1. About this policy
This Cookie Policy explains how Yearloom uses cookies and similar technologies on our websites and apps. Read it together with our Privacy Policy and Terms of Service.
This policy covers:
- What cookies and similar technologies we use
- Why we use them
- How long they last
- Who else (if anyone) sets them
- How you can control them
If you only want to change your preferences, jump to Section 7 ("Your choices").
2. What is a cookie?
A "cookie" is a small text file that a website asks your browser to store on your device so that the site can remember things between visits. We use the word "cookie" in this policy to refer to several closely related technologies:
- HTTP cookies placed on your device by a web browser.
- Local storage and session storage placed by the browser on behalf of our app.
- IndexedDB entries used by Firebase to support offline timeline editing.
- Pixels and tags in transactional emails (open and link tracking, when used).
- Mobile identifiers if and when we ship native mobile apps.
For simplicity, all of these are referred to as "cookies" below.
4. First-party vs. third-party cookies
Almost all of our cookies are first-party: they are set by yearloom.com and only readable by Yearloom.
The few third-party services involved are infrastructure providers we use to run the Service. They are processors acting on our behalf, not advertisers.
| Provider | Role | Cookies / storage |
|---|---|---|
| Google (Firebase) | Authentication, hosting, database, file storage | Auth session, IndexedDB caches |
| Cloudflare or equivalent CDN | Edge delivery, DDoS protection | __cf_bm (bot detection, ~30 minutes) |
| c15t.com | Cookie consent management (EEA) | c15t-consent (12 months) |
We disclose all sub-processors in our Privacy Policy.
5. Email pixels
When we send transactional email (sign-in links, security alerts, account confirmations), the email may contain a small tracking image so we can confirm that the message was delivered and viewed. We do not use email pixels for marketing email beyond aggregate open rates. You can disable image loading in your email client to opt out.
6. Mobile and native apps
If we publish native mobile apps in the future, those apps will use platform-provided storage (iOS Keychain, Android EncryptedSharedPreferences) for the same purposes covered by Section 3.1. Mobile apps will not use advertising identifiers (IDFA, AAID) for advertising or cross-app tracking.
7. Your choices
You have several ways to control cookies on Yearloom.
7.1 In-product cookie settings
A cookie banner is shown on your first visit and is always reachable from the footer link "Cookie settings." From there you can:
- Accept all
- Reject all non-essential
- Customize per category (functional, analytics)
Your choice is stored in the c15t-consent cookie for 12 months. We will ask again if your choice expires or if we add a new optional category.
7.3 Global Privacy Control (GPC)
Yearloom honors the Global Privacy Control browser signal. When we receive a GPC signal we treat it as an opt-out of any non-essential cookies, including analytics, even if you have not interacted with the cookie banner.
7.4 Do Not Track (DNT)
There is no industry consensus on how websites should respond to the legacy DNT header. We honor GPC instead, which is a more recent and clearer standard. If your browser sends both signals, we will treat that as an opt-out.
7.5 Mobile device settings
On iOS and Android you can reset or limit advertising identifiers in the operating-system privacy settings. As noted in Section 3.4, we do not use these identifiers, but disabling them is a good general practice.
8. Regional notices
8.1 European Economic Area, United Kingdom, and Switzerland
We rely on your consent as the legal basis for analytics cookies in these regions, captured through our cookie banner. You may withdraw your consent at any time from the Cookie settings link in the footer; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Strictly-necessary cookies are set under the legal basis of legitimate interest in providing the Service you have requested.
8.2 California
Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the right to opt out of the sale or sharing of personal information. As stated in Section 3.4, Yearloom does not sell or share personal information. We honor the Global Privacy Control signal as a valid opt-out.
The Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 North Market Blvd., Suite N-112, Sacramento, CA 95834, or by telephone at (800) 952-5210.
8.3 Other US states
We extend the same opt-out treatment described above to residents of any U.S. state with a comprehensive privacy law (including Colorado, Connecticut, Virginia, Utah, and others as enacted).
9. Changes to this policy
We may update this policy from time to time. When we make material changes (for example, adding a new category of cookie or a new sub-processor) we will:
- Update the "Last updated" date at the top of this page.
- Show you the cookie banner again so you can review your choices.
- For significant changes, send a notice to the email address associated with your account, where one is available.
Older versions of this policy are available on request from [email protected].
10. Contact
Questions about this Cookie Policy or about the cookies set by Yearloom can be sent to:
- Email: [email protected]
- Mailing address: Jalapeno Labs LLC, ATTN: Privacy, 2210 E Sharptail St, Meridian, Idaho 83646