix `ffe_*`)	First-party, functional	Identifies a returning anonymous visitor; links them to a per-visitor SQLite tenant DB so preferences and saved data persist across visits	Configured via `settings.cookie_max_age` (long-lived; default a multi-month window)
`ffe_active_state`	First-party, functional	Remembers the last U.S. state you selected (e.g., MN, WI) so the next page load uses the same state context	Default: defaults to `mn` if absent; refreshed on each state switch

Cookies set by Clerk (authentication sub-processor)

Cookie	Purpose
`__session` (and other Clerk-issued cookies)	Used by Clerk to authenticate signed-in users and to validate JWTs server-side via the Clerk JWKS URL

You will see Clerk-issued cookies after signing in. They are governed by Clerk's own privacy notice.

Browser local storage / runtime state

The web frontend may set a runtime Set named window.__mnLakePerms to reflect the tier permissions of the signed-in user, used to gate UI elements client-side. This is not transmitted to other parties.
The web frontend stores small UI preferences in localStorage / sessionStorage as needed (e.g., last-used filters, dismissed banners). These are not transmitted to other parties.

iOS app

UserDefaults keys prefixed ffe_ for app preferences (e.g., last state, last lake viewed).
No third-party advertising SDK; no analytics SDK as of the Effective Date.

watchOS app

AppStorage keys prefixed ffe_watch_ for watch-side preferences.
WatchConnectivity messages between iPhone and Watch are not cookies and do not leave the user's devices.

Cookies set by sub-processors

Stripe sets cookies on its hosted checkout / customer-portal pages (e.g., for fraud prevention via Stripe Radar). These are governed by Stripe's cookie policy.
Cloudflare may set cookies (e.g., __cf_bm) for bot mitigation.
Google Maps / Google Directions do not set first-party cookies in our pages, but tile loads do leak the visible map area to Google servers.
OpenStreetMap / Leaflet tile loads leak the visible map area to the OSM tile server.

2. What we do not use today

Google Analytics, Mixpanel, Segment, Plausible, Amplitude, or any similar product analytics.
Facebook Pixel, TikTok Pixel, Snap Pixel, or other advertising trackers.
Cross-site tracking pixels of any kind.
Third-party advertising cookies.

3. Why we use these identifiers

We use the cookies and storage above to:

recognize returning visitors so their settings, favorites, and data persist;
authenticate signed-in users and route them to the correct tenant database;
enforce tier and quota gates;
protect the Service from abuse;
power billing flows on the web (Stripe).

We do not use them to track you across other websites or to build an advertising profile.

Unlike most websites, even when you visit FishFinder Engine without signing in, we provision a per-visitor SQLite tenant database keyed to the anonymous tenant cookie. This is a long-lived, persistent identifier. If you clear cookies or use a new device, you will be assigned a new anonymous tenant.

If you sign in later, your authenticated tenant ID becomes clerk_<your_clerk_user_id> and the anonymous tenant database remains unless we explicitly migrate or delete it.

If you would like the anonymous tenant database associated with your cookie deleted, email [Contact Email]. We do not currently offer self-service deletion of anonymous tenants. [Attorney Review Needed] — finalize an automatic-cleanup window for abandoned anonymous tenant databases (recommended: 180 days after last access).

5. Your choices

Clear cookies / local storage in your browser settings to remove most identifiers FishFinder Engine sets. Doing so will sign you out and may disconnect you from any unsaved-but-stored data.
Block third-party cookies in your browser to limit cookies set by Stripe and Cloudflare on their hosted pages.
Disable location in your browser or in your iOS/watchOS settings to prevent geolocation features.
Disable push in your iOS settings to stop push notifications.
Reset your iOS Identifier for Advertisers is not relevant because we do not use IDFA.

6. Do Not Track

We do not currently respond to "Do Not Track" browser signals because there is no industry standard for compliance. [Attorney Review Needed] — if Global Privacy Control (GPC) detection is required by California law for your audience, that should be added.

As of the Effective Date the website does not display a cookie consent banner. The anonymous tenant cookie is, in our view, a first-party "strictly necessary" / functional cookie used to operate the site, but this is a fact-specific judgment. [Attorney Review Needed] — confirm whether a consent banner is required for the audiences you serve, and whether the anonymous tenant cookie qualifies as strictly-necessary.

8. Changes

We may update this policy. Material changes will be posted at /cookies and announced via email and/or in-app notice.

9. Contact

[Contact Email] — Mail: [Company Legal Name] d/b/a FishFinder Engine, 14200 Natalie Rd NE, Prior Lake, MN 55372, USA.

[Attorney Review Needed] — confirm the strictly-necessary classification of the anonymous tenant cookie; decide on cookie consent banner; confirm GPC handling; finalize anonymous tenant retention.

This document is a non-attorney first pass and is not legal advice.

Cookie & Tracking Policy — FishFinder Engine™