Cookies · Aerlon

We use a small number of cookies and similar technologies to make Aerlon work. We do not use third-party advertising, marketing, or behavioral tracking. Here's exactly what's set:

Cookies we set

Cookie	Purpose	Lifetime	Required?
`sb-<ref>-auth-token`	Supabase authentication session	1 hour, refreshed on activity	Yes — without this you can't sign in
`aerlon_active_child`	Which Junior pilot is "flying" inside a parent account	90 days	Only set if you've added a Junior pilot
Browser-set cookies for CSRF protection	Stripe checkout (only on the `/billing` flow)	Session	Yes during checkout

What we do NOT use

Google Analytics, Mixpanel, Amplitude, Segment, or any analytics SDK
Facebook Pixel, TikTok Pixel, or any advertising tracker
Hotjar, FullStory, or any session-replay tool
Cross-site tracking cookies
Fingerprinting beyond what Supabase auth requires

Browser local storage

Aerlon stores a small amount of data in your browser's local storage to make the app feel snappy:

Last-used audio settings (sound on/off toggle)
Onboarding state (whether you've seen the intro)
Service worker cache for offline lesson playback (PWA)

Local storage is cleared when you sign out or clear site data.

Service worker

Aerlon installs a service worker (/sw.js) so the app can work offline as a PWA. The service worker caches lesson content and the app shell. It does not track you or send data to third parties. You can disable it via your browser's site settings.

Push notifications

If you opt in to push notifications, we register a push subscription with your browser vendor's push service (Mozilla, Google, Apple, or Microsoft). The subscription endpoint and encryption keys are stored in our database. You can revoke at any time via your browser's site settings or your account settings.

Your choices

Most modern browsers let you block or delete cookies. Doing so will prevent you from staying signed in to Aerlon, but won't stop you from browsing the marketing pages.

Contact

Questions? hello@aerlon.io