Privacy
We don't use cookies.
Zero on the marketing site. Exactly one strictly-necessary session cookie on the app, and nothing else, ever.
The promise, exactly
- www.fastyoke.io — zero cookies. Period.
- app.fastyoke.io (signed in) — one cookie:
fy_session,Secure; HttpOnly; SameSite=Strict. Holds your session JWT. Cleared on logout. - Third-party trackers, analytics pixels, ad networks, session replay — none, on either surface.
Why this is the design, not the policy
Single-tenant SQLite means there is no shared analytics warehouse. No place for cross-tenant behavioral data to land — by architecture, not promise.
The marketing site is static MDC. Nothing to instrument. The FSM engine doesn't need to know who reads the pricing page.
The app is a Rust monolith serving its own SPA. No third-party CDN or tag manager in the request path — one origin, one binary, one cookie.
No retargeting, no funnel analytics, no surveillance pixels. If we want to know whether a feature is used, we ship the question to product — not a covert script.
What we use that isn't a cookie
The marketing site writes three keys to your browser's
localStorage. Each holds a UX preference you triggered;
none leave your browser.
fastyoke-announcement-dismissed-<id>— remembers a marketing banner you dismissedfastyoke-docs-recent-searches— your last few /docs searches (your browser only)fastyoke-docs-color-scheme— dark / light / system preference
All three are exempt from consent requirements under GDPR recital 32 and ePrivacy Art 5(3) — they hold UX preferences you triggered and never leave your browser.
Verify it yourself
- Open DevTools → Application → Cookies →
https://www.fastyoke.io— empty. - Sign in, open
https://app.fastyoke.io→ Cookies — exactly one entry,fy_session.