Cookie & Storage Policy
This policy explains how Resimay uses browser storage technologies to provide our service. We are committed to transparency about what we store and why.
1. What We Use
Resimay primarily uses browser localStorage rather than traditional HTTP cookies. localStorage is a standard web browser feature that stores data locally on your device. Unlike cookies, localStorage data is not automatically sent to our servers with every request.
We use localStorage to store the following:
| Key | Purpose | Duration |
|---|---|---|
accessToken | JWT authentication token used to verify your identity with the Resimay API. | Until logout or token expiry |
refreshToken | Long-lived token used to obtain new access tokens without requiring you to log in again. | Until logout or expiry |
rl_user | Cached user profile data (name, email, subscription tier) to avoid unnecessary API calls. | Until logout or cache invalidation |
rl_streak | Your activity streak counter (days of consecutive platform use). | Persistent |
rl_tour_done | Flag indicating whether you have completed the onboarding product tour. | Persistent |
rl_consent | Records whether you have acknowledged this Cookie & Storage Policy. | Persistent |
2. Why localStorage Instead of Cookies
We made a deliberate technical decision to store authentication tokens in localStorage rather than traditional HTTP cookies. Here is why:
- Simplicity: JWTs (JSON Web Tokens) stored in localStorage are easy to manage client-side and work seamlessly with our API authentication pattern.
- No cross-site transmission: localStorage values are not automatically sent with HTTP requests (unlike cookies), which reduces certain cross-site attack vectors.
- No advertising cookies: We do not use third-party advertising cookies. Resimay does not participate in ad networks or cross-site tracking.
The main tradeoff is that localStorage is accessible to JavaScript on the page, so we take care to ensure our application is protected against XSS (cross-site scripting) attacks.
3. Analytics
Resimay currently does not use third-party analytics services (such as Google Analytics). If and when we add analytics tools, we will update this policy and notify users in advance. You will have the ability to opt out of any analytics tracking at that time.
4. Third-Party Cookies
Some third-party services that Resimay uses may set their own cookies or storage:
- Vercel — Our frontend hosting provider (Vercel) may set performance and reliability cookies to optimize content delivery and monitor service health. These are infrastructure-level cookies and do not contain your personal data.
- AI provider — our AI processing provider does not set any cookies or storage in your browser. API calls are made server-to-server, not from your browser directly.
5. Managing Your Browser Storage
You can clear your Resimay localStorage data at any time. Note that clearing storage will log you out and reset your preferences. Here is how to do it in major browsers:
- Chrome / Edge:Open DevTools (F12) → Application tab → Storage → Local Storage → right-click on the Resimay domain → Clear. Or go to Settings → Privacy and security → Clear browsing data → select “Site data”.
- Firefox:Open DevTools (F12) → Storage tab → Local Storage → right-click the Resimay domain → Delete All. Or go to Settings → Privacy & Security → Cookies and Site Data → Manage Data.
- Safari:Go to Preferences → Privacy → Manage Website Data → search for “resimay” → Remove.
You can also log out of Resimay via the app, which will clear your auth tokens from localStorage automatically.
6. Contact
If you have questions about our use of localStorage or cookies, contact us at: