Cookie Policy

Effective 1 May 2026. This page explains how AnvilPlan uses cookies and similar technologies on our own website.

When you authenticate with Strava, Strava’s own sites and policies govern cookies on their domains. This Policy covers our domain(s) only. For how we use Strava data in the product (sync, webhooks, retention, API compliance), see the Strava API integration section of our Privacy Policy.

What are cookies?

Cookies are small text files stored on your device. We use cookies and similar storage (such as local storage where applicable) for essential functions, security, and (where present) payments or diagnostics.

Essential cookies

These are required for the Service to work securely:

Session — keeps you signed in after Strava OAuth and while you use the app.
CSRF token — protects against cross-site request forgery on form submissions.
Security / preferences — small first-party values needed for routing, flash messages, or UI continuity.

Because these are strictly necessary to provide the Service, they are not used for optional marketing profiling on our site.

Stripe (billing)

If you use checkout or the customer billing portal, Stripe or its affiliates may set cookies or use local storage on pages they host or embed. Those technologies are governed by Stripe’s privacy policy.

Diagnostics

We may use error-reporting tools that collect technical data when something fails (for example stack traces, request path, app version). Those tools may use their own cookies or identifiers on their domains; see their documentation for details.

Your choices

Most browsers let you block or delete cookies. Blocking essential cookies may prevent sign-in or core features from working. For advertising cookies on other sites, use your browser or industry opt-out tools where available.

Contact

Questions about this Policy: [email protected].