Cozzy Cookie Policy
Last Updated: April 5, 2026
This Cookie Policy explains how Cozzy uses cookies and similar technologies in our mobile application (iOS and Android) and web dashboard at web.cozzy.io. We are committed to transparency about our data practices.
This policy is maintained by Cozzy Finance Limited (CRO: 812498), Venture Hub, 136 Capel Street, Dublin 1, Dublin, D01 T2C9, Ireland.
---
What Are Cookies and Similar Technologies?
Cookies are small text files stored on your device. In mobile apps like Cozzy, we use "cookies and similar technologies" to refer to:
- Mobile SDKs that store identifiers on your device
- Local Storage (SharedPreferences, UserDefaults) for app preferences
- Device Identifiers used for analytics
- Web cookies (HTTP cookies) used on our web dashboard for authentication and preferences
---
Types of Cookies We Use
Essential Cookies (Always Active)
These are necessary for the App to function and cannot be disabled.
| Technology | Purpose | Data Stored | Retention |
|---|---|---|---|
| Authentication Tokens | Keep you signed in securely | Encrypted session token | Until logout |
| User Preferences | Remember your display settings | Currency, theme, notification preferences | Until account deletion or app data cleared |
| Cookie Consent | Remember your privacy choices | Consent status, date, and policy version | 6 months |
| Offline Cache | Allow app to work offline | Encrypted financial data | Until cleared |
| Web Authentication (web dashboard) | Maintain your login session | Supabase session token (HTTP-only, secure) | Until logout or session expiry |
| Theme Preference (web dashboard) | Remember your display theme | Light or dark theme selection | 365 days |
| Firebase Crashlytics | Crash reporting for service reliability and security | Crash logs, device info, app state at crash | 90 days |
Essential cookies and crash reporting are deployed under the 'strictly necessary' exemption in Regulation 5(5) of S.I. No. 336/2011 (Ireland) and Regulation 6(4) of PECR 2003 (UK), and under our legitimate interest in maintaining service reliability and security (GDPR Art. 6(1)(f)). They do not require your consent. Crash reporting (Firebase Crashlytics) is necessary to identify and resolve defects that could render the service unusable.
Analytics Cookies (Require Your Consent)
These help us understand how you use Cozzy so we can improve it.
| Technology | Provider | Purpose | Data Collected | Retention |
|---|---|---|---|---|
| Firebase Analytics | Google LLC | Usage analytics | Pseudonymised usage patterns (device-level identifiers, not fully anonymous), screen views, feature engagement | 14 months |
Important: Analytics data uses device-level identifiers rather than your name or email. Event-level data is retained for the periods stated above. Analytics data is never sold to third parties and is shared only with Google under strict data processing agreements.
First-Party Server Analytics
We collect pseudonymised usage events (screen views, feature engagement, error counts) via our own server-side analytics service. This data is buffered locally on your device before being synced to our backend.
- Data collected: Event type, timestamp, screen name, anonymised session identifier. No personally identifiable information.
- Local storage: Up to 1,000 events buffered in app local storage (Hive).
- Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) in maintaining and improving the App.
- Retention: 90 days on our servers.
This data is stored on your device temporarily before transmission. We rely on the ePrivacy strictly necessary exemption for the local storage component, as it is required for the technical delivery of the service, combined with legitimate interest under GDPR for the server-side processing.
---
Managing Your Preferences
When You First Open Cozzy
You will see a cookie consent popup with two options:
- Accept All - Enable analytics cookies to help us improve
- Essential Only - Use only essential cookies
Changing Your Preferences Later
You can change your cookie preferences at any time:
1. Go to Settings > Privacy > Cookie Preferences
2. Toggle analytics cookies on or off
3. Your changes take effect immediately
Consent Renewal
Following Irish DPC guidance, we will ask you to review your preferences every 6 months.
---
What Happens If You Reject Cookies?
- The App will work normally - All core features remain available
- Your data stays private - No analytics data is collected
- We cannot improve based on your usage
---
Third-Party Cookies
Our partners may set their own cookies:
| Partner | When Used | Their Policy |
|---|---|---|
| Analytics, Crashlytics | Google Privacy Policy | |
| Yapily | Bank account connection | Yapily Privacy Policy |
| RevenueCat | Subscriptions | RevenueCat Privacy Policy |
We encourage you to review these policies to understand how they handle your data.
We respect your choices through our in-app cookie consent mechanism and Apple's App Tracking Transparency (ATT) framework on iOS.
---
Do Not Track
While mobile apps do not support the "Do Not Track" browser signal, we respect your choices through:
- Our in-app cookie consent mechanism
- Apple's App Tracking Transparency (ATT) framework on iOS
---
Updates to This Cookie Policy
We will update this Cookie Policy when our cookie practices change or when required by law. If we make significant changes, we will notify you through the App and request your consent again where required by the ePrivacy Directive.
---
Questions?
Contact us at:
- Email: privacy@cozzy.io
- Support: support@cozzy.io
- Cozzy Finance Limited (CRO: 812498), Venture Hub, 136 Capel Street, Dublin 1, Dublin, D01 T2C9, Ireland
You also have the right to lodge a complaint with the Irish Data Protection Commission.