Cookie Policy
Effective Date: 4/5/2026 (Version 5)
Cookie Policy
Last Updated: April 5, 2026
This Cookie Policy ("Policy") explains how Meerkat 9000, LLC ("Company," "we," "us," or "our") uses cookies and similar technologies on the Remote Timers platform, including all websites, applications, dashboards, and related services (collectively, the "Service").
This Policy supplements our Privacy Policy and Terms of Service, which are incorporated by reference.
1. Geographic Scope
This Policy is written for users located in the United States. The Service is not intended for residents of the European Union, the European Economic Area, the United Kingdom, or any jurisdiction subject to the GDPR, BDSG, or similar non-U.S. data protection regulations. If you access the Service from such jurisdictions, you do so entirely at your own risk, and we disclaim all liability arising from such access.
2. What Are Cookies
Cookies are small text files stored on your device by your web browser. They allow websites to recognize your device and remember information across visits. We also use similar technologies such as local storage, session storage, and browser-based identifiers.
3. Cross-Domain Cookie Sharing
The Service operates across multiple domains and subdomains (for example, a marketing site and an application site under the same parent domain). To provide a seamless experience, certain cookies are set on the parent domain (e.g., .remotetimers.com) so that they are accessible across all subdomains.
This means:
- Your consent preference is shared across all parts of the Service. When you accept or reject cookies on one domain, that choice applies everywhere — you will not be prompted again on a different subdomain.
- Authentication cookies may be shared across subdomains to maintain your session.
- Strictly necessary cookies operate across the full Service to ensure proper functionality.
All cross-domain cookies are set with the SameSite=Lax attribute, which prevents them from being sent in cross-site requests from third-party websites.
4. Types of Cookies We Use
4.1 Strictly Necessary Cookies
These cookies are essential for the Service to function and cannot be disabled. They do not require your consent.
| Cookie | Purpose | Duration | Domain Scope |
|---|---|---|---|
cookie-consent | Stores your cookie consent preferences, including consent source, GPC detection status, and legal version references | 400 days | Parent domain (shared across subdomains) |
theme-preference | Stores your light/dark mode preference | 400 days | Parent domain (shared across subdomains) |
__convexAuthJWT | Authentication session token | Session | Application domain |
__convexAuthRefreshToken | Authentication token refresh | Session | Application domain |
4.2 Functional Cookies
These cookies remember your preferences and settings to improve your experience.
| Cookie | Purpose | Duration | Domain Scope |
|---|---|---|---|
theme | Stores your light/dark mode preference (next-themes localStorage) | Persistent | Per-domain (localStorage) |
4.3 Analytics Cookies
These cookies help us understand how users interact with the Service. They are only set if you consent.
| Cookie | Purpose | Duration | Domain Scope |
|---|---|---|---|
Google Analytics (_ga, _ga_*) | Traffic analysis, usage patterns | Up to 2 years | Parent domain |
4.4 Marketing Cookies
These cookies are used to deliver relevant advertisements and measure advertising effectiveness. They are only set if you consent.
| Cookie | Purpose | Duration | Domain Scope |
|---|---|---|---|
Meta Pixel (_fbp) | Ad targeting and conversion tracking | 90 days | Parent domain |
Meta Click ID (_fbc) | Tracks ad click attribution from Meta ads | 90 days | Parent domain |
4.5 Server-Side Data Sharing (Conversions API)
In addition to client-side cookies, when you consent to marketing cookies, we use the Meta Conversions API to send conversion event data directly from our servers to Meta. This server-side sharing uses the same consent preference as client-side marketing cookies — if you reject marketing cookies, no data is sent via the Conversions API.
User-Initiated Events
When you take actions on the Service (such as registering, checking out, or upgrading your plan), server-side data sent to Meta includes:
- A cryptographically hashed (non-reversible) version of your email address
- A cryptographically hashed (non-reversible) version of your user account identifier
- Your IP address
- Your browser user agent string
- The page URL where the event occurred
- Conversion event details (e.g., page view, registration, checkout initiation, purchase, plan upgrade, plan downgrade)
Each user-initiated event is deduplicated with the corresponding client-side pixel event using a shared event identifier, preventing double-counting.
System-Generated Lifecycle Events
Certain subscription events are triggered automatically on our servers by our payment processor (e.g., subscription renewals, cancellations). When these events occur, server-side data sent to Meta includes only:
- A cryptographically hashed (non-reversible) version of your email address
- A cryptographically hashed (non-reversible) version of your user account identifier
- The event type (e.g., renewal, cancellation)
No IP address, browser information, or page URL is sent for system-generated events, as there is no associated browser session. These events do not have a corresponding client-side pixel event.
Server-side event data is transmitted directly to Meta and is not stored in our database.
5. Local Storage and Browser Identifiers
In addition to cookies, we use browser local storage for:
| Key | Purpose | Domain Scope |
|---|---|---|
browser_id | Anonymous identifier for consent logging | Parent domain (shared across subdomains, set as cookie) |
| Convex Auth state | Authentication verifiers and session tokens | Per-domain |
The browser_id is set as a cross-subdomain cookie so that your consent identity is consistent across all parts of the Service. Other local storage data is specific to the domain on which it is set and is not shared across subdomains.
