Oliver/pahvalentines
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pahvalentines/documents/cookie-usage-summary.md
michael 9d53adaaf3 Add backend API, video generator, and frontend updates 
- Add Python/FastAPI backend with Celery workers
- Add video generation with FFmpeg (spinning record animation)
- Add API endpoints: submissions, status polling, webhook, results
- Add database schema and Alembic migrations
- Update frontend pages with API integration
- Add project documentation and spec

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 10:31:58 -06:00

1.9 KiB
Raw Blame History

Cookie Usage Summary for Legal Review

What We Use

This application uses localStorage (not HTTP cookies) for user tracking.

Property Details
Storage Mechanism Browser localStorage
Storage Key submission_data
Identifier Name cookie_id (misnomer - not a browser cookie)

Data Structure Stored

{
  "cookie_id": "cookie_abc123xyz",
  "entries": [
    { "session_id": "clxyz123...", "timestamp": "2026-02-14T10:30:00Z" }
  ]
}

Source Code Location

  • Frontend: assets/js/home.js - SessionManager module (lines 6-77)
  • Backend: cookie_id generated server-side using Cuid2 algorithm (per spec in /documents/spec.md)

Generation Flow

  1. User's first submission → backend generates cookie_id using Cuid2
  2. Backend returns cookie_id in API response
  3. Frontend stores in localStorage via SessionManager.updateSession()
  4. Subsequent requests include this cookie_id in the JSON payload

Purpose

Rate limiting only - prevents users from generating more than 10 songs per identifier.

Legal Considerations

Aspect Status
HTTP Cookie No - uses localStorage
Third-party tracking No - first-party only
Cross-site tracking No - same-origin only
Personal data in identifier No - random Cuid2 string
Cross-device tracking No - each browser/device gets unique ID
User can clear Yes - clearing browser storage resets it
Persistence Until user clears localStorage or uses different browser
Data sent to third parties No - only to Pets at Home backend

Note

The identifier is named "cookie_id" in the codebase but is not an HTTP cookie (no Set-Cookie header, not sent automatically with requests). It's a localStorage value sent explicitly in form submission JSON payloads.