Cookies Policy — MyCashDash
Version: 1.2 Last Updated: June 2, 2026 Effective Date: June 2, 2026 Document Owner: CloudCoding Limited
Cookies and similar technologies — what they are and how we use them
Cookies are small files of letters and numbers which a website can store on your computer, tablet, or smart phone when you access it. They are widely used to make websites work, or work more efficiently, and to provide information to the owners of the website.
This policy covers our use of cookies and other similar technologies (such as browser local storage and authentication tokens) on the MyCashDash website at mycashdash.com and within the MyCashDash web application (collectively, the "Platform").
This Cookies Policy should be read together with our Privacy Policy, which explains in more detail how we collect, use, and protect your personal data.
This website and the web application
MyCashDash has two parts, and they use cookies differently:
- The marketing website (mycashdash.com) is the site you are reading now. It tells you about the product. You do not need an account to use it, it does not sign you in, and it does not take payment. The website uses Google Analytics, but only after you have accepted analytics cookies.
- The web application (app.mycashdash.com) is the product itself. You sign in to it to manage your finances, and it is where any subscription payment is taken.
Because of this split, some of the technologies described below only apply to one part. In particular, the sign-in and payment technologies in Section (1) apply within the web application, and the analytics in Section (3) applies on the marketing website. Where a technology applies to only one part, we say so.
A note on our current approach
MyCashDash is designed to be lean on tracking. At the date of this policy:
- We do not use any third-party advertising cookies.
- We do not use behavioural, retargeting, or cross-site tracking cookies.
- We use one analytics tool, Google Analytics (provided through Firebase), on the marketing website only, and only after you accept analytics cookies. It is not loaded in the web application, and it is not loaded on the website until you give consent. You can decline it, and you can change your choice at any time.
Apart from analytics, the technologies described below are limited to those that are strictly necessary to operate the Platform, plus a small number that remember your preferences.
If we add any further non-essential cookies in the future, we will update this policy and obtain your consent before those cookies are set.
Cookies and similar technologies that we use
(1) Strictly Necessary
These technologies are essential for you to access the Platform and to use its core features. They cannot be disabled in our system. You can configure your browser to block them, but if you do so, parts of the Platform will not work.
Remembering your cookie choice (marketing website)
When you accept or reject analytics cookies on the website, we record your choice so that we do not ask you again on every visit and so that we honour it.
| Technology | Stored where | Purpose | Duration |
|---|---|---|---|
mcd_cookie_consent | Local storage | Remembers whether you accepted or rejected analytics cookies | Persistent until you clear it or change your choice |
This is strictly necessary because it records a choice we are legally required to remember. It contains only the words "granted" or "denied". It is not used to track you.
Authentication and session management (web application)
When you sign in to the web application, MyCashDash uses Firebase Authentication to sign you in and to keep you signed in across page loads. Firebase Authentication stores authentication tokens in your browser's local storage (and may set first-party cookies as part of its operation) under names such as:
| Technology | Stored where | Purpose | Duration |
|---|---|---|---|
firebase:authUser:* | Local storage | Stores your authenticated session so you remain signed in across page loads | Until you sign out or your token expires |
firebase:host:*, firebaseLocalStorageDb | Local storage / IndexedDB | Supports the Firebase SDK's auth and offline behaviour | Persistent until cleared |
| Firebase ID and refresh tokens | Memory and local storage | Authenticate your requests to our backend | Refreshed automatically; cleared on sign-out |
Without these technologies, you would not be able to sign in to MyCashDash.
Security
| Technology | Purpose | Duration |
|---|---|---|
| Cross-site request forgery (CSRF) protections | Protects you from CSRF attacks against the Platform | Session |
| TLS / HTTPS session state | Maintains the encrypted connection between your browser and our servers | Session |
Subscription and payment (Stripe, web application)
Payment is taken in the web application, not on the marketing website. If you reach a checkout page or open the billing portal, Stripe (our payment processor) will set its own cookies and storage entries on your device to operate the payment flow securely. Examples include __stripe_mid and __stripe_sid. These are governed by Stripe's own cookie and privacy policies. Stripe cookies are only set when you actively use the payment flow.
(2) Functional (First-party preferences)
These first-party technologies remember a small number of preferences so that the Platform behaves consistently for you across sessions.
| Technology | Stored where | Purpose | Duration |
|---|---|---|---|
mcd_activeSpaceId (selected Space) | Local storage | Remembers which Space you last had open so that you return to it when you next sign in | Persistent until cleared or you sign out |
| User preferences (currency, theme, sidebar state, etc.) | Local storage / Cloud Firestore | Remembers your display preferences across sessions | Persistent |
These technologies do not contain personal data beyond the identifier of the Space you last viewed and your interface preferences. They do not track you across other websites.
(3) Analytics (marketing website only)
We use Google Analytics, provided through Firebase, on the marketing website only, to understand how visitors find and use the site (for example, which pages are viewed and roughly where visitors arrive from) so that we can improve it. Google Analytics is not used in the web application.
