Cookie & Tracking Technologies Policy

1. What are cookies and similar technologies

Cookies are small text files that a website stores in your browser to remember information between visits. In addition to traditional cookies, we use technologies with similar functions:

• localStorage / sessionStorage: web storage in the browser that persists between sessions (localStorage) or only during the current session (sessionStorage).
• SDK Identifiers: tokens and keys generated by integrated SDKs (such as Mapbox, Firebase) for authentication, security, and technical operation in the mobile application.
• Device tokens: identifiers such as FCM (Firebase Cloud Messaging) tokens used for push notification delivery.
• SharedPreferences / SQLite: local storage in the mobile application for user preferences, data caching, and session state.
• Pixels and web beacons: tiny images (1x1 pixel) that can verify whether an email was opened or a page visited. We currently do not use our own tracking pixels.

2. Technologies used on the website

On the DRI COPILOT website and landing pages, we use a minimal set of local storage technologies:

Name	Type	Provider	Purpose	Duration	Category
dricopilot-theme	localStorage	InAppBot Inc.	Remember the user's visual theme preference (light/dark).	Persistent until manually cleared or preference change.	Strictly necessary
dricopilot-language	localStorage	InAppBot Inc.	Remember the user's preferred language for the website (es/en).	Persistent until manually cleared or preference change.	Functional

Note: our website currently does not use traditional first-party HTTP cookies, analytics cookies (Google Analytics, Segment, etc.), or marketing/advertising cookies. If we incorporate these technologies in the future, we will update this Policy and request consent where required by law.

3. Technologies used in the mobile application

The DRI COPILOT mobile application uses local storage technologies and SDKs that function analogously to cookies in a browser:

Technology / SDK	Provider	Purpose	Category
SharedPreferences	InAppBot Inc. (device local storage)	Store session tokens, user preferences (language, theme, notification settings), app state, and recent location data.	Strictly necessary
SQLite (local databases)	InAppBot Inc. (device local storage)	Alert caching, navigation history, restaurant data, and offline operation.	Strictly necessary
Mapbox SDK	Mapbox Inc.	Map rendering, navigation, geocoding. May collect anonymous telemetry data about map usage and SDK performance.	Strictly necessary
Firebase Cloud Messaging (FCM)	Google LLC	Push notification delivery. Generates and stores a unique FCM token to identify the device.	Strictly necessary
Firebase Analytics	Google LLC	Basic app usage analytics (initialized but with minimal direct usage). May collect event data, sessions, and device properties.	Analytics
Shopify Storefront API	Shopify Inc.	Product catalog and marketplace management. May use technical identifiers for store operation.	Functional (during marketplace use)
RevenueCat SDK	RevenueCat Inc.	In-app subscription management (Nitro Pro). Stores anonymous user identifier and entitlement status locally to verify access to premium features.	Strictly necessary (during subscription management)

4. Third-party technologies

Depending on the features you use, some third-party services may set their own cookies, identifiers, or receive technical data:

• Google Fonts / CDN: when loading fonts from Google servers, they may receive technical metadata from the request (IP address, browser user agent). Google states that it does not use this information for advertising tracking.
• Shopify: may set cookies when you interact with catalog or checkout components hosted by Shopify (applies only if the marketplace redirects to Shopify pages).
• Phosphor Icons (CDN unpkg.com): when loading icons from the CDN, the server may receive technical metadata from the request.

InAppBot does not control the cookies or technologies set by these third parties. For more information about their practices, see their respective privacy policies listed in our Privacy Policy, Section 6.

5. Technology categories and legal basis

5.1 Strictly necessary

These are essential for the operation of the website or application. They cannot be disabled without affecting basic functionality. They do not require prior consent because they are necessary to provide the requested service.

Legal basis: contract performance / legitimate interest (technical operation of the Service).

5.2 Functional

They enable enhanced functions such as remembering language preferences, visual theme, or personalized settings. They are not strictly necessary but significantly improve the experience.

Legal basis: implied consent when setting preferences / legitimate interest.

5.3 Analytics

They help understand how the Service is used, collecting generally anonymous or pseudonymized statistical information. Analytics usage is currently minimal (Firebase Analytics initialized with limited direct usage).

Legal basis: consent (where required by law) / legitimate interest (Service improvement).

5.4 Marketing and advertising

We currently do not use marketing or advertising cookies or technologies. If we incorporate these technologies in the future, we will request your prior explicit consent (opt-in) before activating them, in accordance with applicable law.

6. How to control cookies and tracking technologies

6.1 In the web browser

• Clear cookies and site data: access your browser's privacy settings to clear cookies, localStorage, and other stored data.
• Block third-party cookies: most modern browsers allow you to block third-party cookies from their privacy settings.
• Private browsing mode: use incognito/private mode to browse without data being stored persistently.

Impact: if you clear or block essential local storage (such as dricopilot-theme), some visual or preference features may stop working correctly until you reconfigure your preferences.

6.2 In the mobile application

• System permissions: you can control location, notification, camera, and microphone permissions from device settings (iOS: Settings > Privacy; Android: Settings > Apps > Permissions).
• Advertising identifier: you can reset or limit advertising tracking from device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads).
• Clear app data: you can clear the cache and locally stored data from device settings or by uninstalling the app.
• Notifications: you can disable push notifications from device settings at any time.

6.3 Mapbox Telemetry

Mapbox may collect anonymous telemetry data through its SDK. For more information on how to manage Mapbox telemetry, see the Mapbox Privacy Policy.

7. Do Not Track and Global Privacy Control Signals

7.1 Do Not Track (DNT)

We currently do not respond differently to browser "Do Not Track" signals due to the lack of a universally accepted technical standard for this signal. However, since we do not use advertising or marketing tracking cookies, the practical impact is minimal.

7.2 Global Privacy Control (GPC)

We recognize Global Privacy Control (GPC) signals as a valid opt-out request under the CCPA/CPRA and other applicable privacy laws. If your browser transmits a GPC signal, we will process it as a "Do not sell or share my personal information" request for your browsing session. Since we currently do not sell or share data for advertising, this signal confirms our existing practices.

8. Changes to this Policy

We may update this Policy periodically to reflect changes in the technologies we use, new third-party services, or legal or regulatory requirements. We will post the current version on this page with the last updated date. If changes are material (such as adding analytics or marketing cookies), we will notify you through reasonable means and request your consent where required by law.

9. Contact

If you have questions about our use of cookies and tracking technologies, or wish to exercise your privacy rights, contact our privacy team at the email listed above.