Cookie Policy

Last updated: 1 July 2026

Short version:We use no advertising or tracking cookies whatsoever. We use a small number of strictly necessary cookies to keep the platform working. Your authentication token is stored in your browser's localStorage, not a cookie.

1. What are cookies?

Cookies are small text files that a website stores on your device when you visit. They are widely used to make websites work correctly, remember your preferences, and — on some sites — track you across the web for advertising purposes.

AllForAll is a crisis coordination platform, not an advertising business. We have no interest in tracking you beyond what is strictly needed to run the service.

2. Cookies we use

AllForAll uses only strictly necessary and functional cookies. We do not use analytics, performance, or advertising cookies.

NamePurposeDurationCategory
__Host-nextNext.js internal routing and server-side rendering. Required for the app to function.SessionStrictly necessary
afa_csrfCross-site request forgery protection token for form submissions.SessionStrictly necessary
afa_themeStores your UI preference (e.g. reduced-motion). Set only if you change a preference.1 yearFunctional

* Your login session uses a JWT (JSON Web Token) stored in localStorage — not a cookie. It expires automatically after 24 hours.

3. What we do NOT use

  • Analytics cookies — no Google Analytics, Mixpanel, Amplitude, or similar.
  • Advertising cookies — no retargeting pixels, no ad network scripts.
  • Social media trackers — no Facebook Pixel, Twitter/X tracking, or LinkedIn Insight.
  • Third-party tracking — we load no third-party scripts that set cookies on your device.
  • Fingerprinting — we do not use canvas, font, or other fingerprinting techniques.

4. Legal basis (GDPR)

Strictly necessary cookies are used on the basis of legitimate interest — they are required for the platform to function and cannot be disabled without breaking the site. No consent banner is displayed for these cookies, which is permitted under GDPR Recital 47 and the ePrivacy Directive for technically necessary cookies.

Functional cookies (theme preference) are set only in response to an explicit action you take in the UI, which counts as implied consent under the ePrivacy Directive.

5. How to manage or delete cookies

You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent the platform from working correctly. Below are links to cookie management instructions for major browsers:

  • Chrome — Settings → Privacy and security → Cookies
  • Firefox — Settings → Privacy & Security → Cookies and Site Data
  • Safari — Preferences → Privacy → Manage Website Data
  • Edge — Settings → Cookies and site permissions

To clear your AllForAll session, simply log out — this removes the JWT from localStorage. Remaining browser cookies can be cleared from your browser's developer tools under Application → Storage.

6. Changes to this policy

If we ever add new cookies we will update this page and the "Last updated" date above. We will also notify registered users by email if the change is material.

7. Contact

Questions about this policy? Email hello@alfforall.help or see our full Privacy Policy.