Legal

Cookie Policy

Last updated: July 2026

Flame uses a small number of first-party cookies — all of them functional. We do not set advertising or cross-site tracking cookies. Payment pages served by Razorpay or Dodo Payments may set their own cookies under their policies.

Cookies we set

CookiePurposeLifetimeType
f-access_tokenShort-lived session token that authenticates your requests to the Flame API (run quota, account data). Signed; contains only your account email.15 minutesEssential · httpOnly
f-refresh_tokenLets Flame renew your session without asking you to sign in again. Rotated on every refresh.30 daysEssential · httpOnly
flame_oauth_stateProtects Google sign-in against cross-site request forgery.10 minutes (during sign-in only)Essential · httpOnly
flame_oauth_userOne-shot handoff of your profile after Google sign-in; read once by the app and immediately deleted.60 secondsEssential

Local storage

Some preferences live in your browser's local storage instead of cookies (they are never sent to our servers):

Your choices

You can clear or block cookies in your browser settings. Because every cookie above is functional, blocking them will sign you out or break sign-in — there is nothing optional to opt out of. Questions: plesim18@gmail.com.