1. Introduction
Foodfy ("Company", "we", "our", "us") uses cookies and similar tracking technologies on our website at foodfy.ai, merchant dashboards, and web-based applications (collectively, the "Platform"). This Cookie Policy explains what cookies are, the types of cookies we use, the specific cookies deployed on the Platform, and how you can manage your cookie preferences.
This Cookie Policy should be read in conjunction with our Privacy Policy, which provides comprehensive information about how we collect, use, and protect your personal data.
By continuing to use the Platform after being presented with a cookie consent notice, you consent to our use of cookies as described in this policy. You may withdraw your consent or modify your preferences at any time as described in Section 7.
2. What Are Cookies?
Cookies are small text files containing a string of characters that are placed on your device (computer, smartphone, tablet, or other internet-connected device) when you visit a website. Cookies are widely used by websites to make them work more efficiently, remember your preferences, provide a personalized experience, and report aggregate usage information to site operators.
Cookies can be classified by their lifespan and the domain that sets them:
- Session Cookies: Temporary cookies that are automatically deleted when you close your browser. They are essential for the Platform to function during your browsing session.
- Persistent Cookies: Cookies that remain on your device for a predetermined period or until you manually delete them. They allow the Platform to remember your preferences and recognize you on subsequent visits.
- First-Party Cookies: Cookies set directly by the Foodfy Platform (foodfy.ai domain).
- Third-Party Cookies: Cookies set by external services integrated into the Platform, such as analytics providers, payment processors, and security services.
3. Types of Cookies We Use
3.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function correctly. They enable core features such as authentication, security, session management, and basic navigation. The Platform cannot operate properly without these cookies, and they cannot be disabled. Strictly necessary cookies do not require your consent under applicable law.
- Maintaining your login session and authentication state across page loads.
- Protecting against cross-site request forgery (CSRF) attacks.
- Providing Cloudflare security features including bot detection and DDoS protection.
- Managing shopping cart contents and order state during the checkout process.
- Remembering your cookie consent preferences.
- Enabling load balancing and server routing for optimal performance.
3.2 Functional Cookies
These cookies enable enhanced functionality and personalization features. They may be set by us or by third-party providers whose services we have integrated. If you disable these cookies, some features may not work as intended.
- Remembering your preferred language and currency settings.
- Storing your last-used delivery address and location preferences.
- Maintaining your display preferences such as dark mode, layout, and font size.
- Remembering persistent login ("Remember Me") across browser sessions.
- Enabling live chat and customer support widget functionality.
- Storing recently viewed businesses and items for quick access.
3.3 Analytics and Performance Cookies
These cookies collect information about how visitors use the Platform, including which pages are visited most often, how visitors navigate between pages, and whether error messages are encountered. All information collected by these cookies is aggregated and used to improve how the Platform works.
- Measuring page load times, server response times, and frontend rendering performance.
- Tracking page views, unique visitors, session duration, and bounce rates.
- Identifying which features are most and least used to guide product development.
- Error tracking and monitoring to identify and resolve technical issues.
- A/B testing to evaluate different versions of Platform features.
3.4 Marketing and Advertising Cookies
These cookies are used to deliver relevant advertisements, measure the effectiveness of marketing campaigns, and limit the frequency of ad exposure. They may be set by our advertising partners and used to build a profile of your interests across websites.
- Displaying relevant promotions, offers, and advertisements based on your interests and browsing behavior.
- Measuring conversions from marketing campaigns on platforms such as Meta and Google Ads.
- Building audience segments for remarketing and retargeting campaigns.
- Attributing sign-ups and orders to specific marketing channels and campaigns.
- Limiting the number of times you see a specific advertisement (frequency capping).
4. Specific Cookies Used
The following table lists the specific cookies currently used on the Platform. This list is reviewed periodically and may be updated as we add or remove features and integrations.
