1. What Are Cookies?
Cookies are small text files that websites and applications place on your device when you visit them. They are widely used to make services work, work more efficiently, and to provide information to the owners of the site.
Similar technologies — such as local storage, session storage, and IndexedDB — can serve related purposes. This policy covers all of these technologies collectively as "cookies."
Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (remaining on your device for a set period or until you delete them). Cookies can be "first-party" (set by Yapper directly) or "third-party" (set by services we use, such as analytics providers).
2. Overview: Cookies We Use
Yapper uses four categories of cookies and similar technologies:
| Category | Purpose | Consent Required | Duration |
|---|---|---|---|
| Strictly Necessary | Authentication, sessions, CSRF protection | No | Session / 30 days |
| Functional | User preferences (theme, language, notification settings) | Yes (EEA/UK) | 12 months |
| Analytics | Aggregated usage statistics | Yes | 12 months |
| Performance | Error tracking, latency monitoring (Sentry) | No (legitimate interest) | Session |
Yapper does not use advertising, targeting, or cross-site tracking cookies.
3. Strictly Necessary Cookies
These cookies are essential for the Service to function and cannot be switched off in our systems. They are usually set only in response to actions you take, such as logging in, setting your privacy preferences, or filling in forms.
| Cookie / Storage Key | Type | Purpose | Duration |
|---|---|---|---|
refresh_token | HttpOnly cookie | Keeps you logged in between sessions using a secure, server-issued refresh token | 30 days |
csrf_token | Cookie | Double-submit CSRF protection token required on all state-changing API requests | Session / 30 days |
access_token | Memory / localStorage | Short-lived JWT (15 min) used to authenticate API requests in the current session | 15 minutes |
yapper_keystore_* | IndexedDB | Local storage of Signal Protocol encryption keys on your device (never sent to servers) | Persistent (device-local) |
You can block these cookies via your browser settings, but doing so will prevent you from logging in and using the Service.
4. Functional Cookies
These cookies allow the Service to remember your choices and preferences to provide a more personalised experience. For example, they may remember your chosen theme (light or dark mode), notification settings, and language preference.
| Cookie / Storage Key | Type | Purpose | Duration |
|---|---|---|---|
yapper_theme | localStorage | Remembers your chosen colour theme (dark/light/system) | Persistent |
yapper_locale | localStorage | Remembers your preferred language setting | Persistent |
yapper_notif_prefs | localStorage | Stores your notification preferences (push opt-in/out, sound settings) | Persistent |
In the EEA and UK, we obtain your consent before setting functional cookies beyond what is strictly necessary. You can manage these preferences at any time in Settings → Appearance or via your browser's cookie controls.
5. Analytics Cookies
Analytics cookies help us understand how visitors interact with the Service so we can measure and improve its performance. All analytics data is aggregated and not linked to individual users.
| Provider | Purpose | Data Collected | Duration |
|---|---|---|---|
| Internal (Yapper) | Aggregate page view counts and feature usage metrics | Page paths, feature interaction counts (no PII) | 12 months, then purged |
We require your consent before enabling analytics cookies. You may opt in or out at any time via the cookie preferences manager in the app footer or browser settings.
6. Performance and Error Tracking
Performance cookies help us detect and diagnose errors so that we can maintain a reliable service. We use Sentry for error monitoring and performance tracking.
| Provider | Purpose | Data Collected | Duration |
|---|---|---|---|
| Sentry | JavaScript error tracking and performance monitoring | Error messages, stack traces, browser/OS version, session replay (if enabled). IP address anonymized. No message content. | 30 days in Sentry, then purged |
We consider error tracking to be in our legitimate interest to provide a stable and
secure service. No consent banner is required, but you may opt out by blocking Sentry
in your browser or using an ad blocker that blocks sentry.io.
7. What We Don't Do
To be clear about our approach to cookies:
- We do not use advertising cookies or sell data to ad networks.
- We do not engage in cross-site tracking or build user profiles for advertising purposes.
- We do not use fingerprinting (canvas fingerprinting, font fingerprinting, etc.) to track users.
- We do not share cookie data with social media platforms.
- We do not use third-party analytics services that track individual users across the web (e.g., Google Analytics).
8. Managing Cookies
8.1 In the Yapper App
You can manage your cookie preferences (for functional and analytics cookies) within the Yapper application at Settings → Privacy & Safety → Cookie Preferences. Changes take effect immediately.
8.2 In Your Browser
Most web browsers allow you to control cookies through their settings. You can configure your browser to block all cookies, accept only certain cookies, or notify you when a website tries to set a cookie. Refer to your browser's help documentation:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Note: blocking strictly necessary cookies will prevent you from logging into your Yapper account.
8.3 Deleting Stored Data
You can clear Yapper's local storage, IndexedDB, and session storage by clearing your
browser's site data for app.yapperhq.com. Note that clearing IndexedDB
will delete your locally stored encryption keys — ensure you have a key backup enabled
before doing this to avoid losing access to your message history.
9. Do Not Track and Global Privacy Control
Yapper honours "Do Not Track" (DNT) browser signals. When we detect a DNT signal, we disable all non-essential analytics cookies for that session.
Yapper also supports the Global Privacy Control (GPC) signal as a valid opt-out of sale/sharing under the CCPA. When a GPC signal is detected, we treat it as an opt-out of analytics data collection.
10. Updates to This Policy
We may update this Cookie Policy to reflect changes in the cookies we use or for operational, legal, or regulatory reasons. When we make changes, we will update the effective date at the top of this page and, for material changes, notify you via in-app notification.
We recommend checking this page periodically to stay informed about our use of cookies.
11. Contact
If you have questions about our use of cookies or this Cookie Policy, please contact:
For the full picture of how we handle your data, see our Privacy Policy and Terms of Service.