Legal

Cookie policy

Last updated: 2026-04-20 · Version 1.0

Placeholder. Pulsus legal team to replace this copy by 2026-05-15. Structure + links are final; body text is provisional.

Pulsus uses a small set of cookies and similar technologies (localStorage, sessionStorage, device-side keys) to make the product work, remember your preferences, and measure whether our rituals actually help people. This page lists every category, with a clear opt-in for each.

Consent bucket map

Bucket	Purpose	Examples	Default (EU)
Necessary	Auth session, CSRF protection, cookie-consent record	`pw_session`, `pw_auth`, `pw_consent`	Always on
Preferences	Locale, theme, reduced-motion tier, sensory settings	`pw_locale`, `pw_theme`, `pw_sensory`	Opt-in
Analytics	Funnel tracking, feature-flag assignment, CrUX RUM	PostHog (`ph_*`), Sentry performance sampling	Opt-in
Ads / Conversion	Attribution, re-engagement, campaign measurement (Meta Pixel + server CAPI, TikTok, Google Ads)	`_fbp`, `_fbc`, `_gcl_au`	Opt-in
Personalization	AI coach memory, persona-matched content, archetype tailoring	`pulsus-coach-memory`, `archetype_profile`	Opt-in

Server-side tracking note

Some tools (Meta CAPI, Google Ads Enhanced Conversions) fire server-side rather than via a browser cookie. EU data protection authorities treat these as equivalent to cookie tracking — we honour your Ads / Conversion bucket consent for both client- and server-side firings. If you withdraw consent, we suppress the server-side event too.

Global Privacy Control (GPC)

If your browser sends a Sec-GPC: 1 header, we treat it as an explicit opt-out of Analytics, Ads / Conversion, and Personalization buckets. This aligns with CCPA (California), CPRA, and the Colorado / Connecticut / Oregon / Texas / Delaware / Iowa / Minnesota / Montana / New Hampshire / New Jersey / Rhode Island / Tennessee laws that recognise GPC as binding as of 1 Jan 2026.

How to change your choices

Open the cookie banner at any time from the Manage cookies link in the site footer.
Change your settings in Settings → Privacy. Changes take effect immediately on the next page load.
Send a data export or delete-account request if you want the underlying data removed, not just future collection suppressed.

Retention

Cookie + localStorage entries persist for the duration noted in the Preferences column or, where not noted, for 13 months (matching the CNIL guidance for analytics cookies). Your consent record itself is retained for 3 years as a compliance trail.

Full data-processing detail lives in our Privacy Policy.

Consent bucket map

Bucket

Purpose

Examples

Default (EU)

Necessary

Auth session, CSRF protection, cookie-consent record

pw_session, pw_auth, pw_consent

Always on

Preferences

Locale, theme, reduced-motion tier, sensory settings

pw_locale, pw_theme, pw_sensory

Opt-in

Analytics

Funnel tracking, feature-flag assignment, CrUX RUM

PostHog (ph_*), Sentry performance sampling

Opt-in

Ads / Conversion

Attribution, re-engagement, campaign measurement (Meta Pixel + server CAPI, TikTok, Google Ads)

_fbp, _fbc, _gcl_au

Opt-in

Personalization

AI coach memory, persona-matched content, archetype tailoring

pulsus-coach-memory, archetype_profile

Opt-in

Server-side tracking note

Global Privacy Control (GPC)

How to change your choices

Open the cookie banner at any time from the Manage cookies link in the site footer.

Change your settings in Settings → Privacy. Changes take effect immediately on the next page load.

Send a data export or delete-account request if you want the underlying data removed, not just future collection suppressed.

Retention

Full data-processing detail lives in our Privacy Policy.