4.1 Strictly Necessary Cookies
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
foodfy_session |
Foodfy | Maintains your authenticated session and stores session state across page loads. | Session |
XSRF-TOKEN |
Foodfy (Laravel) | Cross-site request forgery (CSRF) protection token. Prevents unauthorized actions on your behalf. | Session |
__cf_bm |
Cloudflare | Bot management cookie. Distinguishes between humans and automated bots to protect against malicious traffic. | 30 minutes |
cf_clearance |
Cloudflare | Issued after completing a Cloudflare security challenge. Proves the visitor has passed the challenge. | 30 minutes |
__cfruid |
Cloudflare | Rate limiting and load balancing. Routes requests to the correct application server. | Session |
4.2 Functional Cookies
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
remember_web_* |
Foodfy (Laravel) | Persistent login token. Keeps you signed in across browser sessions when you select "Remember Me" during login. | 5 years |
locale |
Foodfy | Stores your preferred language setting so the Platform displays content in your chosen language. | 1 year |
currency |
Foodfy | Stores your preferred currency setting for price display. | 1 year |
last_address |
Foodfy | Remembers your most recently used delivery address for faster checkout. | 30 days |
4.3 Analytics Cookies
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
_ga |
Google Analytics | Distinguishes unique visitors by assigning a randomly generated number as a client identifier. Used to calculate visitor, session, and campaign data for analytics reports. | 2 years |
_ga_* |
Google Analytics 4 | Used by Google Analytics 4 to store and count page views, track session state, and associate events with a specific measurement ID. | 2 years |
_gid |
Google Analytics | Distinguishes unique visitors within a 24-hour period. Used to throttle request rates and group user actions into sessions. | 24 hours |
_gat_* |
Google Analytics | Throttles the request rate to Google Analytics to manage data collection volume on high-traffic pages. | 1 minute |
4.4 Marketing Cookies
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
_fbp |
Meta (Facebook) | Tracks visits across websites that use Meta advertising services. Used for ad targeting, measurement, and optimization. | 3 months |
_fbc |
Meta (Facebook) | Stores the last click identifier from a Facebook ad. Used for conversion attribution. | 2 years |
_gcl_au |
Google Ads | Stores a unique identifier for Google Ads conversion tracking. Links ad clicks to website actions. | 90 days |
_gcl_aw |
Google Ads | Stores Google Ads click information for conversion tracking from search and display campaigns. | 90 days |
Note: The cookies listed above represent the primary cookies used on the Platform. Third-party services may set additional cookies. We recommend reviewing the cookie policies of each third-party provider for complete information.
5. Third-Party Cookies and Services
Some cookies on the Platform are set by third-party services that we integrate to provide enhanced functionality, security, analytics, and advertising. These third parties process cookie data under their own privacy and cookie policies:
- Cloudflare: Web application firewall, DDoS protection, content delivery network, and bot management. Cloudflare cookies are strictly necessary for Platform security. Cloudflare Cookie Policy
- Google Analytics: Website traffic analysis, user behavior tracking, and performance monitoring. Google Cookie Policy
- Google Ads: Advertising campaign measurement, conversion tracking, and remarketing. Google Ads Policy
- Meta (Facebook): Advertising measurement, conversion tracking, and audience building through Meta Pixel. Meta Cookie Policy
- Stripe: Secure payment processing, fraud detection, and PCI DSS compliance. Stripe cookies are necessary for payment functionality. Stripe Cookie Policy
6. Similar Technologies
In addition to cookies, we may use other similar tracking technologies:
- Local Storage and Session Storage: Browser storage mechanisms used to store data locally on your device for performance and functionality purposes. This includes caching user preferences, shopping cart data, and application state. Local storage data persists until explicitly cleared; session storage is cleared when the browser tab is closed.
- Pixel Tags (Web Beacons): Small transparent 1x1 pixel images embedded in web pages or emails. Used to track whether a page has been visited or an email has been opened, and to measure the effectiveness of marketing campaigns.
- JavaScript Tags: Small snippets of code embedded in web pages that collect information about user interactions, page performance, and feature usage.
- ETag and Cache Markers: HTTP cache validation mechanisms that may be used by CDN and caching layers for content delivery optimization. These are technical necessities and are not used for tracking.
We do not use browser fingerprinting techniques to identify or track users.
7. Managing Your Cookie Preferences
You have several options for managing how cookies are used on the Platform:
7.1 Cookie Consent Banner
When you first visit the Platform, a cookie consent banner allows you to accept or reject non-essential cookies (functional, analytics, and marketing). You can change your cookie preferences at any time by accessing the cookie settings through the link in the Platform footer.
7.2 Browser Settings
Most modern web browsers allow you to control cookies through their settings. You can typically:
- View all cookies stored on your device and delete them individually or in bulk.
- Block all cookies or only third-party cookies.
- Configure exceptions for specific websites.
- Set your browser to notify you when a cookie is being set.
- Clear all cookies when you close your browser.
To manage cookies in your browser, consult the help documentation for your specific browser:
Please note that blocking or deleting strictly necessary cookies may prevent certain features of the Platform from functioning correctly, including login, checkout, and security features.
