Cookie Policy

Counsel review pending. Structural skeleton; final wording before public launch (Spec §1.4).

Deena uses only strictly-necessary cookies at v1. No analytics cookies, no tracking cookies, no third-party advertising cookies. As a result, no consent banner is required (Spec §4).

Cookies we set

| Name | Purpose | Lifetime | |------|---------|----------| | __Host-deena.session | Authentication session | Up to 30 days idle, 90 days absolute | | __Host-deena.tenant | Active tenant for multi-tenant users (post-launch) | Session | | __Host-deena.locale | Locale persistence when the language switcher is used | 1 year |

The __Host- prefix means the cookie is bound to deena.pro, Secure, and HttpOnly.

Cookies we do not set

• Analytics (Google Analytics, Plausible, Mixpanel, etc.)
• Advertising / re-targeting (Meta Pixel, Google Ads, etc.)
• A/B-testing or session-replay (Hotjar, FullStory, etc.)

Future changes

If we ever add a cookie that is not strictly necessary, we will:

1. Bump the version of this policy and the Privacy Policy
2. Show an in-app notice and require renewed acceptance
3. Add a cookie-consent banner with granular opt-in