Sign Up Log In
Home
Profiles
0
Messages
Media
Main Menu

Turn optional categories on or off. Strictly necessary cookies cannot be switched off because the site needs them to operate and keep your session secure. If you are signed in, we save these choices to your account so they apply when you use the site on another device. You can also change these choices any time under Settings → Cookie preferences. We recommend keeping both options below on so your preferences stick with you and we can keep investing in the features you actually use.

What this policy covers

This policy describes the HTTP cookies we set or read in our own code, optional saved preferences, and optional usage insights. It also notes related browser storage used by our sign-in system. For how we process personal data more broadly, including rights for individuals in the UK, EEA, and California (for example access or deletion requests under GDPR or CCPA/CPRA where those laws apply), see our Privacy Policy.

What cookies are

Cookies are small text files placed on your device when you visit a website. They are widely used to make sites work, keep you signed in, or remember preferences.

How you can control cookies

When you first visit, we show a cookie banner. You can Accept to turn on saved preferences and usage insights together, or choose Customise to open this page and set each optional category. You can return here at any time to change your mind. You can also delete or block cookies in your browser settings. If you block essential cookies, parts of the site (for example staying signed in) may not work as expected.

Cookies and similar technologies we use
Strictly necessary (essential)

These are required for core operation, security, and the sign-in session handled by our server. They are not controlled by the toggles above.

  • NSMSESSID (PHP session cookie). HttpOnly, Secure, SameSite Lax. Identifies your browser session on our server. Used so we can keep your authenticated state in line with Firebase (including storing a verified ID token server-side for protected pages and APIs).
  • LOGINSESSION (when you use stay signed in or equivalent). HttpOnly, Secure, SameSite Strict. Holds a random token we match to a hashed record in our database so you can remain signed in without entering your password every visit. Expires within a limited period.
Google reCAPTCHA (strictly necessary where we use it)

We use Google reCAPTCHA Enterprise on certain flows (for example sign-up, payments, or other steps where we need to reduce abuse and bots). When reCAPTCHA runs, Google may set a cookie such as _GRECAPTCHA so it can perform automated risk analysis for that challenge. Those cookies sit on Google's domains and are not controlled by the optional toggles above. Blocking third-party cookies in your browser may prevent those flows from completing normally. How Google handles data from reCAPTCHA is covered by Google's own terms and privacy disclosures for that product.

Our site currently loads reCAPTCHA from Google's usual host (for example www.google.com). That domain may carry other cookies or storage under Google's control beyond this service. Google's documentation describes www.recaptcha.net as an alternative host where integrations want to rely on Google's reCAPTCHA domain without tying the load exclusively to www.google.com.

Saved preferences (optional)

If you enable this in your settings, we remember choices you make about how the site looks or behaves using cookies and browser storage, so your layout and appearance stay familiar when you come back.

  • preferredColumns. Remembers how many columns you prefer for profile and media grids (for example 2 to 4 columns). We may mirror this in browser storage on some pages.
  • colorMode and clickedTheme. Remember light, dark, or auto appearance, with related values in localStorage where used.
  • useFilters (where used). Remembers whether filter panels on maps or profiles are expanded or collapsed.
Usage insights (optional)

If you enable this in your settings, we load Firebase Analytics (Google Analytics 4) so we can see aggregate trends: for example which parts of the site are busy, where people drop off, or how features are adopted over time. That feedback loop helps us improve performance, plan new work, and keep the service aligned with how members actually use it. It is not used to read your private messages or profile text. It may set cookies such as _ga or similar identifiers used for measurement. If you keep this off, we do not load that script for your browser.

Sign-in and Firebase in the browser

We use the Firebase JavaScript SDK for authentication and real-time features. Firebase may use localStorage, IndexedDB, or similar storage in your browser to keep your session in sync. That is separate from the HTTP cookies listed above, but we describe it here so you know how sign-in works.

Storing your choices when you are signed in

If you are logged in, we store your optional cookie choices under users/{your user id}/cookieSettings/preferences in Firestore so your preferences can follow your account. Your browser still stores a local copy for performance and for when you are not signed in.

Third-party content

We load scripts and assets from CDNs (for example Bootstrap, fonts, or icon kits). Those providers may set their own cookies or similar technologies under their policies. We do not control those cookies. Google reCAPTCHA is called out separately above because we use it for security and fraud prevention on specific flows.

Updates

We may update this policy when our use of cookies changes. The “Last updated” date at the bottom of this page will change when we do.

Contact

Questions about cookies: hello@nostringsmen.com. You can also use the contact form while signed in, reach us on X (Twitter), or phone 0333 XXXXXXX.

Last updated: 7 May 2026