PricingSupport
Terms of ServicePrivacy PolicyCookie Policy

Yearloom Cookie Policy

Effective date:
April 1, 2025
Last updated:
April 25, 2026
Provider:
Jalapeno Labs LLC, doing business as Yearloom
Contact:
[email protected]

Yearloom is a private personal-timeline app. We use the smallest set of cookies needed to keep you signed in and to keep the app working. We do not use cookies for advertising, we do not allow third parties to track you across the web, and we never use cookie data to train AI models.

On this page

  1. 1. About this policy
  2. 2. What is a cookie?
  3. 3. The cookies we use
  4. 4. First-party vs. third-party cookies
  5. 5. Email pixels
  6. 6. Mobile and native apps
  7. 7. Your choices
  8. 8. Regional notices
  9. 9. Changes to this policy
  10. 10. Contact

1. About this policy

This Cookie Policy explains how Yearloom uses cookies and similar technologies on our websites and apps. Read it together with our Privacy Policy and Terms of Service.

This policy covers:

  • What cookies and similar technologies we use
  • Why we use them
  • How long they last
  • Who else (if anyone) sets them
  • How you can control them

If you only want to change your preferences, jump to Section 7 ("Your choices").


2. What is a cookie?

A "cookie" is a small text file that a website asks your browser to store on your device so that the site can remember things between visits. We use the word "cookie" in this policy to refer to several closely related technologies:

  • HTTP cookies placed on your device by a web browser.
  • Local storage and session storage placed by the browser on behalf of our app.
  • IndexedDB entries used by Firebase to support offline timeline editing.
  • Pixels and tags in transactional emails (open and link tracking, when used).
  • Mobile identifiers if and when we ship native mobile apps.

For simplicity, all of these are referred to as "cookies" below.


3. The cookies we use

We organize cookies into three categories. The first category is required for Yearloom to work. The second category enables your saved preferences. The third category is optional and can be turned off.

3.1 Strictly necessary

These cookies are required for the Service to operate. You cannot turn them off without breaking core functionality (sign-in, account security, page delivery).

NamePurposeTypeExpiration
__sessionFirebase session cookie carrying your authenticated identityFirst-party, HTTPSession (until sign-out or 14 days)
firebase-installations-databaseFirebase install identifier in IndexedDBFirst-party, IndexedDBPersistent until app uninstalled
firebase-heartbeat-databaseFirebase service health checksFirst-party, IndexedDBUp to 30 days
__Host-yearloom-csrfCSRF protection token for write operationsFirst-party, HTTP, SecureSession
c15t-consentRecords your cookie-consent choices so we don't ask againFirst-party, HTTP12 months

3.2 Functional

These cookies remember your preferences so the app feels consistent between visits. They are on by default but you can turn them off in your browser settings or through our cookie banner; turning them off will reset your preferences each time you visit.

NamePurposeTypeExpiration
yearloom-themeLight, dark, or system themeFirst-party, localStorageUntil cleared
yearloom-localeUI languageFirst-party, localStorageUntil cleared
yearloom-last-timelineLast-viewed timeline so we can return you there on next visitFirst-party, localStorageUntil cleared
yearloom-zoomSaved timeline zoom levelFirst-party, localStorageUntil cleared
yearloom-densityCompact or relaxed UI densityFirst-party, localStorageUntil cleared

3.3 Analytics (optional)

These cookies help us understand how the Service is used in aggregate so we can fix problems and prioritize improvements. We use a privacy-respecting analytics provider that does not build personal profiles, does not share data with advertisers, and does not enable cross-site tracking.

In the European Economic Area, the United Kingdom, and Switzerland, analytics cookies are off by default and only set after you opt in via the cookie banner. Everywhere else they are on by default and you may opt out at any time.

NamePurposeTypeExpiration
_yaAggregated session and event analyticsFirst-party13 months
_ya_visitDistinguishes a single visit from a return visitFirst-party30 minutes

The exact analytics provider is being finalized. Once chosen, it will be named here and added to the Privacy Policy sub-processor list.

