FastDCF

Accounts and Sessions

Account Data

Local accounts store the username, password hash, role, and optional email address you provide. Google sign-in accounts also store the Google subject identifier and provider email. Telegram sign-in accounts store the Telegram identifier and Telegram username when supplied by Telegram.

Accounts that are suspended can also carry an administrative suspension reason. Account records are stored on the server in the application data directory and remain there until an administrator deletes them.

Billing Data

FastDCF uses Lemon Squeezy for subscription checkout, payment processing, and the customer portal. FastDCF stores the Lemon Squeezy customer ID, subscription ID, variant ID, subscription status, renewal date, and end date so paid access can be synchronized automatically.

Payment method details are managed by Lemon Squeezy and are not stored by FastDCF.

Session Cookie

The site uses a single authentication cookie named session_id to keep you signed in after login. This is an essential cookie used for core account functionality.

Session data is kept in server memory and is removed when you log out, when it expires, or when sensitive account changes invalidate it. Sessions may also end when the server restarts. When login starts inside the Telegram Mini App, the same session cookie is issued with the cross-site secure attributes required for that embedded context.

Local Browser Storage

If you allow optional calculation caching on the dashboard, the site uses browser session storage for temporary UI state such as active batch runs and recent single or batch calculation snapshots. That data stays in your browser session and is not used for advertising or cross-site tracking.

If you do not allow the cache, those optional calculation snapshots are not stored in your browser.

Cache Consent Preference

The dashboard remembers your calculation-cache choice in a first-party cookie named fdcf_calc_cache_consent. This cookie stores only whether local calculation caching is allowed or declined.

You can change that choice later from the Account page.

Contact and Registration

Registration

The registration form processes the identifier and password you submit to create a local user account. If you register with an email address, that address is associated with your local account.

Google and Telegram sign-in can also create provider-backed accounts on first successful login.

Contact Messages

The contact form stores the email address you enter, your message, the submitting user name when available, your IP address, and your browser user-agent string.

Contact messages are stored on the server, can later receive admin status labels and notes during review, and remain there until an administrator deletes them.

Contact Email Notifications

When contact-email notifications are enabled for this deployment, a saved contact message is also forwarded to the service notification inbox through Resend.

The message body and the stored contact metadata are included in that notification email so the team can review the request outside the admin panel.

Cloudflare Turnstile

The contact and registration pages use Cloudflare Turnstile to reduce automated abuse. A visible verification widget is shown before those forms can be submitted.

When Turnstile is used, verification data and related browser signals are sent to Cloudflare so the server can validate the submission.

This deployment does not enable Turnstile pre-clearance. Turnstile therefore uses a one-time verification token for form submission and does not set Cloudflare's cf_clearance cookie as part of this flow.

Third-Party Services

Google Sign-In

The login page can load Google Identity Services to support Google sign-in. If you use that optional sign-in method, Google processes the authentication flow and returns identity data to this application.

Telegram Login

The login flow can also load Telegram's login widget, and the dedicated /tg page can load the Telegram Mini App script.

If you use Telegram sign-in, Telegram provides signed identity data that this application verifies before creating the session.

CDN Assets

The site also loads some frontend assets from third-party providers, including Google Fonts, Plotly CDN, jsDelivr, and Cloudflare Turnstile when those features are used.

Questions or Requests

If you have a privacy question or want to request deletion of data you submitted through this service, use the contact page.