These analytics cookies are not set until you accept them. On your first visit to the website, a cookie banner asks whether you are happy for us to set analytics cookies. We do not load Google Analytics, and we do not set any analytics cookie, unless you choose "Accept analytics". If you choose "Reject analytics", or simply ignore the banner, no analytics cookies are set. You can change your choice at any time using the "Cookie settings" link in the footer.
Once you have given consent, Google Analytics may set the following:
| Technology | Stored where | Purpose | Duration |
|---|---|---|---|
_ga | Cookie | Distinguishes one visitor from another (the analytics client identifier) | Up to 2 years |
_ga_<container id> | Cookie | Persists analytics session state for our specific Google Analytics property | Up to 2 years |
firebase-installations-database | IndexedDB | Holds the Firebase installation identifier used by the analytics SDK | Persistent until cleared |
Google acts as our analytics provider. Google may process some of this data on infrastructure outside the United Kingdom; that transfer is covered by Google's data processing terms and the safeguards described in our Privacy Policy (Sections 8 and 9). We have configured the property to anonymise IP addresses. We do not use Google Analytics data for advertising, and we do not permit Google to use it to personalise ads.
If you accept analytics and later change your mind, choose "Reject analytics" in "Cookie settings". We will stop loading Google Analytics, and you can also clear the _ga cookies through your browser as described below.
(4) Advertising and Marketing
We do not use advertising, retargeting, or behavioural marketing cookies on the Platform. We do not share data with advertising networks. We do not embed third-party advertising or social-media tracking pixels.
Third-Party Services
The Platform relies on a small number of third-party services that may, in their normal operation, set cookies or store data on your device:
- Google Cloud / Firebase (authentication and infrastructure, within the web application: see "Strictly Necessary" above).
- Google Analytics / Firebase (measurement of how the marketing website is used: see "Analytics" above). Loaded only after you accept analytics cookies.
- Google Fonts (one display font on the marketing website). This does not set a cookie, but your browser's request to Google for the font includes your IP address. See Section 2 of our Privacy Policy for how that transfer is handled. We self-host our other fonts so that they do not involve a third party.
- Stripe (payment processing within the web application, and only when you interact with the checkout or billing portal).
Each of these services is governed by its own privacy and cookie policies:
- Google Cloud / Firebase / Google Analytics: https://policies.google.com/privacy / https://firebase.google.com/support/privacy
- Google Fonts: https://policies.google.com/privacy and https://developers.google.com/fonts/faq/privacy
- Stripe: https://stripe.com/gb/privacy
Other storage technologies used by the Platform
In addition to cookies, MyCashDash uses the following client-side storage technologies. They serve purposes similar to cookies and are subject to the same privacy principles:
- Local Storage — Stores larger amounts of data; persists until explicitly deleted. Used to store your authentication state (via Firebase), your selected Space, and a small number of interface preferences.
- Session Storage — Temporary storage that expires when you close your browser tab. May be used by the Firebase SDK to manage in-progress sign-in flows.
- IndexedDB — Client-side database; used by the Firebase SDK to support its auth and (where applicable) offline functionality.
These technologies are used for the same essential and functional purposes described above.
Managing cookies and storage
Your analytics choice
You control whether we set analytics cookies on the marketing website. Choose "Accept analytics" or "Reject analytics" on the cookie banner shown on your first visit, or open "Cookie settings" in the website footer at any time to change your choice. Rejecting analytics does not affect the strictly necessary technologies that the Platform needs in order to work.
In the Platform
You can sign out of MyCashDash at any time. Signing out clears your authentication tokens and the locally stored Space identifier.
In your browser
Most browsers allow you to control cookies and storage through their settings. You can typically:
- Block all cookies (we do not recommend this, as the Platform will not work without authentication cookies/storage).
- Block third-party cookies.
- Clear cookies and storage on browser close.
- Whitelist specific domains.
Help pages for managing cookies in popular browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- Microsoft Edge: https://support.microsoft.com/en-gb/microsoft-edge
Please note that blocking the authentication and security technologies described in Section (1) will prevent you from signing in to and using MyCashDash.
Clearing client-side data
You can clear MyCashDash's local-storage data by clearing your browser's site data for mycashdash.com. This will sign you out and remove your stored Space selection and preferences. Your account and your financial data on our servers will not be affected.
Changes to this Cookies Policy
We keep this Cookies Policy under regular review and will update it whenever we add or change the cookies or similar technologies we use.
If we introduce non-essential cookies (such as analytics or marketing technologies), we will update this policy and request your consent before any such cookies are set.
The "Last Updated" date at the top of this document indicates when the most recent changes were made.
Contact Us
If you have any questions about this Cookies Policy, please write to us at our registered office:
CloudCoding Limited, Privacy Department, First Floor, Lipton House, Stanbridge Road, Leighton Buzzard, England, LU7 4QQ
For more information about how we process your personal data, please refer to our Privacy Policy.
Helpful Resources
- Information Commissioner's Office (ICO) — Cookies and Similar Technologies: https://ico.org.uk/for-the-public/online/cookies/
- All About Cookies: https://www.allaboutcookies.org
Document Version: 1.2 Last Updated: June 2, 2026 Effective Date: June 2, 2026
For the most current version of this policy, please visit www.mycashdash.com/legal/cookies