Cookie Policy
Last updated: 2026-06-01
Fortfolio is built to minimise cookie use. We do not load Google Analytics, Meta Pixel, TikTok Pixel, Hotjar or any other third-party analytics or advertising tag. The cookies listed below are the only ones we set, and they exist because the Service cannot function without them.
What is a cookie?
A cookie is a small text file a website stores in your browser. Cookies let the site remember things between page loads — for example, that you are logged in. Some cookies are set by the website you are visiting (first-party); others are set by services the website embeds (third-party). Fortfolio sets only first-party, strictly-necessary cookies.
Cookies we set
| Name | Purpose | Lifetime | Required |
|---|---|---|---|
| next-auth.session-token | Keeps you logged in once you sign in with Google. | 30 days | Yes (if logged in) |
| next-auth.csrf-token | Protects the sign-in flow against cross-site request forgery. | Session | Yes |
| next-auth.callback-url | Returns you to the page you were on after sign-in. | Session | Yes |
| fortfolio-currency | Remembers your display currency preference (USD / INR). | 1 year | No (optional) |
Cookies we do NOT set
We deliberately do not set:
- Google Analytics / Google Tag Manager cookies
- Meta (Facebook) Pixel cookies
- TikTok or Twitter / X conversion-tracking cookies
- Hotjar, FullStory, Mixpanel or similar session-replay cookies
- Cross-site advertising or retargeting cookies
- Affiliate-marketing tracking cookies
Local storage and URL state
We use the browser’s localStorage for ephemeral UI preferences such as collapsed-sidebar state and dismissed tour hints. Stress-test inputs (the portfolios you build) live in the URL of the page, not in storage — this is what makes results URL-shareable without a database write. We do not use IndexedDB.
How to opt out
Because we set only strictly-necessary cookies, opting out is straightforward:
- If you do not log in, you do not pick up the NextAuth cookies.
- If you do not change your display currency, you do not pick up the currency cookie.
- Most browsers let you block or delete cookies through their settings — Chrome, Firefox, Safari and Edge all expose per-site cookie controls.
Blocking the NextAuth cookies will prevent you from signing in. Blocking the currency cookie will reset your currency preference on each visit. Blocking nothing has no other consequence — everything else on the site works without cookies of any kind.
Do Not Track
We honour the browser-level “Do Not Track” signal by default — not because we are required to, but because we do not run the kind of cross-site tracking it was designed to opt out of in the first place. We treat Global Privacy Control (GPC) the same way.
Changes
If we ever add a new cookie — for example, a session-replay tool during a usability study — we will update this page first and announce the change on the home page for at least 14 days.
Contact
Questions: privacy@fortfolio.app. Related: Privacy Policy, Terms of Service.