Diese Seite wird auf Englisch bereitgestellt; die englische Fassung ist maßgeblich.
What is a cookie
A cookie is a tiny text file a website asks your browser to store. Your browser hands it back the next time you visit, so the site can remember whether you're logged in, what theme you picked, and similar small things.
WAVOA uses cookies on the marketing website (wavoa.app) and the in-app web view that handles billing. The native iOS and Android apps don't use cookies — see mobile SDKs below.
The full list
Two cookies on the marketing site. That's it. We update this table within 14 days of any change.
| Cookie | Purpose | Lifetime | Required |
|---|---|---|---|
wavoa_consent | Remembers whether you accepted or declined analytics. Set the moment you click a button on the consent banner. | 1 year | Yes (functional) |
ph_* (PostHog) | Anonymised product analytics in PostHog's privacy mode — autocapture off, IP scrubbed, no person profile, no cross-site tracking, no session recording. Loaded by default unless you decline; declining purges any data already captured and stops the SDK from initialising. | 1 year | No |
What's not on this list, ever: Google Analytics, Facebook Pixel, Hotjar, LinkedIn Insight, TikTok pixel, advertising network cookies, retargeting cookies, fingerprinting scripts.
Analytics
We use PostHog (EU region, Frankfurt) in privacy mode— Person Profiles are disabled, IPs are scrubbed, and we've opted out of all cross-site tracking features. It records:
- The page URL you visited.
- The referrer (where you came from).
- A coarse country derived from your IP — your IP itself is discarded immediately.
- Your screen size bucket (mobile / tablet / desktop).
- Anonymous product events such as “user opened the meteogram” — never tied to your account ID.
PostHog in privacy mode does notfollow you across sites or build a person profile. We do not enable session recording, heatmaps, or autocapture. You can opt out at any time at the bottom of any page → “Cookie preferences”, or per-app under Profile → Privacy → Analytics.
Mobile SDKs
The native apps don't use cookies. They do, however, talk to a few SDKs. Same rules: minimum, audited, declared.
- Apple Push Notification service. Required to deliver push alerts on iOS.
- Firebase Cloud Messaging. Required to deliver push alerts on Android. We send only the notification text — never your account ID.
- StoreKit 2 / Google Play Billing. For Pro and Crew subscriptions.
- Sentry (self-hosted). Crash reports. Anonymized — no IP, no user ID. 30-day retention.
- PostHog (EU, privacy mode). Anonymous product events. No IP, no person profile, no autocapture. Opt-out under Profile → Privacy → Analytics.
That's the entire SDK list. No advertising SDKs, no MMP/attribution SDKs, no AppsFlyer / Adjust / Branch / Singular.
How to disable
On the website
The first time you visit, you'll see a consent banner at the bottom of the page. Click “Decline” to switch off PostHog entirely — the SDK never initialises and no events are sent. The choice is remembered for one year in the wavoa_consent cookie. You can change your mind any time via the “Cookie preferences” link in the footer.
In the iOS / Android app
Open Profile → Privacy. Three switches:
- Anonymous analytics — off disables our usage events.
- Crash reports — off disables Sentry. We won't see your crashes; please email us if you spot a bug.
- Personalised sail suggestions — off stops the recommender using your past sessions.
Do Not Track & Global Privacy Control
We honour both. If your browser sends DNT: 1 or Sec-GPC: 1, the optional cookies (wavoa_pref, ph_*) are never set, regardless of any banner you saw or button you clicked.
Contact
Cookie or tracking questions: use the contact form.