Peeld

Cookie Policy

Effective Date: February 28, 2026 · Last Updated: February 28, 2026

This Cookie Policy explains how XiPlatform("we," "us," or "our") uses cookies and similar technologies on peeld.app (the "Service"). This policy should be read alongside our Privacy Policy.

Contents

  1. What Are Cookies
  2. Cookies We Use
  3. Local Storage
  4. Browser Fingerprinting
  5. Third-Party Cookies
  6. How to Manage Cookies
  7. Impact of Disabling Cookies
  8. Changes to This Policy
  9. Contact Us

1. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work more efficiently and to provide information to website operators. Cookies can be "session" cookies (deleted when you close your browser) or "persistent" cookies (remain on your device for a set period or until you delete them).

In addition to traditional cookies, we use other browser storage mechanisms such as localStorage, which serves a similar function but is not automatically sent with HTTP requests.

2. Cookies We Use

We use only essential and functional cookies. We do not use any advertising, analytics, or tracking cookies.

2.1 Essential Cookies

These cookies are strictly necessary for the Service to function. They cannot be disabled without impairing core functionality.

Cookie NameDurationTypePurposeAttributes
peeld-session7 daysPersistentStores your encrypted JWT authentication session token. Used to keep you logged in across browser sessions. Contains no personally identifiable information in plaintext — the token is cryptographically signed and verified server-side on each request.httpOnly, Secure, SameSite=Lax, Path=/
peeld-keys1 yearPersistentStores creator secret pairs that allow you to manage peels you created without an account. Each key is a cryptographic secret that proves ownership of a specific peel. This enables the "no account required" creation flow.httpOnly, Secure, SameSite=Lax, Path=/
PEELD_OAUTH_STATESession (consumed after redirect)SessionStores a temporary, random state value used during the OAuth login flow (Google or Microsoft sign-in). This cookie is used for PKCE (Proof Key for Code Exchange) verification to prevent cross-site request forgery attacks. It is automatically deleted after the OAuth redirect completes.httpOnly, Secure, SameSite=Lax

2.2 Functional Cookies

These cookies enhance your experience by remembering preferences and choices you have made. They are not strictly necessary for the Service to work but improve usability.

Cookie NameDurationTypePurpose
peeld-push-dismissedSessionSessionRemembers that you have dismissed the push notification enrollment prompt during the current browser session, so you are not prompted again until your next visit.

3. Local Storage

In addition to cookies, we use your browser's localStorage API to store small pieces of data on your device. Unlike cookies, localStorage data is not sent to the server with each request. This data remains on your device until you clear it through your browser settings or through application actions.

Key PatternPersistencePurpose
peeld-response-{slug}Until cleared by userStores the response ID after you submit a response to a peel. Used to display the reaction badge on the thank-you page, so you can see how the peel creator reacted to your response. The key includes the peel slug, so a separate entry is created for each peel you respond to.
peeld-revealed-{peelId}Until cleared by userTracks whether you have revealed (unblurred) responses on a peel's results page. Used to maintain the reveal state so you do not need to re-reveal responses when navigating back to the page.
peeld-push-dismissedUntil cleared by userStores the push notification prompt dismissal state. Works in conjunction with the session cookie of the same name for cross-page consistency.

4. Browser Fingerprinting

To prevent duplicate responses (one person submitting multiple answers to the same peel), we use a technique called browser fingerprinting. It is important to understand how this works and how it differs from cookies:

4.1 How It Works

  • We use the open-source FingerprintJS library, which runs entirely in your browser (client-side).
  • The library generates a fingerprint based on your browser's characteristics (screen resolution, installed fonts, canvas rendering, etc.).
  • This fingerprint is immediately hashed using SHA-256 before being transmitted to our servers.
  • Only the resulting hash is stored. We never store the raw fingerprint or its component signals.

4.2 What It Is Not

  • Not a cookie. No data is stored on your device by this mechanism.
  • Not cross-site tracking. The hash is used exclusively within Peeld to detect duplicate responses. It is not shared with any third party and cannot be used to track you across other websites.
  • Not reversible. SHA-256 is a one-way hash function. We cannot reconstruct your browser characteristics from the stored hash.
  • Not personally identifying. The hash alone cannot identify you as an individual. It can only detect that the same browser configuration was used for multiple submissions.

4.3 Why We Use It

Because Peeld allows anonymous responses without login, we need a privacy-preserving mechanism to prevent a single person from flooding a peel with duplicate responses. Browser fingerprint hashing achieves this without requiring an account, storing personally identifiable information, or tracking users across sites.

5. Third-Party Cookies

We do not use any third-party advertising, analytics, or tracking cookies.

Our third-party service providers (Vercel, Turso, OpenAI, Resend) process data server-side and do not set cookies on your browser through the Service. The OAuth authentication flows with Google and Microsoft use our own first-party cookie (PEELD_OAUTH_STATE) for state verification and do not set their own persistent cookies on our domain.

If you sign in via Google or Microsoft, their respective authentication pages may set cookies on their own domains. Those cookies are governed by their privacy policies, not ours:

  • Google Privacy Policy
  • Microsoft Privacy Statement

6. How to Manage Cookies

Most web browsers allow you to control cookies through their settings. Below are instructions for the most common browsers:

6.1 Browser Cookie Settings

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

6.2 Clearing Local Storage

To clear localStorage data set by Peeld:

  • Chrome: Developer Tools (F12) → Application tab → Local Storage → Select peeld.app → Clear
  • Firefox: Developer Tools (F12) → Storage tab → Local Storage → Select peeld.app → Delete All
  • Safari: Developer menu → Show Web Inspector → Storage tab → Local Storage
  • Edge: Developer Tools (F12) → Application tab → Local Storage → Select peeld.app → Clear

Alternatively, clearing your browser's site data for peeld.app will remove both cookies and localStorage at once.

7. Impact of Disabling Cookies

Because we use only essential and functional cookies, disabling or deleting them will affect the usability of the Service:

If You Disable/DeleteImpact
peeld-sessionYou will be logged out and will need to sign in again on your next visit.
peeld-keysYou will lose the ability to manage peels you created without an account. This cannot be recovered — the creator secrets stored in this cookie are the only proof of ownership for anonymous peels.
PEELD_OAUTH_STATEOAuth sign-in (Google/Microsoft) will fail during the redirect step.
peeld-push-dismissedYou may be prompted again to enable push notifications.
All localStorageResponse reaction badges on thank-you pages will not display. Results page reveal states will reset. Push notification dismissal state will reset.

8. Changes to This Policy

We may update this Cookie Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If we add new categories of cookies (such as analytics or advertising), we will provide notice through the Service and obtain consent where required by law before deploying them.

9. Contact Us

If you have any questions about this Cookie Policy, please contact us:

  • Privacy inquiries: [email protected]
  • General support: [email protected]
  • Company: XiPlatform
Privacy PolicyTerms of ServiceCookie Policy

© 2026 XiPlatform. All rights reserved.