Cookies and Tracking Notice
Last updated: April 28, 2026
We use a small number of cookies and similar technologies to make Aerlon work. We do not use third-party advertising, marketing, or behavioral tracking. Aerlon Junior kid-mode pages do not load product analytics. Here's what's set:
Cookies we set
| Cookie | Purpose | Lifetime | Required? |
|---|---|---|---|
sb-<ref>-auth-token | Supabase authentication session | 1 hour, refreshed on activity | Yes — without this you can't sign in |
aerlon_active_child | Which Junior pilot is "flying" inside a parent account | 90 days | Only set if you've added a Junior pilot |
| Browser-set cookies for CSRF protection | Stripe checkout (only on the /billing flow) | Session | Yes during checkout |
| PostHog analytics cookies/local storage | Adult product conversion and product analytics only | Managed by PostHog | No — not loaded in Aerlon Junior kid mode |
What we do NOT use
- Analytics SDKs on Aerlon Junior kid-mode pages
- Google Analytics, Mixpanel, Amplitude, or Segment
- Facebook Pixel, TikTok Pixel, or any advertising tracker
- Hotjar, FullStory, or any session-replay tool
- Cross-site tracking cookies
- Fingerprinting beyond what Supabase auth requires
Browser local storage
Aerlon stores a small amount of data in your browser's local storage to make the app feel snappy:
- Last-used audio settings (sound on/off toggle)
- Onboarding state (whether you've seen the intro)
- PostHog adult-product analytics state, when adult analytics is enabled
- Service worker cache for offline lesson playback (PWA)
Local storage is cleared when you sign out or clear site data.
Service worker
Aerlon installs a service worker (/sw.js) so the app can work offline as a PWA. The service worker caches lesson content and the app shell. It does not track you or send data to third parties. You can disable it via your browser's site settings.
Push notifications
If a parent opts in to push notifications from the parent/adult surface, we register a push subscription with the browser vendor's push service (Mozilla, Google, Apple, or Microsoft). The subscription endpoint and encryption keys are stored in our database. Aerlon Junior kid mode cannot enable browser push by itself. You can revoke at any time via your browser's site settings or your account settings.
Your choices
Most modern browsers let you block or delete cookies. Doing so will prevent you from staying signed in to Aerlon, but won't stop you from browsing the marketing pages.
Contact
Questions? hello@aerlon.io