Legal
Cookie Policy
Last updated: 27 May 2026
1. What Are Cookies
Cookies are small text files stored in your browser when you visit a website. They are used to remember preferences, keep you logged in, and enable certain features. We also use similar browser storage technologies (such as localStorage and sessionStorage) for the same purposes.
2. Our Approach
We keep cookie use to an absolute minimum. GymRecord does not use advertising cookies, social media tracking pixels, or third-party analytics tools that profile your browsing behaviour across the web.
The cookies and tokens we do use fall into two categories: strictly necessary (required for the site to function) and functional (improve your experience without tracking you).
3. Cookies We Use
| Cookie / Token | Provider | Purpose | Type | Expires |
|---|---|---|---|---|
| auth_token | GymRecord | Keeps you logged in to the app | Essential | Session / 30 days |
| cf-turnstile-* | Cloudflare | Bot protection on form submissions | Essential | Session |
| __stripe_mid | Stripe | Fraud prevention during payment | Essential | 1 year |
| __stripe_sid | Stripe | Payment session continuity | Essential | 30 minutes |
4. Cloudflare Turnstile
We use Cloudflare Turnstile on form submissions (such as the mailing list sign-up) to verify that submissions come from real humans, not automated bots. Turnstile is a privacy-preserving alternative to traditional CAPTCHAs.
How Turnstile works:
- When you submit a form, a lightweight challenge runs invisibly in your browser. No images to click, no puzzles to solve.
- Cloudflare may read browser environment signals (user agent, screen properties, interaction patterns) and set a short-lived session token to pass the challenge.
- No personally identifiable information is shared with Cloudflare beyond what your browser ordinarily sends to any website (IP address, browser type).
- Turnstile tokens are single-use and expire after a few minutes. They are not used for tracking across sessions or sites.
For more information, see Cloudflare's Privacy Policy.
5. Stripe
When you make a payment, Stripe sets cookies in your browser to prevent fraud and maintain payment session continuity. These cookies are strictly necessary to process transactions securely. Stripe operates under its own privacy policy and is PCI DSS compliant.
See Stripe's Privacy Policy for details.
6. No Advertising or Analytics Cookies
We do not use Google Analytics, Facebook Pixel, or any other behavioural advertising or cross-site tracking technology. We do not build advertising profiles on our users.
7. Managing Cookies
Because all cookies we use are strictly necessary or functional, we do not display a cookie consent banner - the cookies are required for the site to work as described. If you disable cookies entirely in your browser, some features (such as staying logged in or completing payments) will not function correctly.
You can manage or delete cookies through your browser settings. For guidance:
8. Changes to This Policy
We may update this policy if we introduce new features that use cookies. The "Last updated" date at the top reflects the most recent changes.
9. Contact
Questions about our use of cookies: [email protected]