Cookies Policy
Last updated: June 8th, 2026
Cookies are files that are stored on your device’s hard drive or web browser and are accessed by our server when you access our services. Other technologies may include tags, pixels, SDKs, web beacons, JavaScript, links in emails, device IDs, or similar technologies and may be used for the same purposes as cookies and stored on your hard drive until they expire. Other technologies are used to collect non-personal information or aggregate information used to enhance your experience and gather usage and performance data.
This Cookie Policy describes the practices that “Sunday” (or “us” or “we”) follows when collecting information through use of cookies and similar technologies when you access our services.
1. Information that We collect
When you use our services, like for instance, visit our Website, our web server will temporarily record certain information from the device you use:
- Your session identifier,
- Your IP address, and information generated from anonymized IP address that includes: a computer host name, geographic location (if you have set your system to allow transmission of geolocation information), time of visit, web page URL, referring website, security tokens (for authentication and information submission, like RFP forms),
- The access date,
- The file request of the client (file name and URL),
- The HTTP response code and the website from which you are visiting us,
- The number of bytes transferred during the connection,
- and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (such as delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).
2. Cookies that we use
We use cookies across Sunday technologies (websites, apps, etc.) to improve their performance and enhance your user experience.
Cookies are used to provide the following functions:
Personalization: For example, your language preference is remembered.
Session Management: To ensure that your session is routed to the correct system for the duration of your visit.
Analytics: We use cookies to provide analysis of our users’ on-going usage of the website. This allows us to adapt our website’s offerings according to our users’ interests and facilitates on-going improvements to the website.
AB Testing / Multivariate Testing: We can display multiple versions of a page to a user to assess which generates the best user experience.
Advertising: We can display advertising content depending on location, language, and your past browsing history.
Analysis cookies allow us to understand how you interact with our services in order to analyze, research and improve them (also with the help of third-party data analysis tools).
The analysis cookies which we use are as follows:
| Name of the cookie | Vendor | Purpose of the cookie | Expiration |
| _ga | Google Analytics | Distinguishes users and tracks sessions across the site | 2 years |
| _gid | Distinguishes users; expires after 24 hours | 24 hours | |
| _gat | Throttles request rate to Google Analytics | 1 minute | |
| _ga_<ID> | Persists session state (GA4) | 2 years | |
| _clck | Microsoft Clarity | Persists the Clarity User ID and preferences | 1 year |
| _clsk | Connects multiple page views by a user into a single session | 1 day | |
| CLID | Identifies the first time Clarity saw this user on any site | 1 year | |
| ANONCHK | Checks if cookies are enabled on the browser | 10 minutes | |
| MR | Used to indicate whether to refresh MUID | 7 days | |
| MUID | Identifies unique web browsers visiting Microsoft sites | 1 year | |
| SM | Used to synchronize the MUID across Microsoft subdomains | Session | |
| _hjSessionUser_<ID> | Hotjar | Identifies a unique user; set when a user first lands on a page | 1 year |
| _hjSession_<ID> | Holds current session data; ensures requests are attributed to the same session | 30 minutes | |
| _hjFirstSeen | Identifies if the visitor has been seen before | Session | |
| _hjIncludedInPageviewSample | Determines if user is included in the pageview sample | 30 minutes | |
| _hjAbsoluteSessionInProgress | Detects the first pageview session of a user | 30 minutes |
Advertising cookies and other similar technologies allow us to place targeted advertisements on other sites you visit and to measure your activity regarding those advertisements.
The targeting/advertising cookie which we use are as follows:
| Name of the cookie | Vendor | Purpose of the cookie | Expiration |
| _fbp | Facebook Ads | Used by Facebook to deliver advertisements and track conversions | 3 months |
| _fbc | Stores the last click attribution for Facebook Ads | 2 years | |
| li_fat_id | LinkedIn Ads | Member indirect identifier for ad targeting and conversion tracking | 30 days |
| UserMatchHistory | Enables LinkedIn ad ID syncing | 30 days | |
| AnalyticsSyncHistory | Stores information about the last time a sync with the lms_analytics cookie was made | 30 days | |
| lms_ads | Used to identify LinkedIn members off LinkedIn for advertising | 30 days | |
| bcookie | Browser ID cookie to uniquely identify devices accessing LinkedIn | 2 years | |
| lidc | Facilitates data center selection | 24 hours | |
| _gcl_au | Google Ads | Stores and tracks conversions from Google Ads | 3 months |
| DSID | Used to identify a signed-in user in non-Google websites, in order to opt out of ad personalization | 1 year | |
| clay_session | Clay | Identifies and tracks visitor sessions for Clay’s data enrichment and intent tracking | Session |
| clay_visitor_id | Stores a unique identifier to track returning visitors for enrichment | 1 year |
More information on this link.
The following cookies are used exclusively within the sundayapp.io web application. They are set directly by Sunday and are necessary for the proper functioning of the ordering, payment, and loyalty features offered through the app.
