Cookie Policy
Effective date: May 7, 2026 · Last updated: May 7, 2026
This policy explains whether and how CalmMessage uses cookies and similar tracking technologies across the CalmMessage iOS app and this website.
At a glance
- Today: strictly necessary cookies only (Cloudflare security).
- Coming: limited advertising and analytics cookies, with your consent via a cookie banner.
- Never: cookies that connect to your in-app activity, messages, or account.
- No cookies. No tracking pixels.
- No advertising SDKs. No analytics SDKs.
- Your messages and in-app behavior are never used for advertising, ever.
We do not sell, rent, or share your personal data with advertisers or third-party marketers.
What cookies are
Cookies are small text files that a website places on your browser or device to remember information about you across visits. They are commonly used for session management, analytics, personalisation, and targeted advertising.
The CalmMessage iOS app
CalmMessage is a native iOS iMessage extension. It does not use a browser and therefore cannot set browser cookies. Authentication is handled entirely through the Firebase Authentication SDK, which stores a secure token in the iOS Keychain (not a cookie). That token is sent directly to our API over HTTPS and verified server-side on every request.
The app contains no advertising SDKs, no analytics SDKs, and no third-party tracking libraries. Your in-app activity, message content, and account data are never used for advertising or shared with advertising platforms in any form, even after we begin running ads on our marketing site.
This website
The marketing site you're reading right now is a separate surface from the app. Today, it loads no analytics, no advertising pixels, and no marketing trackers. The only cookies present are strictly necessary cookies set by our hosting provider (Cloudflare) for security and bot protection. These don't identify you, can't follow you across other sites, and aren't shared with us in any usable form.
This will change in the coming months. We plan to add advertising and analytics tools to this website (for example, Meta Pixel, Google Analytics, LinkedIn Insight Tag) to measure how people find us and to reach similar audiences with our marketing. When that happens:
- This policy will be updated before any tool goes live.
- A cookie consent banner will appear on first visit, letting you accept or decline non-essential cookies.
- Declining won't affect your ability to read the site, sign up, or use the app.
- EU, UK, and California users will receive the additional controls their laws require.
| Technology | Used? | Purpose |
|---|---|---|
| Strictly necessary (security) | Yes | Set by Cloudflare for bot protection. Doesn't identify you. |
| Session cookies | No | Not needed — no web login or server-side sessions |
| Analytics cookies | Coming, with consent | To measure how people find us (e.g. Google Analytics) |
| Advertising cookies | Coming, with consent | To reach similar audiences with our marketing (e.g. Meta Pixel) |
| Tracking pixels / beacons | Coming, with consent | Same scope as advertising cookies |
| Local storage / IndexedDB | No | Pages contain no JavaScript that writes to local storage |
| iOS Keychain (app only) | iOS only | Firebase stores your auth token here. Not a cookie, not web-accessible. |
Third-party services and their cookies
Two third-party services are used as part of CalmMessage's operation today. Neither is loaded on CalmMessage web pages, so they don't set cookies via this site.
- Google Firebase Authentication — used inside the iOS app only. Google may set cookies if you visit Firebase or Google services directly, but CalmMessage does not load Firebase on any web page. Google Privacy Policy ↗
- Anthropic (Claude AI) — our server calls the Anthropic API on your behalf when you submit a message. This is a server-to-server call. Anthropic is never loaded in your browser or app. Anthropic Privacy Policy ↗
When we begin running advertising and analytics on calmmessage.com later in 2026, additional vendors will be added to this list. Likely candidates include Meta (Facebook), Google (Ads and Analytics), and LinkedIn. We'll update this policy with the specific vendors and what they do before any of them go live, and a cookie consent banner will let you control which ones are allowed to load.
Changes to this policy
If we ever introduce cookies or similar technologies, we will update this page before doing so and, where the change is material, notify users via the app or email. The effective date at the top of this page will always reflect the most recent revision.
Questions
If you have any questions about this policy: