Draft — pending legal review
Cookie Policy
Last updated: 16 February 2026
1. Overview
Cuppa uses only essential cookies that are strictly necessary for the service to function. We do not use any advertising, analytics, or third-party tracking cookies.
2. What cookies we use
| Name | Purpose | Duration | Type |
|---|---|---|---|
| next-auth.session-token | Keeps you signed in. Contains an encrypted session identifier. | Session | Essential |
| next-auth.csrf-token | Protects against cross-site request forgery attacks. | Session | Essential |
| next-auth.callback-url | Remembers where to redirect you after signing in. | Session | Essential |
3. Local storage
In addition to cookies, Cuppa stores the following data in your browser's local storage:
| Key | Purpose | Required by |
|---|---|---|
| cuppa_fp | Stores device information (browser, screen size, timezone) for HMRC fraud prevention headers. HMRC requires all MTD software to collect and transmit this data. | HMRC (legal obligation) |
| cookie-consent | Remembers that you have seen the cookie banner. | Cuppa |
4. Third-party cookies
Cuppa does not set any third-party cookies. During the Google sign-in flow, Google may set its own cookies according to its own privacy policy — these are not controlled by Cuppa.
5. Managing cookies
Because Cuppa only uses essential cookies, disabling them will prevent the service from working (you won't be able to stay signed in). All modern browsers allow you to manage cookies through their settings:
- Chrome: Settings > Privacy and security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy
- Edge: Settings > Cookies and site permissions
6. More information
For more about how we handle your data, see our Privacy Policy. If you have questions, email privacy@cuppa.app