WebAuthn ceremony state may be temporarily held in browser memory during passkey registration or authentication. This data is not persisted to cookies or localStorage and is discarded when the ceremony completes or the page is closed.
6. Global Privacy Control (GPC)
We detect and honor the Global Privacy Control (GPC) signal as required by the California Consumer Privacy Act (CCPA/CPRA).
6.1 How GPC Works
GPC is a browser-level setting (via the Sec-GPC HTTP header or the navigator.globalPrivacyControl JavaScript property) that communicates your preference to opt out of the sharing of your personal information for targeted advertising.
6.2 How We Respond to GPC
When we detect a GPC signal from your browser:
- Analytics and marketing cookies are automatically disabled on that browser, regardless of any prior consent you may have given.
- No data is shared with Meta or Google Analytics from that browser session.
- The cookie banner is not displayed, as your browser has already communicated your preference.
- Your account-level consent record is updated to reflect the GPC opt-out. This ensures that server-side tracking (such as subscription lifecycle events) also respects your opt-out.
6.3 GPC and Account-Level Consent
If your GPC-triggered opt-out conflicts with a prior opt-in stored on your account, the stricter setting (opt-out) takes precedence. We do not treat the absence of a GPC signal on a subsequent visit as consent to opt back in.
6.4 GPC and Cookie Settings
When GPC is active, the analytics and marketing toggles in the cookie settings dialog are disabled and a notice is displayed explaining that GPC is being honored.
7. Third-Party Cookies
Some cookies may be set by third-party services that we use to operate the Service, including:
- Google (Analytics, OAuth authentication)
- Meta (Pixel client-side tracking, Conversions API server-side tracking)
- Stripe (Payment processing)
- Cloudflare (Security, Turnstile CAPTCHA)
These third-party cookies are governed by the respective third party's own cookie and privacy policies. We do not control the content or behavior of third-party cookies.
8. Managing Your Cookie Preferences
You can manage your cookie preferences at any time by:
- Using our cookie banner: Click "Customize" when the banner appears, or access cookie settings from the footer of the Service or from your account settings page.
- Browser settings: Most browsers allow you to block or delete cookies. Note that blocking strictly necessary cookies may prevent the Service from functioning.
- Global Privacy Control: Enable GPC in your browser to automatically opt out of analytics and marketing cookies across all websites that honor GPC.
Consent Changes
When you update your preferences, the change takes effect immediately across all subdomains. Your previous consent is logged for our records. Rejecting marketing cookies immediately stops both client-side pixel tracking and server-side Conversions API data sharing.
9. Consent Architecture
9.1 Browser-Level and Account-Level Consent
Your consent is managed at two levels:
- Browser-level: Your cookie consent preference is stored in a cookie on your browser. This is the primary enforcement mechanism — it controls what happens on that specific browser immediately.
- Account-level: When you are signed in, your consent choice is also recorded on your account for auditability and cross-session consistency. This record is used for server-side tracking decisions (e.g., subscription lifecycle events sent to Meta).
9.2 Consent Resolution ("Stricter Wins")
When there is a conflict between your browser-level and account-level consent, we apply the stricter (more privacy-protective) setting. Specifically:
- An opt-out or rejection on any browser always propagates to your account record.
- A GPC signal on any browser always overrides a prior opt-in on your account.
- An opt-in on one browser does not automatically broaden consent on other browsers or devices.
- The absence of a consent signal on a new browser or device is never treated as consent.
9.3 Consent Source Tracking
Each consent record includes metadata about its origin:
- The source of the consent action (e.g., explicit accept, explicit reject, GPC auto-reject)
- The browser identifier from which the consent was recorded
- Whether a GPC signal was detected at the time of the consent action
This information is used solely for compliance auditing and is not shared with third parties.
10. Consent Logging
We log your consent choices for compliance purposes. Consent logs may include:
- A pseudonymous browser identifier
- Your user account identifier (if you are signed in)
- Your consent choices (which categories you accepted or rejected)
- The consent source (how the choice was made)
- Whether a GPC signal was detected
- The consent version number
- A timestamp
These logs are retained for the duration of our data retention policy as described in our Privacy Policy. When you delete your account, all consent logs associated with your account are permanently deleted.
11. Cookie Cleanup on Account Deletion
When you delete your account through the Service, we clear the following cookies from your browser in addition to deleting all account data:
_fbp(Meta Pixel browser identifier)_fbc(Meta click identifier)browser_id(consent logging identifier)cookie-consent(consent preferences)
Data previously sent to third-party services while your consent was active is retained by those services under their own policies. See Section 6.5 of our Privacy Policy for information on requesting deletion from third parties.
12. Changes to This Policy
We reserve the right to update this Policy at any time. If we materially change how we use cookies, we will re-prompt you for consent by incrementing the consent version. Continued use of the Service after non-material changes constitutes acceptance of the revised Policy.
13. Contact Information
If you have questions about this Cookie Policy, please contact us through the Service or at our official business contact information.