Doxa Cookie & Tracking Policy

Effective Date: 23 January 2026 | Last updated: 6 February 2026

We believe in transparency and minimal tracking. This policy explains what technologies we use, why we use them, and how you can control them.

This Cookie & Tracking Policy forms part of our Privacy & Data Protection Policy and should be read alongside our Terms of Service.

1. Our Approach: Minimal Tracking

We use only essential cookies and technologies required to operate the Service. We do NOT use:

  • Advertising or marketing cookies
  • Cross-site tracking
  • Third-party analytics for behavioral profiling (the mobile app uses no analytics; the website uses Google Analytics for basic page view metrics — see Section 2 below)
  • Data brokers or ad networks

2. Technologies We Use

Essential Cookies & Storage

Required for the Service to function. Without these, you cannot log in or use core features.

TechnologyProviderPurposeDuration
Auth SessionSupabaseKeeps you logged inUntil logout/expiry
Secure TokenSupabaseAPI authenticationSession
Local StorageBrowser/AppApp preferences, cached dataUntil cleared

Push Notification Tokens

Used to deliver push notifications to your device (if enabled).

TechnologyProviderPurposeDuration
Expo Push TokenExpo (650 Industries)Push notification deliveryUntil app uninstall
APNs TokenApple Inc.iOS push deliveryUntil app uninstall
FCM TokenGoogle LLCAndroid push deliveryUntil app uninstall

Error Monitoring (Optional)

Used to identify and fix bugs. You can opt out of this.

TechnologyProviderPurposeDuration
Error ReportsSentry (Functional Software)Crash and error tracking90 days
Session ReplaySentry (Functional Software)Masked screen recordings for bug diagnosis — all text, images, and input fields are hidden90 days

Website Hosting

Technologies used when you visit our website (doxa.app).

TechnologyProviderPurposeDuration
CDN/EdgeVercel Inc.Website hosting and deliverySession
Access LogsVercel Inc.Security and performance30 days

Website Analytics (doxa.app only)

We use Google Analytics (GA4) on our website to understand basic traffic patterns. This is NOT used in the mobile app.

TechnologyProviderPurposeDuration
Google Analytics 4Google LLCPage views, traffic sources, basic usage patterns (anonymized)14 months

Google Analytics uses cookies to distinguish users. We have enabled IP anonymization and do not use it for advertising, remarketing, or cross-site tracking. For EU visitors, analytics are loaded only with consent where required by law.

3. AI Processing

When you use AI-powered features, your content is processed by our AI partners:

FeatureProviderData ProcessedRetention
Audio TranscriptionAssemblyAIAudio filesDeleted after processing
Title GenerationAnthropic (Claude)Text content7-day retention, then deleted
Content SynthesisGoogle (Gemini)Text contentNot used for training per API terms
Content ReviewAnthropic (Claude)Text content7-day retention, then deleted
Voice Chat (Engage)ElevenLabsVoice audio (streamed)Real-time only, not stored
AI-Generated ImagesAI Image GenerationText prompts (testimony content)Prompts not stored by provider

These are optional features. Your content is processed transiently and is not used to train AI models per our agreements with these providers.

Voice Chat (Engage) — How It Works

When you use the Engage voice chat feature, here's exactly what happens with your data:

  • Voice audio: Streamed in real-time directly to ElevenLabs' Conversational AI—not recorded or stored by Doxa
  • Session metadata: Duration, voice preference, and topics are stored in your account to improve future sessions
  • Conversation context: Your prophecies and testimonies may be referenced to provide personalized encouragement (this data already exists in your account)
  • No audio recordings: Neither Doxa nor ElevenLabs retains audio after your session ends

You can use text-only mode if you prefer not to use voice features.

4. Your Choices & Control

You have control over how we use tracking technologies. Here are your options:

Push Notifications

You can disable push notifications at any time through your device settings (Settings → Notifications → Doxa). Disabling notifications does not affect other app functionality.

Error Reporting

Sentry error reporting helps us fix bugs and improve reliability. You can:

  • Request deletion of your error data at privacy@doxa.app
  • Error data is automatically deleted after 90 days
  • We do not use error data for any purpose other than fixing bugs

Browser Cookies

When using our website, you can manage cookies through your browser settings:

  • Block all cookies: Note that this will prevent login and essential functionality
  • Delete cookies: Clear your browser cookies to remove session data
  • Private/Incognito mode: Browse without persistent cookies

We do not use cookie consent banners because we only use essential cookies that are strictly necessary for the Service to function. Under UK GDPR/PECR, consent is not required for such cookies.

AI Features

AI features (transcription, title generation, voice chat, recommendations) are optional enhancements. You can use the core app without these features if you prefer not to have your content processed by AI. Opting out of AI features does not affect your ability to record and store content.

Do Not Track

We honour "Do Not Track" browser signals. However, since we don't track you for advertising purposes anyway, there is no practical difference whether this setting is enabled or not.

5. Third-Party Privacy Policies

For more information about how our partners handle data:

6. Data Retention Summary

  • Authentication data: Until you log out or session expires
  • Push tokens: Until you uninstall the app or disable notifications
  • Error logs: 90 days, then automatically deleted
  • Website access logs: 30 days
  • Website analytics: 14 months (Google Analytics default with our configuration)
  • AI processing data: Transient (deleted immediately after processing)
  • Voice chat audio: Real-time streaming only, never stored
  • Voice chat session metadata: Retained with your account until you delete it
  • Payment/subscription data: Retained by Stripe; subscription records retained for legal/accounting purposes

7. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the app or this page. The "Last updated" date at the top indicates when this policy was revised.

8. Legal Basis for Cookies

Under UK GDPR, ePrivacy Directive, and PECR, we rely on the following legal bases:

  • Strictly necessary cookies: No consent required—these are essential for the Service to function
  • Analytics/performance cookies: We do not use these
  • Advertising/marketing cookies: We do not use these
  • Optional AI features: Consent (provided when you choose to use these features)
  • Website analytics (Google Analytics): Legitimate interests (service improvement) for non-EU visitors; consent for EU/UK visitors where required by ePrivacy regulations

9. Disclaimer

While we take measures to limit tracking and protect your privacy, you acknowledge that:

  • Third-party providers (Apple, Google, Supabase) may collect data according to their own privacy policies
  • Your device and browser may transmit data that we cannot control
  • We are not liable for tracking conducted by third parties outside our control
  • The Company, its directors (including Garth Hilton Watson), officers, employees, agents, and affiliates ("Company Personnel" as defined in our Terms of Service) are not liable for tracking conducted by third parties outside our control
  • You are responsible for managing your own device and browser settings

10. Contact Us

For questions about cookies or tracking technologies:
Email: privacy@doxa.app
Address: The Doxa Way Ltd, 108 Kings Road, New Haw, Addlestone, KT15 3BH, United Kingdom

See also our Privacy & Data Protection Policy and Terms of Service.

Our Commitment to Your Privacy

No advertising cookies. No behavioural tracking. No data selling. Your privacy matters.