ForkD← Back to home
Informational only — not legal advice. This document is provided for transparency about how ForkD operates. It has not been reviewed by your attorney and does not create an attorney-client relationship. If you need legal advice, please consult a qualified attorney in your jurisdiction.

Cookie Notice

Effective May 14, 2026

This Cookie Notice describes the cookies, browser-storage keys, and similar identifiers that ForkD LLC uses on forkdme.com and builder.forkdme.com.

Cookies and storage we use

  • Sidebar-state cookie — a small first-party cookie that remembers whether you collapsed the builder sidebar. Functional, expires when you clear cookies.
  • JWT session token — stored as forkd_jwt in sessionStorage by default, or in localStorage if you check "Keep me signed in." Used to authenticate API calls. A legacy appdrop_jwt key is read once and migrated forward for users from the pre-rename release.
  • Push subscription identifiers — when you opt into push notifications, your browser stores an opaque endpoint identifier with its push provider (Apple, Google, or Mozilla). We store the same endpoint server-side to send notifications. Revoking notification permission in your browser deletes the subscription.
  • Service worker cache — a precache (versioned forkd-precache-vN) stores the offline fallback page and minimal assets so the PWA works without a network.
  • First-party analytics — minimal in-product event counters (e.g., listing views) used to operate the marketplace. We do not currently load third-party advertising trackers.
  • Processor cookies — Stripe Checkout, Cloudinary uploads, Expo Snack previews, and Twilio verification flows may set their own cookies when their embedded surfaces are loaded. Those cookies are governed by each provider's policy.

Your choices

  • You can clear cookies and storage at any time from your browser settings. Signing out also clears the JWT.
  • You can revoke push permission in your browser's site settings; we automatically prune subscriptions that the push provider reports as gone.
  • You can opt out of "Keep me signed in" by leaving the checkbox unchecked at sign-in — your session will then live only in sessionStorage.

Full service-provider list

For completeness, here is the full set of third-party processors used by the Service that may set or rely on cookies, browser storage, or similar identifiers: MongoDB (server-side session and Guardian records keyed by your JWT), OpenRouter (Claude) (AI code generation; no browser cookies), Expo / EAS (cloud builds; may set cookies on their dashboards), Expo Snack (in-browser preview iframe; sets its own cookies), Cloudinary (uploads; may set cookies on upload widgets), Stripe (Stripe.js + Checkout set their own cookies for fraud detection and session continuity), Twilio (SMS verification UI may set cookies), Privy (server-wallet signing; no browser cookies in the standard flow), Resend (email delivery; no browser cookies), Solana devnet & the Guardian Anchor program (on-chain licensing; no browser cookies), web-push providers (Apple, Google, Mozilla — store opaque push endpoint identifiers in your browser), and the ForkD marketplace backend at forkdme.com (sets the forkd_jwt session token described above). See the Privacy Policy for purpose-of-processing details.

Minimum age

The Service is intended only for users aged eighteen (18) or older. If you are under 18, do not use the Service; this Cookie Notice applies on the same eligibility basis as the other ForkD legal documents.

Changes & contact

We may update this Notice as the product evolves. Governed by the laws of the State of Mississippi, USA. Questions: support@forkdme.com.