Cookie Policy
Summary
In short: Ascelyo does not use any analytics, advertising or social media cookies. The mobile application uses no cookies at all. The web version uses a single session cookie strictly necessary for your authentication. No consent banner is required.
1. What is a cookie?
A cookie is a small text file stored on your device by your web browser when you visit a website. Cookies can hold session information, remember preferences or track your browsing behaviour.
This policy explains how Ascelyo uses (or does not use) cookies and similar storage technologies.
2. Mobile application (iOS and Android)
The Ascelyo mobile application does not use cookies. Authentication relies on JWT tokens stored in expo-secure-store, the operating system's secure enclave:
- iOS: Keychain Services
- Android: Android Keystore / EncryptedSharedPreferences
These tokens are isolated per application, are not shared between applications and are not accessible by other applications on your device.
Local preferences (theme, language) are stored in AsyncStorage, Expo's native local storage, on your device only, with no transmission to our servers.
3. Website (ascelyo.app)
The Ascelyo website is an auxiliary channel. The vast majority of users access the service through the mobile application. On the web, a single cookie is used:
| Name | Type | Duration | Purpose | Legal basis | Third party |
|---|---|---|---|---|---|
accessToken |
Functional | 15 minutes | JWT authentication token — maintains your web session | Contract (Art. 6.1.b GDPR) — strictly necessary | No (1st party) |
This cookie is httpOnly (inaccessible to JavaScript), Secure (transmitted over HTTPS only) and SameSite=Strict (protected against CSRF attacks). It contains no personal data in plaintext, only an opaque signed token.
4. What we do not use
We have deliberately chosen not to integrate the following technologies:
- Google Analytics / GA4: no external audience measurement
- Mixpanel, PostHog, Amplitude: no product analytics via third-party cookies
- Facebook Pixel / Meta Pixel: no advertising retargeting
- Google Ads / DoubleClick: no behavioural advertising
- Hotjar, Microsoft Clarity: no session recording
- Social media cookies (LinkedIn, Twitter/X, TikTok): no social widgets
- Intercom, Zendesk chat: no support chat via third-party cookies
5. Consent and control
5.1 No consent banner
In accordance with the CNIL guidelines and the ePrivacy Directive (transposed by Article 82 of the French Data Protection Act), cookies strictly necessary to provide a service expressly requested by the user (here, authentication) are exempt from obtaining consent.
We therefore place no cookie requiring a consent banner.
5.2 Declining the authentication cookie
You can configure your browser to refuse all cookies. In that case, the web session will not be maintained, but the mobile application will work normally without being affected. The mobile application is the primary channel of the service.
Instructions for the main browsers:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Preferences → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions → Cookies and data stored
6. Local storage (non-cookies)
In addition to the authentication cookie on the web, the following local storage technologies may be used by the browser:
- SessionStorage: temporary navigation data, cleared when the tab is closed
- LocalStorage: interface preferences (light/dark theme, language) — local data only, never transmitted to our servers
This data contains no sensitive personal information and is under your full control via your browser settings (Developer tools → Application → Storage).
7. Contact
For any question regarding our use of cookies, please write to our contact for data-protection requests at contact@ascelyo.app.