Cookie & Tracker Policy

Last updated: 29 April 2026

This policy explains how cookies and similar trackers are used on the GLP Wise website (www.glpwise.com) and inside the GLP Wise mobile application. It is published by FNC Labs (Pty) Ltd as an extension of the Privacy Policy.

1. What is a cookie?

A cookie is a small text file that a website stores on your device. It lets the site remember information between visits — for example, that you are signed in. The mobile-app equivalent is the platform-managed app sandbox: iOS and Android give each app its own isolated storage area.

2. Cookies on www.glpwise.com

The marketing pages on www.glpwise.com (landing page, privacy policy, terms of service, this page, and the other legal pages) do not set any first-party tracking, analytics or advertising cookies. They are static HTML pages served from our Express backend.

The only cookies that may be set on the marketing pages are strictly necessary session cookies if you sign in to a Pro account from the web preview. These cookies:

are first-party (issued by www.glpwise.com);
are HttpOnly and Secure in production;
contain a random opaque session ID, not your name, email or any health data;
expire after 30 days of inactivity.

Because we use only strictly-necessary cookies, you do not need to accept a consent banner to read or use www.glpwise.com. If we ever add an analytics or advertising cookie we will surface a consent banner first and update this page.

3. Trackers in the mobile app

The mobile app does not use cookies. It uses the platform-provided storage APIs:

AsyncStorage — the app keeps your local health entries, your goals and your preferences in the platform's encrypted application sandbox (iOS Keychain-protected app container, Android internal app storage).
Secure storage (expo-secure-store) — the offline sync queue is encrypted at rest with a per-install AES-256-GCM key kept in iOS Keychain / Android Keystore.
Session token — when you sign in, the same opaque session ID described above is sent on each API request via the Cookie HTTP header.

The app does not use any of the following: advertising IDs (IDFA on iOS, AAID on Android), device fingerprinting, third-party analytics SDKs, social-media pixels, or cross-app tracking. App Tracking Transparency (ATT) on iOS is not triggered because we do not track you across apps or websites.

4. Third-party services

The third parties that process data on our behalf (OpenAI, RevenueCat, Apple, Google, Replit hosting, Sentry) are listed in the Privacy Policy §6. None of them set tracking cookies on www.glpwise.com or inside the app for our purposes.

5. How to control cookies

You can clear or block all cookies in your browser at any time. Doing so will sign you out of any web preview session.
You can revoke the mobile app's local data by signing out (Profile → Sign out) or by uninstalling the app (which clears the app sandbox).
You can delete your account and all server-side data via Profile → Settings → Delete Account, or by emailing support@glpwise.com.

6. Changes to this policy

If we ever start using a new cookie or tracker we will update this page and, where consent is required, surface a banner before any non-essential tracker is set.

7. Contact

Questions about cookies or trackers: support@glpwise.com.