7.3 Third-Party Opt-Out
You can opt out of specific third-party analytics and advertising cookies through the following mechanisms:
- Google Analytics: Install the Google Analytics Opt-Out Browser Add-on
- Google Ads Personalization: Manage your ad preferences at Google Ad Settings
- Meta (Facebook) Ads: Manage your ad preferences at Facebook Ad Preferences
- Digital Advertising Alliance: DAA Opt-Out Tool
- Network Advertising Initiative: NAI Opt-Out Tool
- European Interactive Digital Advertising Alliance: EDAA Opt-Out
7.4 Do Not Track (DNT) Signals
Some browsers offer a "Do Not Track" (DNT) signal that broadcasts a preference not to be tracked. As there is currently no universally accepted standard for how websites should respond to DNT signals, the Platform does not currently alter its data collection practices in response to DNT signals. We will update this policy if a widely adopted industry standard for DNT is established.
7.5 Global Privacy Control (GPC)
We recognize and honor Global Privacy Control (GPC) signals where required by applicable law, including under the California Consumer Privacy Act (CCPA/CPRA). When we detect a valid GPC signal, we treat it as a request to opt out of the sale or sharing of personal information.
8. Mobile Application Tracking
The Foodfy mobile applications (iOS and Android) use technologies similar to cookies to provide functionality, analytics, and personalization:
- Device Identifiers: Mobile advertising identifiers (IDFA on iOS, GAID on Android) may be used for analytics and advertising attribution. You can reset or limit these identifiers in your device settings.
- Push Notification Tokens: Unique tokens (Expo push tokens) are generated when you enable push notifications. These are used exclusively to deliver order updates, promotional notifications, and system alerts.
- SDK Analytics: Mobile analytics SDKs collect app usage data including screens viewed, feature interactions, crash reports, and performance metrics. This data is used to improve app stability and user experience.
- Local Data Storage: The mobile app stores data locally on your device including login state, cached content, preferences, and offline-accessible data.
To manage mobile tracking:
- iOS: Go to Settings > Privacy & Security > Tracking to control which apps can track your activity. Go to Settings > Privacy & Security > Apple Advertising to limit ad tracking.
- Android: Go to Settings > Privacy > Ads to delete your advertising ID or opt out of ad personalization.
9. Cookie Consent by Region
Cookie consent requirements vary by jurisdiction. We adapt our consent mechanisms based on applicable law:
- European Economic Area and United Kingdom: Non-essential cookies are only set after you provide affirmative opt-in consent, in compliance with the ePrivacy Directive and GDPR. Strictly necessary cookies do not require consent.
- California, United States: We honor Global Privacy Control (GPC) signals and "Do Not Sell or Share My Personal Information" requests under the CCPA/CPRA.
- Brazil: Cookie consent is obtained in compliance with the LGPD and relevant guidelines from the ANPD.
- Other Jurisdictions: We follow the most protective applicable standard and provide clear consent mechanisms for non-essential cookies in all jurisdictions where we operate.
10. Cookie Retention Periods
Cookies are retained for varying periods depending on their purpose:
- Session Cookies: Automatically deleted when you close your browser or when your session expires (typically after 2 hours of inactivity).
- Short-Term Persistent Cookies: Retained for a period of 1 minute to 90 days, typically used for analytics throttling and advertising attribution.
- Medium-Term Persistent Cookies: Retained for 90 days to 1 year, used for functional preferences and analytics.
- Long-Term Persistent Cookies: Retained for 1 to 2 years, primarily analytics identifiers. The "Remember Me" authentication cookie is retained for up to 5 years.
You can delete all cookies at any time through your browser settings. See Section 7.2 for instructions.
11. Changes to This Cookie Policy
We may update this Cookie Policy periodically to reflect changes in the cookies we use, changes in our technology or business practices, or changes in applicable law. When we make changes:
- We will update the "Last updated" date at the top of this page.
- For material changes (such as introducing new categories of cookies or new third-party tracking), we will present a new cookie consent prompt.
- We will provide notice on the Platform for significant changes.
We encourage you to review this Cookie Policy periodically to stay informed about our use of cookies.
12. Contact Us
If you have any questions about our use of cookies, this Cookie Policy, or how to manage your cookie preferences, please contact us:
- Data Protection Officer: [email protected]
- Privacy Inquiries: [email protected]
- General Support: [email protected]
- Website: foodfy.ai