Cookie Policy
Helsa
Last updated: December 15, 2025 | Version 1.2
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website or use an application. They store useful information to improve your browsing experience.
In the context of a mobile application like Helsa, we also use equivalent technologies such as:
- Local Storage: local storage in the browser or app
- SQLite Database: local database for offline data
- Secure Storage: secure storage for sensitive data
- SDK Storage: data stored by integrated third-party services
2. Legal Basis
Under Art. 122 of the Italian Privacy Code and the Italian Data Protection Authority's Cookie Guidelines (June 10, 2021), we distinguish between:
- Technical cookies: do not require consent (Art. 122, paragraph 1)
- First-party analytics cookies: equivalent to technical cookies if anonymized
- Profiling cookies: require prior consent (not used)
3. Cookies and Technologies Used
Essential Technical CookiesRequired
These cookies are essential for the application to function and cannot be disabled.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| sb-access-token | Supabase | JWT authentication token | 1 hour |
| sb-refresh-token | Supabase | Session renewal token | 7 days |
| auth_session | Helsa | Local session state | Session |
| biometric_enabled | Helsa | Biometric authentication preference | Persistent |
| onboarding_completed | Helsa | Initial tutorial completion status | Persistent |
| theme_preference | Helsa | Light/dark theme preference | Persistent |
Local Database StorageRequired
Helsa uses a local SQLite database to enable offline use of the application.
| Name | Purpose | Stored Data |
|---|---|---|
| helsa.db | Main local database | Documents, appointments, medications, categories, profiles |
| sync_metadata | Cloud synchronization | Last sync timestamp, synchronization status |
Social Authentication CookiesOn Request
Used only if you choose to sign in with Apple ID or Google. Managed entirely by the respective providers.
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Apple Sign In | Authentication with Apple ID | Apple Privacy |
| Google Sign In | Authentication with Google account | Google Privacy |
Analytics and Monitoring CookiesAnalytics
We use tools to understand how the application is used and to improve service stability.
| Service | Purpose | Data Collected | Server | Privacy Policy |
|---|---|---|---|---|
| PostHog | Product analytics | Usage events, device info, anonymous ID | EU (eu.i.posthog.com) | PostHog Privacy |
| Sentry | Crash reporting and error tracking | Error stack traces, device info, breadcrumbs | EU | Sentry Privacy |
| Expo Analytics | App usage metrics | App opens, version, platform | USA | Expo Privacy |
PostHog Details
PostHog is our main product analytics tool. Here's how we use it:
What we collect:
- App lifecycle events (open, close, background)
- In-app actions (screen navigation, feature usage)
- Device information (type, OS, app version)
- Anonymized user identifier
What we do NOT collect:
- Health document content
- Personally identifiable information
- Information about medications or appointments
- Any sensitive data
GDPR Guarantees:
- EU Servers: all data is processed and stored in the European Union (eu.i.posthog.com)
- Anonymization: user identifiers are pseudonymized
- No advertising profiling
- Limited retention: 2 years
- You can request deletion of your analytics data by contacting us
Payment Services CookiesOn Purchase
Activated only if you decide to subscribe to a Pro plan.
| Service | Purpose | Privacy Policy |
|---|---|---|
| RevenueCat | Subscription and in-app purchase management | RevenueCat Privacy |
| Apple App Store | iOS payment processing | Apple Privacy |
| Google Play Store | Android payment processing | Google Privacy |
4. Third-Party Cookies
Third-party services integrated into the application may set their own cookies. Helsa has no direct control over these cookies. Below is the list of services used:
| Service | Category | Server Country | Extra-EU Transfer |
|---|---|---|---|
| Supabase | Backend & Database | EU (Frankfurt) | No |
| PostHog | Product Analytics | EU | No |
| Sentry | Error Tracking | EU | Possible (SCC) |
| RevenueCat | Payments | USA | Yes (DPF) |
| Expo | App Distribution | USA | Yes (DPF) |
| Apple | Auth & Payments | USA/Ireland | Yes (SCC) |
| Auth & Payments | USA/Ireland | Yes (SCC) |
Legend:
- DPF: EU-US Data Privacy Framework
- SCC: Standard Contractual Clauses
5. How We Manage Cookies in the Mobile App
Since Helsa is a native mobile application, cookie and local storage management works differently than traditional websites:
5.1 Local Storage
- Local data is stored in the application's sandbox
- It is not accessible by other applications
- It is deleted when the app is uninstalled
5.2 Secure Storage
- Authentication tokens and sensitive data are stored securely
- On iOS: Keychain
- On Android: Encrypted Shared Preferences
5.3 Data Deletion
To delete all local data you can:
- Use the "Delete account" feature in the app settings
- Uninstall the application from your device
- Clear the app data from your operating system settings
6. How to Manage Cookies on the Web
If you access Helsa through a web browser, you can manage cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Settings → Privacy & Security → Cookies
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
7. Your Rights
Regarding cookies and tracking technologies, you have the right to:
- Be informed about which cookies we use (this policy)
- Refuse non-essential cookies (we don't use any)
- Withdraw consent at any time (for optional cookies)
- Request deletion of data collected through cookies
- Object to processing for marketing purposes (not applicable)
8. Minors
Helsa does not use cookies for profiling and does not collect data for marketing purposes. The technical cookies necessary for the service to function are the same for all users, regardless of age.
9. Policy Updates
This Cookie Policy may be updated periodically. We will inform you of any significant changes through:
- In-app notification
- Updating the "Last updated" date at the top of this document
- Email (if you have provided your email address)
We encourage you to periodically review this page to stay informed.
10. Contact
For any questions regarding this Cookie Policy or the processing of your data:
Email: marinopanariello@gmail.com
Data Controller: Marino Panariello
Address: Via Alcide De Gasperi 49, Torre del Greco (NA), Italy