COOKIE
POLICY.

Effective: April 11, 2026  ·  Last updated: April 11, 2026

This Cookie Policy explains how FITR, Inc. ("FITR," "we," "our," or "us") uses cookies and similar storage technologies on joinfitr.com, sell.joinfitr.com, and the FITR mobile application (collectively, the "Services").

1. What Are Cookies

Cookies are small text files stored in your browser when you visit a website. We also use localStorage and sessionStorage — browser-based key/value stores that work similarly but are not sent with every HTTP request. On the FITR mobile app we use AsyncStorage, the React Native equivalent.

2. What We Use and Why

We use only strictly necessary storage. We do not place advertising cookies, cross-site tracking pixels, or behavioral profiling technologies.

Name / Key	Type	Purpose	Expires
firebase:authUser:…	localStorage / IndexedDB	Keeps you signed in to your FITR account across browser sessions. Set by Firebase Authentication.	Until sign-out or token expiry
__stripe_mid, __stripe_sid	Cookie	Used by Stripe to detect fraud and process payments securely. Only present when the payment form is active. Set by Stripe, Inc.	1 year / session
fitr_zip	localStorage / AsyncStorage	Stores the zip code you set for local availability display. Never sent to our servers.	Until you clear it
fitr_recently_viewed	AsyncStorage (mobile only)	Stores up to 10 recently viewed products so your "Keep Shopping For" feed stays relevant. Stored on-device only, never sent to our servers.	Until you clear app data
Cart & wishlist data	Firestore (server, signed-in users only)	Your cart and wishlist items are stored in your account so they persist across devices. Not a cookie — requires sign-in.	Until you check out or remove items

3. Third-Party Cookies

Two third-party services may set cookies when you use FITR:

• Google Firebase — authentication tokens stored in IndexedDB/localStorage. Governed by Google's Privacy Policy.
• Stripe, Inc. — fraud-prevention and payment-session cookies set during checkout. Governed by Stripe's Privacy Policy. These cookies are functional and cannot be disabled without breaking the payment flow.

We do not use Google Analytics, Facebook Pixel, TikTok Pixel, or any other advertising or behavioral tracking technology.

4. The Mobile App

The FITR mobile app does not use browser cookies. It uses AsyncStorage (on-device) for preferences like your zip code and recently viewed products, and Firebase Authentication tokens (stored securely by the Firebase SDK) to keep you signed in. Your push notification token (if you grant permission) is stored in your account to deliver order alerts — you can revoke permission at any time in your device's notification settings.

5. How to Control Cookies

Because we use only essential storage, there is no cookie banner to dismiss — everything in use is required for the site to function. However, you can:

• Clear browser storage: Browser settings → Privacy → Clear browsing data → Cookies and site data. This will sign you out.
• Block third-party cookies: Supported in all major browsers. Note that blocking Stripe's cookies may prevent checkout from completing.
• Clear mobile app data: Device Settings → Apps → FITR → Clear Data, or uninstall and reinstall the app.
• Revoke push notifications: Device Settings → Notifications → FITR → toggle off.

6. Do Not Track

We respect the Do Not Track (DNT) browser signal. Because we do not engage in cross-site behavioral tracking, our Services behave the same regardless of your DNT setting.

7. Changes to This Policy

If we introduce new cookies or storage technologies we will update this page and notify users via email or prominent in-app notice at least 14 days before those changes take effect.

8. Contact Us