Essential
| Name of the cookie | Purpose of the cookie | Expiration |
| persist:root | Stores the root Redux state | Session |
| persist:app | Stores device ID, bill ID, venue ID | Session |
| persist:anonymousUser | Saves anonymous user information (ID, username, email for receipt) | Session |
| authentication_redirect | Saves the redirect URL after authentication | Session |
| auth_session_brand_${appId} | Cross-brand OTP security | Session |
| persist:basket | Local caching of the current user’s order basket | Session |
| basket_{venueId} | Local caching of the current user’s order basket (venue-specific) | Session |
| persist:venue | Stores restaurant data | Session |
| placed-orders_${businessId} | History of placed orders | Session |
| persist:pendingOrder | Stores the pending order | Session |
| persist:ongoingOrders | Stores ongoing orders | Session |
| persist:receipts | Stores receipt data | Session |
| persist:split | Prevents duplicate payment notifications when splitting a bill | Session |
| persist:tips | Stores tip preferences | Session |
| persist:ordering | Saves alcohol policy and allergen banner preferences | 4 hours |
| persist:groupingSession | Saves the current grouping session identifier and expiration date | Session |
| ORDERING_SESSION_${tableId} | Ordering session ID (legacy hybrid) | Session |
| ORDERING_SESSION_EXPIRATION_{uid} | Stores the current grouping session expiration date | 10 minutes |
| persist:dispatch | Saves delivery addresses entered by the user | Session |
| persist:scheduling | Stores scheduling preferences | Session |
| persist:reviews | Stores review data | Session |
| persist:reviewedOrders | Stores reviewed orders | Session |
| persist:userPreferences | Saves the user’s language preference | Session |
| tabStored | Links an authorisation token or ID to the current bill | Session |
| SEEN_ORDERING_MODAL | Ensures the ordering information pop-up is only shown once | Never expires |
| isXpProveSmartValue | Overrides restaurant tip configuration for A/B testing purposes | Session |
| persist:guestApp | Stores theme, brand and auth for Guest App | Session |
| persist:lba | Stores theme, brand and auth for Loyalty Brand App (LBA) | Session |
| lba_auth_${appId} | Temporary LBA authentication (tab duration) | Session |
| persist:como | persist:leat | persist:paytronix | persist:pongo | persist:thanx | persist:zerosix | Necessary for the operation of the loyalty programme | Session |
| ‘COMO’ | ‘SPLIO’ | ‘Sunday’ | ‘Paytronix’ | ‘PONGO’ | Stores user information and loyalty card data (points, creation date) | Session |
| loyalty-customer-data | Stores user authentication information for the loyalty programme | Session |
| loyalty-otp-modal | Records how many times the OTP modal has been displayed | Session |
| loyalty_onboarding_seen_${appId} | Remembers that the user has already seen the loyalty onboarding | Session |
Functional
| Name of the cookie | Vendor | Purpose of the cookie | Expiration |
| AMP_unsent_{id} | Amplitude | Queue of unsent Amplitude events | Session |
| AMP_remote_config_{id} | Amplitude | Remote Amplitude configuration | Session |
| amp-exp-$default_instance-{id} | Amplitude | Amplitude Experiment cache | Session |
| EXP_unsent_$default_instance | Amplitude | Queue of unsent Amplitude Experiment events | Session |
| EXP_client-aia_DEFAULT_USER_PROVIDER | Amplitude | Amplitude Experiment provider state | Session |
3. What types of targeting do the cookies allow?
Demographics: Target ads based on how well products and services trend with users in certain locations, ages, genders, and device types.
In-market: Show ads to users who have been searching for products and like-services.
Custom intent audiences: Choose words or phrases related to the people that are most likely to engage with sites and make purchases by using “custom intent audiences”.
Similar audiences: Target users with interests related to those on remarketing lists.
Remarketing: Target users that have already interacted with our ads, website, or app
Social media platforms: utilize information about their users in order to determine whether those users should be presented a specific advertising campaign based on criteria selected by the advertiser. This may include information collected through a pixel or similar technology placed on our website, provided by users to the social media platform (e.g., account information and usage of the social network), and information collected from third party websites that is shared with the social media platform.
We do not control the information collected by such partners or advertiser in connection with our website or the further use of information we may provide to them for the aforementioned services, and they do not process such data on our behalf.
Only the data protection policies of those third parties as the respective controllers of such data will apply to their processing of such data.
4. How to opt out?
To opt out of the collection of personal information as part of the Google DoubleClick services (and personalization across Google partner websites and google search) please visit: www.google.com/ads/preferences/html/opt-out.html.
Further information on how Google uses information can be found here https://policies.google.com/technologies/partner-sites.
To opt-out of personalized advertisements on your social media account or newsfeed and for more information on how these social media platforms use your information, please visit:
Facebook: https://en-gb.facebook.com/privacy/explanation
Instagram: https://help.instagram.com/519522125107875
Twitter: https://twitter.com/en/privacy
If you would like to control the use of information about you collected by Facebook from third party websites, you can visit Facebook’s ‘Off-Facebook’ privacy settings here: https://en-gb.facebook.com/off-facebook-activity
Also, when you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR by visiting https://www.rb2b.com/rb2b-gdpr-opt-out.
5. How can you change your preferences or block cookies?
You can change your consent preferences regarding the use of cookies by accessing your preference center.
6. Is your consent required for cookies?
When you use our services, you are notified of the use of cookies and asked to provide your consent for cookies which are not strictly necessary for the services proper operation (for example, Targeting / Advertising cookies).
In addition, you can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time.
Please refer to your browser’s operating instructions to find out how this works. If you choose to disable cookies, some features of our website or Services may not operate as intended.
7. Do we use Pixels (aka web beacons/web bugs/javascript)?
We use pixels to automatically record certain technical information about your interactions when you visit our websites or otherwise engage with us, to help deliver cookies on our websites, or count users who have visited our sites.
We also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements, and related information users.
Unlike cookies, which are stored on a user’s computer hard drive, pixels are embedded invisibly on web pages or in HTML-based emails.
The data we receive through pixels allows us to effectively promote our sites to various populations of users, and to optimize external advertisements about our sites that appear on third-party websites.