Legal
Cookie Policy
Last updated: July 2026
Flame uses a small number of first-party cookies — all of them functional. We do not set advertising or cross-site tracking cookies. Payment pages served by Razorpay or Dodo Payments may set their own cookies under their policies.
Cookies we set
| Cookie | Purpose | Lifetime | Type |
|---|---|---|---|
| f-access_token | Short-lived session token that authenticates your requests to the Flame API (run quota, account data). Signed; contains only your account email. | 15 minutes | Essential · httpOnly |
| f-refresh_token | Lets Flame renew your session without asking you to sign in again. Rotated on every refresh. | 30 days | Essential · httpOnly |
| flame_oauth_state | Protects Google sign-in against cross-site request forgery. | 10 minutes (during sign-in only) | Essential · httpOnly |
| flame_oauth_user | One-shot handoff of your profile after Google sign-in; read once by the app and immediately deleted. | 60 seconds | Essential |
Local storage
Some preferences live in your browser's local storage instead of cookies (they are never sent to our servers):
- flame.session — Keeps you signed in across page refreshes (your profile, no secrets).
- neonflow.runs.* — Counts your free-tier NeonFlow runs.
- neonflow.panels / neonflow.dock — Remembers your visualizer layout preferences.
Your choices
You can clear or block cookies in your browser settings. Because every cookie above is functional, blocking them will sign you out or break sign-in — there is nothing optional to opt out of. Questions: plesim18@gmail.com.