Cookie Policy
Last updated: 1 July 2026
localStorage, not a cookie.1. What are cookies?
Cookies are small text files that a website stores on your device when you visit. They are widely used to make websites work correctly, remember your preferences, and — on some sites — track you across the web for advertising purposes.
AllForAll is a crisis coordination platform, not an advertising business. We have no interest in tracking you beyond what is strictly needed to run the service.
2. Cookies we use
AllForAll uses only strictly necessary and functional cookies. We do not use analytics, performance, or advertising cookies.
| Name | Purpose | Duration | Category |
|---|---|---|---|
| __Host-next | Next.js internal routing and server-side rendering. Required for the app to function. | Session | Strictly necessary |
| afa_csrf | Cross-site request forgery protection token for form submissions. | Session | Strictly necessary |
| afa_theme | Stores your UI preference (e.g. reduced-motion). Set only if you change a preference. | 1 year | Functional |
* Your login session uses a JWT (JSON Web Token) stored in localStorage — not a cookie. It expires automatically after 24 hours.
3. What we do NOT use
- Analytics cookies — no Google Analytics, Mixpanel, Amplitude, or similar.
- Advertising cookies — no retargeting pixels, no ad network scripts.
- Social media trackers — no Facebook Pixel, Twitter/X tracking, or LinkedIn Insight.
- Third-party tracking — we load no third-party scripts that set cookies on your device.
- Fingerprinting — we do not use canvas, font, or other fingerprinting techniques.
4. Legal basis (GDPR)
Strictly necessary cookies are used on the basis of legitimate interest — they are required for the platform to function and cannot be disabled without breaking the site. No consent banner is displayed for these cookies, which is permitted under GDPR Recital 47 and the ePrivacy Directive for technically necessary cookies.
Functional cookies (theme preference) are set only in response to an explicit action you take in the UI, which counts as implied consent under the ePrivacy Directive.
5. How to manage or delete cookies
You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent the platform from working correctly. Below are links to cookie management instructions for major browsers:
- Chrome — Settings → Privacy and security → Cookies
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Safari — Preferences → Privacy → Manage Website Data
- Edge — Settings → Cookies and site permissions
To clear your AllForAll session, simply log out — this removes the JWT from localStorage. Remaining browser cookies can be cleared from your browser's developer tools under Application → Storage.
6. Changes to this policy
If we ever add new cookies we will update this page and the "Last updated" date above. We will also notify registered users by email if the change is material.
7. Contact
Questions about this policy? Email hello@alfforall.help or see our full Privacy Policy.