1. Scope and controller
SYNPHORIAAI sp. z o.o., ul. Migowska 54D/4, 80-287 Gdansk, Poland, uses cookies, local storage, SDK identifiers, pixels, and browser performance signals on Synphoria websites and applications. This policy should be read together with the Privacy Policy and Data Safety & Security Statement.
2. What cookies are
Cookies are small files stored on your device. Similar technologies include local storage, browser APIs, SDK identifiers, pixels, and server-side request identifiers. In this policy, cookie references include those similar technologies where they store or access information on your device.
3. Current categories
- Strictly necessary cookies and similar technologies for login, security, routing, locale continuity, consent records, billing flows, and service delivery.
- Optional analytics for public traffic, reliability, conversion, Core Web Vitals, Wellness long-task, and product quality measurement where the tool is enabled and the required consent exists.
- Optional marketing attribution for outreach and campaign measurement where the tool is enabled and marketing consent exists.
- Optional session replay for UX debugging where Microsoft Clarity is enabled and session replay consent exists.
4. Strictly necessary cookies
- `syn_session` is an HTTP-only signed session cookie used for authentication and account security. Non-remember sessions last up to 12 hours; remember-me sessions last up to 30 days.
- `NEXT_LOCALE` stores the selected platform locale for up to 365 days so public, auth, app, email/report, and workspace flows can stay language-consistent.
- Provider or flow cookies required for sign-in, checkout, billing portal, security checks, abuse prevention, routing, or load balancing may be used only where needed to deliver the requested service.
- Legal basis: GDPR Article 6(1)(b) where required to provide the service, GDPR Article 6(1)(c) where required by law, and GDPR Article 6(1)(f) for security, fraud prevention, routing, and service integrity. Under ePrivacy rules, strictly necessary cookies do not require consent.
5. Consent and preference storage
Synphoria stores optional tracking choices in local storage under `synphoria.cookie-consent.v1`; the legacy key `syn_cookie_consent` may be read only to require a fresh scoped choice. The current consent scope covers `analytics`, `marketing`, and `session_replay` on pulse.synphoria.app. If the scope changes, invalid or legacy records default to off until a new choice is saved.
6. Optional analytics
Google Analytics may run only when `NEXT_PUBLIC_GA_MEASUREMENT_ID` is configured and analytics consent is saved. Synphoria configures Google consent defaults as denied until an update is applied and uses IP anonymization. Public growth and Wellness long-task metrics are also gated by analytics consent where they read the Synphoria consent record. Minimized Core Web Vitals and reliability telemetry may run as service-integrity measurement under GDPR Article 6(1)(f), without advertising identifiers or private chat content. Legal basis for optional analytics trackers: consent under GDPR Article 6(1)(a) and ePrivacy consent where the tool stores or accesses non-essential identifiers.
7. Vercel analytics and performance telemetry
On Vercel deployments, Synphoria may render Vercel Web Analytics and Vercel Speed Insights for aggregate traffic and performance telemetry. Vercel describes Web Analytics as not using third-party cookies and describes Speed Insights as not collecting information that would reconstruct a browsing session across pages or identify a user. Synphoria classifies this as privacy-preserving service measurement under GDPR Article 6(1)(f), and any future non-essential identifier-based tracking must be moved behind consent before use.
8. Optional marketing attribution
Meta Pixel may run only when `NEXT_PUBLIC_META_PIXEL_ID` is configured and marketing consent is saved. It is used for attribution and campaign effectiveness measurement. Marketing consent also controls Google advertising consent signals such as ad storage, ad user data, and ad personalization where Google tooling is configured. Legal basis: consent under GDPR Article 6(1)(a) and ePrivacy consent.
9. Optional session replay
Microsoft Clarity may run only when `NEXT_PUBLIC_CLARITY_PROJECT_ID` is configured and session replay consent is saved. The purpose is interface debugging and UX reliability analysis, not private Sofia/Mark chat review, employer monitoring, or individual wellness inference. Legal basis: consent under GDPR Article 6(1)(a) and ePrivacy consent.
10. Expiry and retention
- Session cookies expire at the configured session lifetime or when cleared on logout.
- The locale cookie expires after up to 365 days unless changed or cleared.
- The consent local-storage record remains until you change preferences, clear browser storage, or Synphoria requires renewed consent for a new scope.
- Third-party tools set their own cookie or identifier durations where enabled; Synphoria only enables optional Google Analytics, Meta Pixel, and Microsoft Clarity through the consent categories described above.
- Server-side logs, security events, billing records, and privacy records follow the retention periods described in the Privacy Policy.
11. Managing consent
You can accept all available optional categories, reject non-essential categories, or manage analytics, marketing, and session replay separately in Cookie Settings. Turning an enabled category off reloads the page to stop active trackers. You can also clear cookies and local storage in your browser. Blocking strictly necessary cookies may break login, locale continuity, checkout, security, or workspace functionality.
12. Updates
Synphoria updates this policy when cookie categories, providers, purposes, legal basis, or retention details materially change. The Last updated field reflects publication changes. Optional tracking must stay disabled by default unless a valid consent record enables it.
13. Contact
Email: contact@synphoria.app. Postal address: SYNPHORIAAI sp. z o.o., ul. Migowska 54D/4, 80-287 Gdansk, Poland.
Contact: contact@synphoria.app