Cookie Notice

Effective 27 April 2026 · Operated by MARSAD ALEBDAA IT EST (Saudi Arabia)

We try to keep this honest and short. Yameen is operated as a chat bot inside Telegram, with a thin web layer for the marketing landing page and (when active) a subscription dashboard. This notice covers the cookies and similar local-storage technology those web pages use.

1. Summary

Strictly necessary only. We do not use analytics, advertising, fingerprinting, or third-party tracking cookies anywhere on yameen.app. If that ever changes — for example if we add product analytics — we will update this notice and request prior consent through a banner before any non-essential cookie is set.

2. What is a cookie

A cookie is a small text file your browser stores when you visit a website. Local storage and session storage are similar browser-side storage mechanisms. We treat all three under the same principles in this notice.

3. Cookies and storage we currently use

Name / surfaceWhat it doesCategoryLifetime
Marketing landing page (/)No cookies are set. The page is a static HTML file with no analytics or third-party scripts.
OAuth connect page (/connect/[token])Carries a short-lived signed token in the URL itself. No persistent cookie.Strictly necessary10-minute URL token; nothing stored in the browser
Web dashboard (when active)A first-party, HTTP-only, Secure session cookie used to keep you signed in to the dashboard.Strictly necessaryExpires at the end of the browser session, or sooner if you sign out
Caddy reverse proxySends a Strict-Transport-Security header (this is a header instruction, not a cookie). It tells your browser to use HTTPS for yameen.app for one year.Strictly necessary (security)1 year

Strictly-necessary cookies and storage are used to deliver the Service you have asked for and cannot be disabled without breaking parts of the Service. They do not require consent under PDPL or GDPR.

4. Third-party cookies

We do not embed third-party scripts on yameen.appthat set tracking cookies. We do not use Google Analytics, Meta Pixel, or comparable trackers. The only outbound request the marketing page makes is to Google Fonts for the typefaces (Fraunces, Inter, Amiri); Google Fonts does not set cookies for that request.

When you go through OAuth, you are redirected to Google’s, Microsoft’s, or Slack’s consent screens. Those pages are on the provider’s domain (not yameen.app) and their cookies are governed by the provider’s own cookie policy.

5. How to control cookies

Even though we only use strictly-necessary cookies, you can:

  • Configure your browser to reject all cookies. The marketing page will work normally; the dashboard (when active) will not be able to keep you signed in.
  • Clear cookies for yameen.app at any time from your browser’s privacy settings.
  • Use private / incognito mode — cookies are discarded when you close the window.

6. Future changes

If we ever add a non-essential cookie (for example, product analytics helping us measure which features are used most), we will:

  1. Update this notice with the new cookie listed in §3, including its purpose, category, and lifetime.
  2. Show a consent banner the first time you visit; non-essential cookies will not be set unless you accept.
  3. Make sure you can withdraw consent later from a clear “Cookie settings” control.

7. Contact

Questions about cookies or this notice? Email contact@yameen.app.