3.4 What we do not use

To be explicit:

  • No advertising cookies. Yearloom does not run ads.
  • No third-party tracking pixels from Google Ads, Meta, TikTok, X, LinkedIn, Pinterest, or any other ad network.
  • No cross-site tracking. We do not place cookies on other people's websites and we do not allow others to use cookies on Yearloom for their own marketing purposes.
  • No fingerprinting. We do not use device fingerprinting techniques to identify you across browsers or devices.
  • No selling of cookie data. We do not sell or rent any data we collect through cookies.
  • No AI training. Cookie data is never used to train artificial intelligence or machine-learning models.

4. First-party vs. third-party cookies

Almost all of our cookies are first-party: they are set by yearloom.com and only readable by Yearloom.

The few third-party services involved are infrastructure providers we use to run the Service. They are processors acting on our behalf, not advertisers.

ProviderRoleCookies / storage
Google (Firebase)Authentication, hosting, database, file storageAuth session, IndexedDB caches
Cloudflare or equivalent CDNEdge delivery, DDoS protection__cf_bm (bot detection, ~30 minutes)
c15t.comCookie consent management (EEA)c15t-consent (12 months)

We disclose all sub-processors in our Privacy Policy.


5. Email pixels

When we send transactional email (sign-in links, security alerts, account confirmations), the email may contain a small tracking image so we can confirm that the message was delivered and viewed. We do not use email pixels for marketing email beyond aggregate open rates. You can disable image loading in your email client to opt out.


6. Mobile and native apps

If we publish native mobile apps in the future, those apps will use platform-provided storage (iOS Keychain, Android EncryptedSharedPreferences) for the same purposes covered by Section 3.1. Mobile apps will not use advertising identifiers (IDFA, AAID) for advertising or cross-app tracking.


7. Your choices

You have several ways to control cookies on Yearloom.

7.1 In-product cookie settings

A cookie banner is shown on your first visit and is always reachable from the footer link "Cookie settings." From there you can:

  • Accept all
  • Reject all non-essential
  • Customize per category (functional, analytics)

Your choice is stored in the c15t-consent cookie for 12 months. We will ask again if your choice expires or if we add a new optional category.

7.2 Browser controls

Most browsers let you block or delete cookies, including blocking third-party cookies entirely. Instructions:

  • Chrome
  • Safari
  • Firefox
  • Edge

Note that blocking strictly-necessary cookies will prevent you from signing in.

7.3 Global Privacy Control (GPC)

Yearloom honors the Global Privacy Control browser signal. When we receive a GPC signal we treat it as an opt-out of any non-essential cookies, including analytics, even if you have not interacted with the cookie banner.

7.4 Do Not Track (DNT)

There is no industry consensus on how websites should respond to the legacy DNT header. We honor GPC instead, which is a more recent and clearer standard. If your browser sends both signals, we will treat that as an opt-out.

7.5 Mobile device settings

On iOS and Android you can reset or limit advertising identifiers in the operating-system privacy settings. As noted in Section 3.4, we do not use these identifiers, but disabling them is a good general practice.


8. Regional notices

8.1 European Economic Area, United Kingdom, and Switzerland

We rely on your consent as the legal basis for analytics cookies in these regions, captured through our cookie banner. You may withdraw your consent at any time from the Cookie settings link in the footer; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Strictly-necessary cookies are set under the legal basis of legitimate interest in providing the Service you have requested.

8.2 California

Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the right to opt out of the sale or sharing of personal information. As stated in Section 3.4, Yearloom does not sell or share personal information. We honor the Global Privacy Control signal as a valid opt-out.

The Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 North Market Blvd., Suite N-112, Sacramento, CA 95834, or by telephone at (800) 952-5210.

8.3 Other US states

We extend the same opt-out treatment described above to residents of any U.S. state with a comprehensive privacy law (including Colorado, Connecticut, Virginia, Utah, and others as enacted).


9. Changes to this policy

We may update this policy from time to time. When we make material changes (for example, adding a new category of cookie or a new sub-processor) we will:

  • Update the "Last updated" date at the top of this page.
  • Show you the cookie banner again so you can review your choices.
  • For significant changes, send a notice to the email address associated with your account, where one is available.

Older versions of this policy are available on request from [email protected].


10. Contact

Questions about this Cookie Policy or about the cookies set by Yearloom can be sent to:

  • Email: [email protected]
  • Mailing address: Jalapeno Labs LLC, ATTN: Privacy, 2210 E Sharptail St, Meridian, Idaho 83646
PricingTermsPrivacyCookiesSupport
© 2026 Jalapeno Labs