Cookie Policy

Last updated: May 11, 2026

This Cookie Policy explains what cookies GymStack uses on the web, and what data is stored on your device when you use the GymStack mobile app. Cookies are small text files placed on your device to make our platform work properly and improve your experience.

1. What Are Cookies?

Cookies are small data files stored on your browser when you visit a website. They allow the site to remember your preferences, keep you logged in, and understand how you use the service. Cookies can be "session" cookies (deleted when you close the browser) or "persistent" cookies (retained until they expire or you delete them).

2. Cookies We Use

The table below lists all cookies set by GymStack:

Cookie NameTypeDurationPurpose
next-auth.session-tokenEssential30 daysKeeps you logged in to GymStack (web)
next-auth.csrf-tokenEssentialSessionProtects against cross-site request forgery attacks
next-auth.callback-urlEssentialSessionRemembers where to redirect after login
__themeFunctional1 yearStores your dark/light theme preference
_vercel_no_cacheFunctionalSessionPrevents stale cache during active development
_ga / _gidAnalytics2 years / 1 dayGoogle Analytics — page views and user behaviour (optional)

3. Types of Cookies Explained

  • Essential — Strictly necessary for the platform to function. These cannot be disabled without breaking core features like authentication.
  • Functional — Enhance your experience by remembering preferences. Disabling them won't break the platform but may reduce convenience.
  • Analytics — Help us understand how users interact with GymStack so we can improve the product. These are optional and anonymised where possible.

3a. Mobile App On-Device Storage

The GymStack mobile app does not use HTTP cookies. Instead it uses secure on-device storage:

  • Auth tokens (Expo SecureStore) — JWT access and refresh tokens are stored in hardware-backed secure storage (iOS Keychain / Android Keystore). These keep you signed in. Cleared on sign-out.
  • Profile cache (AsyncStorage) — a local copy of your profile (name, role, avatar URL) to render the UI before the network responds. Cleared on sign-out.
  • Push notification token — your Expo push token is stored on our server (not on-device) to deliver push notifications. You can revoke this by disabling notifications in your device settings.

4. Third-Party Cookies & Services

We may use third-party services that set their own cookies:

  • Google Analytics — tracks anonymised page views and user journeys. Governed by Google's Privacy Policy.
  • Razorpay — may set cookies on payment pages to detect fraud and manage secure checkout sessions.
  • Expo (mobile) — push notification tokens are transmitted to Expo's infrastructure. Governed by Expo's Privacy Policy.

We do not control third-party cookies. Please review the respective privacy policies of these providers.

5. How to Control Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View cookies currently stored
  • Block all or specific cookies
  • Delete cookies when you close the browser

Note that blocking essential cookies will prevent you from logging in and using GymStack. Links to cookie settings for common browsers:

6. Changes to This Policy

We may update this Cookie Policy when we add or remove cookies. We'll notify you of material changes via email or an in-app notice.

7. Contact

Questions about our cookie use? Email us at privacy@gymstack.co.in or visit our Contact page.