Cookie & Data Policy
How Persona uses cookies, local storage, and tracking technologies across our app and website.
The Short Version
Persona uses minimal data storage and zero third-party trackers. Our mobile app doesn't use cookies. Our website uses only essential localStorage. We don't use advertising cookies, tracking pixels, or analytics services from third parties.
1. What Are Cookies & Similar Technologies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work, improve efficiency, and provide information to site owners.
Local Storage (localStorage/sessionStorage) is a web browser feature that allows websites to store data locally on your device. Similar to cookies but with larger capacity and no automatic server transmission.
Mobile device storage includes iOS-specific mechanisms like UserDefaults, Keychain, and Core Data that serve similar purposes to cookies within mobile apps.
2. Website (persona-us.com)
Our website at persona-us.com is a static landing page. Here's what we use:
2.1 What We Use
localStorage
- Key:
persona_waitlist_joined - Purpose: Remembers whether you've already submitted the waitlist form so we can show a confirmation message instead of the form on return visits.
- Type: Strictly necessary / functional
- Duration: Persistent until cleared by user or browser
- Third-party: No
- Data sent to server: No — this data stays entirely in your browser
2.2 What We Don't Use
Our website does not use:
- ❌ HTTP cookies (no Set-Cookie headers)
- ❌ Google Analytics or any analytics service
- ❌ Facebook Pixel, Meta Pixel, or social media trackers
- ❌ Advertising cookies or retargeting
- ❌ Session cookies
- ❌ Third-party scripts that set cookies
- ❌ Fingerprinting technologies
2.3 Third-Party Resources
Our website loads fonts from Google Fonts (fonts.googleapis.com). Google's font API does not set cookies, but Google may log font requests as described in Google Fonts Privacy FAQ. No personal data beyond standard HTTP request headers (IP address, user agent) is transmitted.
3. Mobile App (iOS)
The Persona iOS app does not use browser cookies. We use the following iOS-native storage mechanisms:
UserDefaults (On-Device)
- Purpose: Stores non-sensitive preferences — notification settings, onboarding completion status, theme preferences, and feature flags.
- Encryption: Protected by iOS Data Protection (encrypted when device is locked).
- Shared with server: No — remains on your device.
- Cleared when: You delete the app.
iOS Keychain (On-Device, Encrypted)
- Purpose: Securely stores authentication tokens (Supabase access/refresh tokens) and biometric lock configuration.
- Encryption: Hardware-backed AES-256 encryption via Secure Enclave. Accessible only after device unlock.
- Shared with server: Auth tokens are sent to Supabase for authentication. Biometric data is never transmitted.
- Cleared when: You sign out, delete your account, or delete the app.
Offline Queue (UserDefaults, On-Device)
- Purpose: Temporarily stores unsent messages when you're offline. Messages are automatically sent when connectivity is restored.
- Encryption: Protected by iOS Data Protection.
- Shared with server: Queued messages are sent to Supabase when back online, then removed from local storage.
- Cleared when: Messages are successfully sent, or you delete the app.
Image Cache (On-Device)
- Purpose: Caches profile images and photos locally for faster loading and reduced bandwidth usage.
- Encryption: iOS Data Protection.
- Shared with server: No — downloaded once, then served from cache.
- Cleared when: Cache eviction (automatic when storage is low) or app deletion.
Core ML Model (On-Device)
- Purpose: Stores the AI personality analysis model that runs locally on your device.
- Shared with server: Never. The model and all computations remain on-device.
- Cleared when: App deletion.
4. App Tracking Transparency (ATT)
Apple's App Tracking Transparency framework requires apps to request permission before tracking users across other companies' apps and websites.
Persona does not request ATT permission because we do not engage in cross-app tracking. We do not:
- Collect or use Apple's IDFA (Identifier for Advertisers)
- Share data with advertising networks
- Use data from other apps or websites to serve targeted ads
- Send device-level identifiers to third parties for advertising purposes
5. Third-Party SDKs & Services
Persona integrates a minimal set of third-party services. Here is exactly what's included and what data they may access:
Supabase SDK
- Purpose: Database, authentication, real-time subscriptions, file storage
- Data accessed: Account data, profile data, messages, photos (as stored in our database)
- Cookies/trackers: None (REST/WebSocket API — no browser cookies)
- Privacy: supabase.com/privacy
Apple StoreKit 2
- Purpose: In-app subscription purchases and management
- Data accessed: Transaction receipts, subscription status, entitlements
- Cookies/trackers: None (native iOS framework)
- Privacy: apple.com/legal/privacy
Apple Core ML
- Purpose: On-device personality analysis AI
- Data accessed: Personality quiz responses (on-device only)
- Cookies/trackers: None (runs entirely on-device)
- Network calls: None — no data leaves the device
What we do NOT include:
- ❌ Google Analytics / Firebase
- ❌ Facebook SDK / Meta SDK
- ❌ Amplitude, Mixpanel, or other analytics
- ❌ Advertising SDKs (AdMob, Unity Ads, etc.)
- ❌ Crash reporting SDKs (Crashlytics, Sentry, Bugsnag)
- ❌ Attribution SDKs (Adjust, AppsFlyer, Branch)
6. Do Not Track (DNT)
Some web browsers transmit "Do Not Track" (DNT) signals. Since our website does not use tracking cookies, analytics, or advertising technologies, we effectively honor DNT by default — there is nothing to track.
Similarly, the Global Privacy Control (GPC) signal is respected. Our website does not engage in any activity that GPC is designed to opt out of (sale of personal information or cross-context behavioral advertising).
7. Managing Your Data Preferences
Website
- Clear localStorage: Open your browser's developer tools → Application → Local Storage → persona-us.com → Delete. Or clear your browser's site data for persona-us.com.
- Block localStorage: You can disable JavaScript or use a browser extension to block localStorage. Note: the waitlist form may not remember your sign-up status.
Mobile App
- Revoke permissions: iOS Settings → Persona → Toggle off Location, Camera, Photos, Microphone, or Notifications as desired.
- Clear app cache: Delete and reinstall the app. All cached data (images, offline queue) will be cleared. Your account data remains on our servers.
- Delete all data: In the app, go to Settings → Delete Account. This removes all data from our servers and your device within 30 days.
- Biometric lock: Settings → Privacy & Security → Biometric Lock. Toggle on/off as desired.
8. Changes to This Policy
If we make material changes to this Cookie & Data Policy — such as introducing new tracking technologies or third-party services — we will update the "Last Updated" date and notify you via the app or email. We encourage you to review this page periodically.
9. Contact
Questions about this Cookie & Data Policy? Contact us:
- Email: privacy@persona-us.com
- Data Protection Officer: dpo@persona-us.com
For general questions about data practices, see our Privacy Policy.