Cookies Policy

Last updated: January 17, 2025

1. What Are Cookies and Browser Storage

Cookies are small text files stored on your device when you visit our website. We also use browser storage technologies like localStorage to provide essential functionality for Coomerang.

2. How We Use Cookies and Storage

Coomerang uses cookies and browser storage for essential purposes only:

  • User Authentication: To keep you logged in securely using JWT tokens
  • Session Management: To maintain your login session
  • User Preferences: To remember your settings and interface preferences
  • Security: To protect against unauthorized access
  • Comic Creation: To temporarily store comic work to prevent data loss

Lawful Basis: Legitimate interests (platform functionality & security) and contract performance (keeping you logged in, preserving in-progress comics).

3. Types of Cookies and Storage We Use

3.1 Strictly Necessary Storage

These are essential for the proper functioning of our website:

  • Authentication tokens (localStorage): JWT tokens to keep you logged in securely
  • User data (localStorage): Essential user information for app functionality
  • Session cookies: To maintain your session while using the platform
  • Security cookies: To protect against CSRF attacks and fraudulent activity

3.2 Functional Storage

These enable enhanced functionality:

  • Comic editor data: Temporary storage to prevent loss of your work
  • User preferences: Settings like theme preferences and interface configurations
  • Application state: To maintain the state of the comic creation interface

3.3 Analytics and Tracking

We do NOT use any analytics or tracking cookies. We do not track user behavior, collect analytics data, or use third-party analytics services like Google Analytics.

3.4 Summary of Storage Items

  • token / refreshToken (localStorage): Auth session tokens (retained until logout or expiry).
  • user (localStorage): Basic cached user profile for faster UI (cleared on logout).
  • comic_draft_* (localStorage): Unsaved in-progress comic data (you can manually clear).
  • csrf cookie: Security anti-CSRF token (session scoped).

4. Third-Party Services

We use these legitimate third-party services that may set their own cookies:

  • Stripe: For secure payment processing and subscription management
  • Cloudflare: For content delivery, security, and performance optimization

These services operate under their own privacy policies and cookie usage guidelines. We recommend reviewing their privacy policies for more information.

We do not permit third-party advertising networks or social media trackers.

5. Managing Your Data

5.1 Browser Settings

You can control cookies and local storage through your browser settings:

  • Clear localStorage and cookies
  • Block cookies from specific websites
  • View and delete existing stored data
  • Set notifications when cookies are created

5.2 Impact of Disabling Storage

Disabling cookies and localStorage will significantly affect functionality:

  • You won't be able to stay logged in to your account
  • Comic creation work may be lost
  • User preferences won't be saved
  • Core platform features may not work properly
  • Payment processing may be affected

5.3 Withdrawal

You may clear or block storage at any time via browser settings; essential features (login, editing) will no longer function fully if you do.

6. Data Retention

Stored data has different lifespans depending on its purpose:

  • Authentication tokens: Stored until you log out or they expire
  • User preferences: Stored until manually cleared by you
  • Comic work data: Temporarily stored until published or manually deleted
  • Session data: Cleared when browser session ends

7. Security and Privacy

We implement security measures to protect stored data:

  • Secure transmission: All data transmitted over HTTPS
  • Token encryption: JWT tokens are properly secured
  • Access controls: Strict controls on data access
  • Data minimization: We only store necessary information
  • Regular cleanup: Automatic cleanup of expired data

JWT tokens are signed (not encrypted) and always sent over HTTPS.

8. Updates to This Policy

We may update this Cookies Policy from time to time to reflect changes in our practices. When we make changes, we will update the "Last updated" date at the top of this policy and notify users of significant changes.

Material changes (e.g., introduction of analytics) will be highlighted with a banner prior to activation.

9. Company Information

Coomerang is operated by:

Coomerang LTD
71-75, Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom

As a UK company, we comply with UK GDPR and applicable UK data protection laws regarding the use of cookies and browser storage.

10. Contact Us

If you have any questions about our use of cookies or this policy, please contact us:

We use cookies and browser storage only for essential functionality to enhance your experience on Coomerang. By continuing to use our platform, you consent to our use of these technologies as described in this policy.

Version v1.1 – Effective August 2025.