This Cookies & Storage Policy explains the small pieces of data that the LuckMap web app at luckmap.app stores in your browser, why we store them, how long they last, and how you can control them. This Policy applies only to the web app. The LuckMap Android app does not use HTTP cookies; if you only use the Android app, this Policy does not apply to you. This Policy operates alongside our Privacy Policy and Terms of Service, and is incorporated into the Privacy Policy by reference.
2. Categories We Use
LuckMap web uses storage in four functional categories:
| Category | Required? | Set by |
|---|---|---|
| Strictly Necessary (sign-in, security, rate limits) | Yes — the Web App will not function without these | LuckMap (first-party) and Firebase |
| Preferences (locale, theme) | No — convenience only | LuckMap (first-party) and next-intl |
| Analytics & telemetry | No — can be disabled in your browser | Firebase Analytics / Google Analytics for Firebase |
| Third-party (Sign-In, Payment processors) | Required only when you actually use those features | Google (Sign-In), Razorpay (India checkout), Dodo Payments (international checkout) |
We do not use advertising cookies on the web app. The mobile app shows ads; the web app currently does not. See Section 7.
3. Strictly Necessary Storage
These entries are required for the Web App to function. They are first-party (set by us or our auth/database libraries running in your browser) and have no advertising purpose.
| Name / key | Type | Purpose | Lifetime |
|---|---|---|---|
firebase:authUser:* | IndexedDB | Stores your Firebase Auth session token so you remain signed in across page reloads. | Until you sign out or clear browser storage |
firebaseLocalStorageDb | IndexedDB | Firebase Auth’s persistence layer. | Until you sign out or clear browser storage |
luckmap_ratelimit_requests | localStorage | Sliding-window timestamps used to enforce the per-minute AI request cap (5 / minute). | Rolling — entries older than one minute are removed automatically |
luckmap_ratelimit_daily_count | localStorage | Daily AI request counter (cap 200 / day) shared with luckmap_ratelimit_daily_date. | Resets each calendar day |
luckmap_ratelimit_daily_date | localStorage | Date stamp (YYYY-MM-DD) used to detect a new day for the daily counter above. | Resets each calendar day |
| Firestore offline cache | IndexedDB | Caches your dashboard and chat history for offline read and instant rendering on reload. | Until you sign out or clear browser storage |
Disabling these entries (for example by using a strict private browsing mode that blocks IndexedDB and localStorage) will cause the Web App to fail or to forget you between visits.
4. Preferences Storage
These entries remember your non-essential preferences so the Web App feels personalised on return visits.
| Name / key | Type | Purpose | Lifetime |
|---|---|---|---|
| Locale path segment (URL) | URL path | Your selected language is encoded in the URL path (e.g. /hi/...) by next-intl rather than a cookie. Changing the language updates the URL and is remembered across navigations. | For the duration of the navigation |
NEXT_LOCALE (optional) | Cookie | If used, remembers your last-selected locale so first-load goes to the right language. | 1 year (refreshed on each visit) |
5. Analytics & Telemetry
We use Firebase Analytics (which is a wrapper around Google Analytics for Firebase) on the Web App to understand product usage in aggregate — for example, which features are used, how many Users visit a page, and where errors occur. Firebase Analytics writes a small number of identifiers to your browser:
| Name / key | Type | Purpose | Lifetime |
|---|---|---|---|
| Firebase Installation ID | IndexedDB | An anonymous identifier tied to this browser installation. Not your account ID. | Until you clear browser storage |
_ga | Cookie (first-party for our domain) | Distinguishes Users for analytics aggregation. | Up to 2 years |
_ga_* | Cookie (first-party for our domain) | Persists session state for Google Analytics 4. | Up to 2 years |
Analytics data we receive contains no birth details, no chat content, and no payment-instrument data. We use it only to improve the product. See Privacy Policy §11 for the full list of analytics events and user properties.
If you do not wish to be measured, you can:
- Block third-party scripts via your browser’s built-in tracking protection or an extension such as uBlock Origin;
- Use the browser’s "Do Not Track" or "Global Privacy Control" signals (we honour both on the Web App by skipping analytics initialisation);
- Clear browser storage at any time from your browser’s privacy / data settings.
