Cookie Policy
Effective date: 2026-07-09
1. What are cookies?
Cookies are small text files that a website stores on your device when you visit it. They let the site remember things across page loads, such as a logged-in session, theme choice, or language.
This policy covers:
- The marketing site at excuseme.pro
- The ordering application (when a guest scans a QR code)
- The admin application (used by venue staff)
2. Cookies and storage we use
We use first-party cookies only — ExcuseMe sets these cookies directly, and they're scoped to our domain. We do not set third-party advertising cookies.
Strictly necessary (customer ordering flow)
These items are required to provide the ordering flow requested by the customer.
| Purpose | Storage type | Lifetime | |---|---|---| | Language preference | Cookie | 1 year | | Theme preference | Cookie | 1 year | | Text-size preference | Cookie | 1 year | | Security / CSRF protection token | Cookie | Session | | Authentication session, if you sign in for loyalty | Cookie | Session | | Sign-in return path (returns you to the page you came from after social sign-in) | Cookie | ≤10 minutes | | Shopping cart and ordering session | Browser memory / session storage | Session |
When you scan a QR code we also record a server-side fraud-prevention entry (device fingerprint + approximate scan location). That is a record in our database, not storage on your device, so it falls outside this policy — it is disclosed in §3 of the Privacy Policy under fraud prevention.
Strictly necessary (admin / staff)
These items run the staff backoffice and are set for signed-in staff members.
| Purpose | Lifetime | |---|---| | Authentication session | Session | | Language preference | 1 year | | Theme preference | 1 year | | Text-size preference | 1 year | | Security / CSRF protection token | Session | | Sign-in return path + trial-signup intent (set briefly during the social sign-in round-trip) | ≤10 minutes |
Functional (admin only)
These improve the staff backoffice experience but are not part of the customer ordering flow. If legal review determines that staff consent is required for this storage, we will provide an admin consent or preferences control.
| Purpose | Lifetime | |---|---| | Support debug logging toggle — set only when our support team is troubleshooting an issue with you | 1 year | | Last-used dashboard tab, restored on your next visit | 1 year |
Analytics
ExcuseMe does not use analytics cookies at the moment. This holds across the customer ordering flow, the admin backoffice, and (currently) any marketing surface.
If analytics, advertising, session replay, or non-essential A/B testing is added to any surface, the same release will include an appropriate consent mechanism.
Not used
We do not use:
- Advertising cookies (no ad trackers, no Google Ads pixel).
- Social media tracking cookies (no Facebook Pixel, no LinkedIn Insight tag).
- Cross-site tracking cookies — our cookies are strictly first-party.
3. Other storage technologies
We also use the following local-browser storage (not cookies, but covered for transparency):
localStorage— stores:- UI preferences (the support debug-logging toggle and the last-used admin dashboard tab);
- on the marketing site, your chosen language so it persists across visits;
- a short-lived "active order" marker on the customer ordering flow — when you place an order we store its order reference under a key scoped to that venue and table, so we can show a "back to your order" shortcut if you return to the menu while it's still being prepared. It self-deletes after about 4 hours.
sessionStorage— stores temporary ordering-session details while the browser tab is open. Cart contents are sent to our servers when you place an order.- IndexedDB — used by the service worker for offline-capable assets. No personal data.
- Service Worker cache — stores static UI assets so the customer ordering flow still works on flaky WiFi. No personal data.
4. Third-party cookies set during specific flows
| Flow | Third party | Why | |---|---|---| | Sign in with Google | Google | Google's OAuth / account chooser. Governed by Google's Privacy Policy. | | Sign in with Microsoft (staff) | Microsoft | Microsoft's OAuth / account chooser. Governed by Microsoft's Privacy Statement. | | Sign in with Apple (staff) | Apple | Apple's OAuth / account chooser. Governed by Apple's Privacy Policy. | | Subscription checkout | Paddle | Paddle's hosted checkout runs in an iframe or redirect. Governed by Paddle's Privacy Policy. | | Voice synthesis / recognition | Google Cloud, OpenAI, or another enabled voice provider | Voice requests are handled by the configured provider. Cookies, if any, are set on that provider's domain. |
These services are sub-processors and are disclosed in our Subprocessors list.
5. Cookie consent
ExcuseMe currently runs without a cookie consent banner because the customer ordering flow uses only storage that is necessary to provide the requested service: sign-in, security, accessibility preferences, language preferences, and the cart.
If we add non-necessary storage in the future, such as analytics, advertising, session replay, persistent A/B testing, or storage used primarily to learn about users rather than provide the requested service, we will provide an appropriate consent mechanism before that storage is used.
Cookie consent (EU / UK / other regulated regions)
Because the customer ordering flow uses only necessary storage today, there is no customer-side consent banner to interact with. If a banner becomes required in the future, it will let you accept all, reject all, or choose per category.
Browser settings
All modern browsers let you view, block, or delete cookies in their settings:
- Chrome: Settings → Privacy and security → Cookies and other site data.
- Firefox: Preferences → Privacy & Security → Cookies and Site Data.
- Safari: Preferences → Privacy → Manage Website Data.
- Edge: Settings → Cookies and site permissions.
If you block strictly-necessary cookies, the site will not function correctly — you won't be able to place orders or sign in as an admin.
Loyalty sign-out
If you signed in to the loyalty programme and want to clear the related cookies, sign out from the customer account sheet. The auth token is revoked and the associated cookies cleared on the next page load.
6. Changes to this policy
We may update this policy when we add or remove cookies. Material changes are announced on the marketing site and, for Admin Users, by email.
The effective date at the top reflects the current version. Full
history is in the repository at doc/public/legal/cookie-policy.md.
7. Contact
Questions about cookies? Email privacy@excuseme.pro.