Cookie Policy

Last updated: 28 June 2026

Contents

1. The Short Version
2. What Are Cookies?
3. Cookies & Storage We Use
4. What We Do NOT Do
5. Third-Party Cookies
6. In the Mobile App
7. How to Manage Cookies
8. Legal Basis
9. Changes to This Policy
10. Contact & Representatives

This Cookie Policy explains how The Dream Management Group FZE LLC, trading as “Once Upon a Me”, uses cookies and similar technologies on our website at onceuponame.io and in the web pages shown inside our mobile app. It should be read together with our Privacy Policy.

1. The Short Version

We use only strictly necessary cookies (to log you in and keep the site secure) and a small number of functional cookies set by our payment provider when you make a purchase.
We do not use advertising cookies, marketing pixels, cross-site trackers, or third-party analytics cookies on our website.
Because we set no advertising or third-party analytics cookies, we do not show a cookie banner for tracking. The only persistent third-party cookie comes from Stripe (fraud-prevention) and is set only when you go to checkout.
Our optional product analytics live inside the app and are governed by a separate, explicit opt-in (see section 6).
If we ever introduce non-essential cookies, we will ask for your consent first and update this policy.

2. What Are Cookies & Similar Technologies?

A cookie is a small text file that a website places on your device to remember information between pages or visits — for example, that you are signed in.

“Similar technologies” include local storage (a browser store we use only to remember that you have seen our intro animation) and secure device storage (in our app, your login token is held in the device’s secure keychain, not in a cookie).

Category	What it does	Do we use it?	Consent needed?
Strictly necessary	Makes the site work — logging in, keeping it secure	Yes	No (exempt)
Functional	Enables a feature you asked for (e.g. payment)	Yes (payment only)	No (required for the service you requested)
Analytics / performance	Measures how the site is used	Not on the website	n/a
Advertising / targeting	Builds a profile to show ads	No — never	n/a

3. Cookies & Storage We Use

On a normal visit

Browsing our marketing pages sets no cookies beyond what our security/CDN provider needs (see below) and a single browser local-storage value:

Name	Set by	Type	Purpose	Duration
oum-splash-seen	Once Upon a Me (local storage)	Functional (preference)	Remembers you have seen our intro animation so we don’t replay it	24 hours

When you sign in

Name	Set by	Type	Purpose	Duration
oum-web-session	Once Upon a Me	Strictly necessary	Keeps you signed in (secure, HTTP-only authentication token)	Session / token lifetime
authjs.session-token	Once Upon a Me	Strictly necessary	Fallback authentication session	Session

When you make a payment

Payments on our website are handled by Stripe. When you reach checkout, Stripe sets its own cookies to process the payment securely and to help detect fraud:

Name	Set by	Type	Purpose	Duration
__stripe_mid	Stripe	Functional	Fraud prevention (identifies the device across the payment)	Up to ~1 year
__stripe_sid	Stripe	Functional	Fraud prevention during the current payment session	~30 minutes

These are necessary to take payment securely; if you block them, payment may not work. See Stripe’s cookie policy.

When you use our chat assistant

If you use the chat assistant on our website, the messages you type are sent to Google Gemini (our chat provider, a processor located in the US) to generate a reply, and your conversation may be held in your browser’s temporary session storage for the duration of the chat. We do not use the chat to advertise to you.

Always (security & delivery)

Our site is served through Cloudflare, which sets short-lived cookies (such as __cf_bm / __cfruid) needed for bot management, security and reliable delivery. See Cloudflare’s cookie information. The exact names set by Stripe and Cloudflare are controlled by those providers and may change; they are always limited to security, fraud-prevention and delivery — never advertising.

4. What We Do NOT Do

We do not use Google Analytics, Google Tag Manager, Facebook/Meta Pixel, or any other third-party advertising or web-analytics cookie on our website.
We do not sell or share data with advertising networks.
We do not build behavioural profiles of children, and we never use cookies to track children.

5. Third-Party Cookies

The only third parties that set cookies through our website are Stripe (payments) and Cloudflare (security/CDN), as listed above, and only for the strictly necessary or functional purposes described. We do not control these cookies directly; their use is governed by the providers’ own policies, linked above.

6. In the Mobile App

Our mobile app does not use browser cookies. Instead it uses on-device storage:

Secure keychain storage — your login token is stored in the device’s secure keychain (Apple Keychain / Android Keystore) so you stay signed in. Strictly necessary.
App storage — non-sensitive app state (preferences, recently viewed items) is cached on the device for performance. Removing the app clears it.
Push notification token — if you enable notifications, a device token is used to deliver them. You can turn notifications off at any time.
Product analytics (optional, opt-in) — the app can collect anonymous usage analytics to help us improve. This is off until you explicitly opt in, is never used to profile children, and never sends your email or IP address. You can change your choice any time in the app’s privacy settings.

7. How to Manage Cookies

Because we set only strictly necessary and functional cookies, there is nothing to switch off at the cookie level on our site. You can still control cookies through your browser settings (look for “Privacy” or “Cookies”); guidance is at aboutcookies.org. Note that if you block the strictly necessary cookies above, you will not be able to sign in, and payment may not work. Because we do not track you across sites, there is nothing for a “Do Not Track” signal to disable — we honour the principle by simply not tracking.

8. Legal Basis

In the UK and EU, cookies are governed by the Privacy and Electronic Communications Regulations (PECR) / the ePrivacy Directive, alongside the UK GDPR / EU GDPR.

Strictly necessary cookies are exempt from the consent requirement.
The payment cookies are set by Stripe only when you proceed to a checkout you have initiated, to take and secure that payment. We recognise that some regulators view fraud-prevention cookies as requiring consent; if guidance settles that way for our set-up, we will add a checkout-level consent step. We do not set these cookies on general browsing.
We set no advertising or third-party analytics cookies. Where the law requires consent for any future non-essential cookie, we will obtain it before setting that cookie.

9. Changes to This Policy

If we introduce new cookies or change how we use them — in particular if we ever add non-essential analytics or advertising cookies — we will update this policy, change the “Last updated” date above, and, where required, ask for your consent.

10. Contact & Your Representatives

Questions about this policy, or about how we use cookies and personal data: [email protected].

Controller: The Dream Management Group FZE LLC, Office BC-890780, 26th Floor, Amber Gem Tower, Sheikh Khalifa Street, Ajman, United Arab Emirates.

We have appointed Prighter as our representative for the UK and the EU. You can contact them or exercise your data-protection rights via app.prighter.com/portal/once-upon-a-me.

EU representative (Art 27 EU GDPR): iuro Rechtsanwälte GmbH t/a Prighter, Schellinggasse 3, 1010 Vienna, Austria.
UK representative (Art 27 UK GDPR): Prighter Ltd, 20 Mortlake Mortlake High Street, London, SW14 8JN, United Kingdom.