Harthena does not use tracking or advertising cookies. Here's exactly what we do — and don't — use.
Short version: Harthena does not set any HTTP cookies on your device. We use browser sessionStorage for your login session (cleared when you close the tab) and one localStorage item for a debug preference flag. The only third-party cookies you may encounter are set by Stripe on Stripe's own domain when you visit their payment checkout — not by us.
Cookies are small text files that websites store on your device via your browser. They are widely used to make websites work, remember your preferences, and collect analytics information. Cookies set by the website you are visiting are called "first-party cookies". Cookies set by other organisations through the website are called "third-party cookies".
This policy also covers related storage technologies including localStorage and sessionStorage, which are browser-side storage mechanisms that are not transmitted as HTTP cookies but may store data on your device.
In the UK, the use of cookies and similar technologies is regulated by the Privacy and Electronic Communications Regulations 2003 (PECR), as amended. In the EU, the equivalent rules derive from the ePrivacy Directive (2002/58/EC) as implemented in each member state. Under both frameworks, cookies that are not strictly necessary for the service require the user's informed consent before being set.
Harthena does not set any HTTP cookies on your device. Neither the landing page (harthena.com) nor the app (Harthena PWA) sets any first-party cookies.
We use two browser storage mechanisms that are distinct from cookies — they are not transmitted as HTTP headers and are not accessible cross-site:
| Storage item | Type | Purpose | Duration | Personal data? |
|---|---|---|---|---|
bpm_session |
sessionStorage | Stores your session token to keep you logged in during an active browser session. Used to authenticate API requests to our servers. | Cleared automatically when the browser tab is closed. Maximum 30 minutes of inactivity. | Yes — contains your session token, user ID, and role. Not personally identifiable on its own but links to your family account. |
hna_debug (or brand-equivalent key) |
localStorage | Stores a boolean flag ("1" or absent) indicating whether debug logging is enabled in the browser console. Settable only via the parent settings panel. | Persists until cleared or toggled off. No expiry. | No — contains only "1" or is absent. No personal data. |
Legal basis: sessionStorage is strictly necessary for the operation of the app's authenticated session. Under PECR Regulation 6(4) and the equivalent ePrivacy Directive provision, strictly necessary cookies and storage do not require consent. The debug localStorage item contains no personal data and requires no consent.
When you subscribe to the Family plan, you are redirected to Stripe's hosted checkout page (hosted on stripe.com or checkout.stripe.com — a domain controlled by Stripe, not Harthena). While you are on Stripe's checkout page, Stripe may set its own cookies on your device for the following purposes:
These cookies are set by Stripe on Stripe's own domain and are governed by Stripe's Privacy Policy and Stripe's Cookie Settings. Harthena has no control over these cookies. Once you complete or exit the Stripe checkout page, you are returned to Harthena's domain and Stripe's cookies remain on stripe.com — not on harthena.com.
| Provider | Domain | Purpose | Category |
|---|---|---|---|
| Stripe | stripe.com / checkout.stripe.com | Payment fraud prevention, session management, checkout analytics | Third-party (Stripe's domain) |
Harthena uses PostHog for privacy-friendly analytics. PostHog is configured to store data in the EU (eu.i.posthog.com). It does not use cookies — data is stored in your browser's localStorage. No advertising networks, no cross-site tracking, and no personal data is collected.
What PostHog collects: page views, and anonymous in-app events (for example, "wizard completed" or "first chore created"). We identify sessions using a pseudonymous family code — never your name, email, or any personal identifier. Session recording is disabled. Autocapture is disabled.
PostHog is a GDPR-compliant service. Data is processed and stored on servers located in the EU. You can read PostHog's privacy policy at posthog.com/privacy.
No analytics cookies are set. We do not use Google Analytics, Plausible, Heap, Hotjar, Mixpanel, Facebook Pixel, or any advertising or cross-site tracking service.
Server-side request logs (HTTP method, URL path, response code, timestamp) are retained for 30 days for security and diagnostic purposes. IP addresses in audit logs are irreversibly hashed before storage.
For complete transparency, here is the full inventory of all browser-side storage used across the Harthena landing page and app:
| Item | Domain | Storage type | Set by | Necessary? |
|---|---|---|---|---|
bpm_session |
harthena.com | sessionStorage | Harthena app | Strictly necessary |
hna_debug |
harthena.com | localStorage | Harthena app (parent settings) | Functional (no personal data) |
| Stripe session cookies | stripe.com | HTTP cookie (Stripe's domain only) | Stripe (third party) | Third-party — Stripe's policy applies |
| Analytics cookies | — | — | — | Not used |
| Advertising cookies | — | — | — | Not used |
| Cross-site tracking | — | — | — | Not used |
Because Harthena does not set HTTP cookies, there is no cookie preference centre or consent banner on our site (one would only appear if we added non-essential cookies in future). You can, however, manage browser storage as follows:
You can clear sessionStorage and localStorage through your browser's developer tools or privacy settings. Note that clearing sessionStorage will log you out of the Harthena app; clearing localStorage will reset the debug flag to its default (off).
If you wish to block cookies on stripe.com, you can do so via your browser's cookie settings. Note that blocking Stripe's cookies may prevent the payment checkout from functioning correctly. This does not affect your use of the free plan.
All modern browsers allow you to block, restrict, or delete cookies from specific sites. Refer to your browser's help documentation for instructions. Independent guidance is available from the ICO at ico.org.uk.
Some browsers offer a "Do Not Track" (DNT) signal. Because Harthena does not track users across sites and does not use analytics or advertising cookies, our site does not change its behaviour based on DNT signals — there is nothing to turn off. We do not participate in cross-site tracking under any circumstances.
We will update this Cookie Policy if our use of cookies or storage technologies changes — particularly before introducing any new non-essential cookies. Material changes will be communicated by updating the "Last reviewed" date above and, where required by law, by displaying a consent banner before any new non-essential cookies are set.
We will also notify you by email if we introduce analytics or tracking technologies that require your consent.
If you have any questions about this Cookie Policy or our use of browser storage, please contact us at privacy@harthena.com.
For complaints about our use of cookies under PECR, you may contact the Information Commissioner's Office (ICO) at ico.org.uk. EU residents may contact the data protection authority in their member state.