6. Third-Party Storage (Payment Processors, Sign-In)
6.1 Google Sign-In
If you sign in with Google, Google may set its own cookies on its own domain (accounts.google.com) to manage your Google session. Those cookies are governed by Google’s policies, not ours: Google Privacy Policy and Google Cookies Policy.
6.2 Razorpay (Web App, India billing region)
When you reach the Razorpay checkout to complete a purchase, Razorpay sets cookies on its own domains (razorpay.com, checkout.razorpay.com) to support the checkout session, fraud screening, and your saved payment methods. Those cookies are governed by Razorpay’s policies, not ours: Razorpay Privacy Policy.
6.3 Dodo Payments (Web App, international billing region)
When you reach the Dodo Payments checkout, Dodo sets cookies on its own domains to support the checkout session, fraud screening, currency conversion, and any applicable VAT/GST collection. Those cookies are governed by Dodo’s policies, not ours: Dodo Privacy Policy.
6.4 Embedded content
If we embed any third-party content on the Web App (for example, a YouTube tutorial), that third party may set its own cookies. We will disclose any such embed in advance and prefer "no-cookie" or privacy-enhanced embed modes where available.
7. Advertising
We do not currently use advertising cookies on the Web App. We do not place display advertisements on luckmap.app, and we do not share data with ad networks for the Web App. (The Android App does serve ads via Google AdMob to Free and Starter tier Users; that is described in our Privacy Policy §9.)
8. Legal Basis
The legal bases on which we set the storage entries above are:
- Strictly necessary storage (Section 3) — necessary for the performance of the contract between you and us (the Terms of Service), and for the legitimate interest of providing a functioning service. No prior consent is required under the EU ePrivacy Directive for strictly necessary cookies.
- Preferences storage (Section 4) — legitimate interest in providing a personalised experience. You may object by clearing your browser storage.
- Analytics (Section 5) — legitimate interest in product improvement, balanced against your privacy. We honour Do Not Track and Global Privacy Control signals to opt out of analytics initialisation.
- Third-party storage (Section 6) — necessary for the performance of the contract (sign-in, payment processing) when you actually use those features. The processor’s own legal basis governs its own cookies.
Under India’s Digital Personal Data Protection Act 2023 (DPDP Act), strictly necessary processing is permitted on a "legitimate use" basis (Section 7(a)) and analytics with notice is permitted with implied consent that you may withdraw at any time. We rely on those bases respectively.
9. Your Controls
You can control storage in several ways:
- Clear all storage — from your browser’s privacy / data settings, choose "Clear browsing data" and select cookies, localStorage, and IndexedDB. This will sign you out, reset preferences, and remove analytics identifiers. Strictly necessary entries will be re-created the next time you sign in.
- Block third-party cookies — most browsers offer a "Block third-party cookies" setting. This will not affect our own first-party storage, but it may break the Razorpay or Dodo checkout flows when you reach them.
- Use private / incognito mode — storage is ephemeral and cleared when the window is closed. Sign-in will not persist across sessions.
- Use a tracking-protection extension — tools such as uBlock Origin, Privacy Badger, or built-in browser protections will reduce or eliminate analytics identifiers.
- Use Do Not Track / Global Privacy Control — we honour both signals by skipping analytics initialisation on the Web App.
- Sign out — signing out clears the Firebase Auth session token from IndexedDB.
Disabling strictly necessary storage will cause the Web App to fail (e.g. you cannot stay signed in, AI rate limits cannot be enforced client-side, etc.). Disabling third-party cookies for Razorpay or Dodo will prevent their checkout pages from loading correctly.
10. Changes to This Policy
We may update this Cookies & Storage Policy from time to time. Material changes will be communicated through an in-app banner on the Web App and an updated "Last Updated" date at the top of this page. Continued use of the Web App after the new effective date constitutes acceptance of the updated Policy.
11. Contact
Storage / Privacy Queries
Email: support@luckmap.app
Subject: "Cookies / Storage Query"
For Indian DPDP-Act grievances, see the Grievance Officer details in our Contact page.
Response time: within 7 business days