Aerlon

Cookies and Tracking Notice

Last updated: April 28, 2026

We use a small number of cookies and similar technologies to make Aerlon work. We do not use third-party advertising, marketing, or behavioral tracking. Aerlon Junior kid-mode pages do not load product analytics. Here's what's set:

Cookies we set

CookiePurposeLifetimeRequired?
sb-<ref>-auth-tokenSupabase authentication session1 hour, refreshed on activityYes — without this you can't sign in
aerlon_active_childWhich Junior pilot is "flying" inside a parent account90 daysOnly set if you've added a Junior pilot
Browser-set cookies for CSRF protectionStripe checkout (only on the /billing flow)SessionYes during checkout
PostHog analytics cookies/local storageAdult product conversion and product analytics onlyManaged by PostHogNo — not loaded in Aerlon Junior kid mode

What we do NOT use

  • Analytics SDKs on Aerlon Junior kid-mode pages
  • Google Analytics, Mixpanel, Amplitude, or Segment
  • Facebook Pixel, TikTok Pixel, or any advertising tracker
  • Hotjar, FullStory, or any session-replay tool
  • Cross-site tracking cookies
  • Fingerprinting beyond what Supabase auth requires

Browser local storage

Aerlon stores a small amount of data in your browser's local storage to make the app feel snappy:

  • Last-used audio settings (sound on/off toggle)
  • Onboarding state (whether you've seen the intro)
  • PostHog adult-product analytics state, when adult analytics is enabled
  • Service worker cache for offline lesson playback (PWA)

Local storage is cleared when you sign out or clear site data.

Service worker

Aerlon installs a service worker (/sw.js) so the app can work offline as a PWA. The service worker caches lesson content and the app shell. It does not track you or send data to third parties. You can disable it via your browser's site settings.

Push notifications

If a parent opts in to push notifications from the parent/adult surface, we register a push subscription with the browser vendor's push service (Mozilla, Google, Apple, or Microsoft). The subscription endpoint and encryption keys are stored in our database. Aerlon Junior kid mode cannot enable browser push by itself. You can revoke at any time via your browser's site settings or your account settings.

Your choices

Most modern browsers let you block or delete cookies. Doing so will prevent you from staying signed in to Aerlon, but won't stop you from browsing the marketing pages.

Contact

Questions? hello@aerlon.io