Legal
Cookie Policy
Version 1.0 — Effective April 2, 2026
1. What are cookies?
Cookies are small text files that websites store on your device (computer, tablet, or phone) when you visit them. They keep websites working, remember your preferences, and help us understand how people use the site. Some cookies are deleted when you close your browser (“session cookies”). Others persist for a set period or until you delete them (“persistent cookies”).
This policy tells you exactly which cookies fatfire.com sets, why we set them, and how you can control them.
2. Who operates this site
FatFire (fatfire.com) is a membership platform for high-net-worth individuals. We respect applicable privacy regulations, including the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), to the extent they apply to our members.
If our operating entity changes in the future, this policy will be updated accordingly. The protections described here will continue to apply regardless of the entity structure behind them.
3. How we use cookies
We group the cookies on fatfire.com into four categories:
- Essential— Required for the site to function. Authentication, session management, and security. You cannot opt out of these.
- Functional— Support specific features like payment processing through Stripe. Set only when you interact with the relevant feature.
- Analytics— Help us understand how visitors use the site so we can improve it. We prioritize privacy-respecting tools.
- Marketing— Used for advertising or cross-site tracking. We do not currently use any marketing cookies.
4. Essential cookies
These cookies are necessary for fatfire.com to work. They handle authentication, protect against cross-site request forgery, and maintain your session. Under both the ePrivacy Directive and U.S. practice, these cookies do not require opt-in consent because the site cannot function without them.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| authjs.session-token | FatFire (NextAuth) | Keeps you signed in. Without it, you would need to authenticate on every page load. | 30 days (rolling) |
| __Secure-authjs.session-token | FatFire (NextAuth) | Same as authjs.session-token, used on HTTPS connections. The __Secure- prefix ensures it is only sent over encrypted connections. | 30 days (rolling) |
| authjs.csrf-token | FatFire (NextAuth) | Prevents cross-site request forgery (CSRF). Ensures that form submissions and authentication requests originate from fatfire.com, not from a malicious third party. | Session |
| authjs.callback-url | FatFire (NextAuth) | Remembers where you were before signing in so you can be returned to the correct page after authentication. | Session |
Your browser will show either authjs.session-token or __Secure-authjs.session-token, depending on whether the connection uses HTTPS (production) or HTTP (local development). They serve the same purpose.
5. Functional cookies
These cookies come from third-party services we integrate with. They are only set when you actively use the relevant feature — for example, Stripe cookies appear during the subscription checkout flow, not during general browsing.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| __stripe_mid | Stripe | Set by Stripe during checkout and payment. Identifies your browser for fraud prevention. | 1 year |
| __stripe_sid | Stripe | Set by Stripe during checkout. Maintains your payment session and prevents fraud. Only present during active checkout. | 30 minutes |
Stripe cookies are set directly by Stripe, Inc. when you interact with their checkout and payment elements. We do not control exactly which cookies Stripe sets, and Stripe may update them. For details, see Stripe's Privacy Policy.
6. Analytics
We use or plan to use the following analytics services:
Plausible Analytics
Our primary analytics tool is Plausible Analytics, a privacy-focused analytics service. Plausible does not use cookies. It does not collect personal data, does not fingerprint visitors, and does not track anyone across sites or sessions. Page view counts are generated from a hash of the visitor's IP address and User-Agent, salted daily and discarded — no visitor can be identified or tracked over time.
Status: Plausible is integrated in our codebase but not yet active. No Plausible data is currently being collected. When we activate it, this policy will not change — Plausible sets no cookies and collects no personal data.
Google Analytics 4 (GA4)
We may use Google Analytics 4 in the future for more detailed traffic analysis. If activated, GA4 would set the following cookies:
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics 4 | Assigns a randomly generated client identifier to distinguish unique visitors. Used to calculate visitor, session, and campaign data. | 2 years |
| _ga_* | Google Analytics 4 | Persists session state across page loads. The suffix (*) is unique to the specific GA4 property. | 2 years |
Status: GA4 is not currently active on fatfire.com. No GA4 measurement ID is configured and no Google Analytics cookies are being set. If we activate GA4, we will update this policy and implement a consent mechanism so GA4 scripts only load after you opt in.
For information on how Google uses data from sites that integrate its services, see Google's Partner Sites Policy.
7. Marketing cookies
We do not use marketing or advertising cookies. We do not run retargeting campaigns, and we do not allow ad networks to place cookies on fatfire.com.
If this changes, we will update this policy and require explicit opt-in consent before any marketing cookies are set.
8. Third-party cookies
Some cookies on fatfire.com are set by third parties, not by us. Here are the third-party services we integrate with that may set cookies:
- Stripe— Payment processing. Stripe may set cookies during checkout for fraud prevention and session management. See Stripe's Privacy Policy.
- Google— OAuth sign-in. Google may set cookies as part of the OAuth authentication flow. If GA4 is activated in the future, Google would also set analytics cookies (listed in Section 6). See Google's Privacy Policy.
We do not control the cookies set by these third parties. Review their respective privacy policies for full details.
9. How to manage cookies
Every major browser lets you view, block, and delete cookies. Here are instructions for the most common ones:
Note: If you disable essential cookies, you will not be able to sign in or use member features. Disabling functional cookies may prevent payment processing from working during checkout.
10. Cookie consent
Under GDPR and the ePrivacy Directive, non-essential cookies require your consent before they are placed on your device. Several U.S. state privacy laws (including CCPA/CPRA) also give you the right to opt out of certain tracking technologies.
Right now, fatfire.com only sets essential cookies (authentication and CSRF protection) and functional cookies during the Stripe checkout flow. These do not require consent under applicable law.
We are building a cookie consent mechanism that will be deployed before we activate any analytics or marketing cookies. When it is live, you will be able to:
- See which categories of cookies are in use
- Grant or withhold consent for each non-essential category
- Change your preferences at any time
- Withdraw consent as easily as you gave it
No analytics or marketing cookies will be placed on your device until the consent mechanism is live and you have opted in.
11. Changes to this policy
We may update this Cookie Policy to reflect changes in the cookies we use, our practices, or applicable law. When we make material changes, we will update the effective date at the top of this page. For significant changes — such as adding a new category of cookies — we will provide prominent notice on the site or via email to registered members.
12. Contact
Questions about cookies or this policy? Contact us:
FatFirefatfire.com
Email: [email protected]