Aphelion Pvt. Ltd.

Cookie & Tracking Disclosure

Effective Date: May 24, 2026

1. Tracking Minimization Principle

Aphelion Pvt. Ltd. has designed Maleu to operate with the absolute minimum amount of tracking necessary to provide a stable, authenticated social networking and fitness tracking platform. We do not engage in behavioral advertising, retargeting, cross-site tracking, user fingerprinting, or profiling of any kind.

2. Storage Technologies We Use

The Platform relies strictly on essential functional and storage technologies to run:

Authentication Session Tokens (Essential): Issued by Supabase. These tokens are stored securely in your device's local secure storage to maintain your logged-in state. They do not track browsing behavior and are completely destroyed when you log out or delete your account.
Firebase Cloud Messaging (FCM) Push Tokens (Functional): Stored on our servers strictly to deliver in-app push notifications to your physical device. These tokens are refreshed periodically and are wiped immediately upon account deletion.
On-Device Local Storage (Functional): The app uses device local AsyncStorage to store offline error/crash queues and cache UI layout state to optimize device performance. It is deleted when you uninstall the app.
Internal Diagnostic Logs: Custom, server-side diagnostics (not third-party systems like Sentry or Crashlytics) capture error stack traces, device model, and OS version to identify and resolve bugs.

3. What We Do NOT Use

We explicitly state and verify that the Maleu Platform does NOT use the following:

Third-party advertising cookies, pixels, or trackers (including Meta Pixel, Google Ads conversions).
Device advertising identifiers (Apple IDFA or Google GAID/AdID).
Third-party behavioral analytics SDKs (Mixpanel, Amplitude, Segment, PostHog, or Firebase Analytics).
Cross-app tracking mechanisms or fingerprinting systems.

4. Third-Party Services and SDKs

The following software development kits (SDKs) are embedded inside our Platform. Their privacy practices are governed by their respective owners:

Supabase Client SDK: Database infrastructure, API connections, and user login controls.

Firebase Cloud Messaging: Standard push notifications delivery.

Google Sign-In & Sign in with Apple: Secure account creation and social login handshakes.

Expo Local Authentication: Device biometric lock triggers (biometric data stays on-device, never sent to servers).

5. User Controls

You retain control over your data. You can manage notifications by turning them off in device settings. You can delete your session and FCM tokens by logging out or permanently deleting your account inside Settings. Uninstalling the app completely wipes all AsyncStorage cache from your device.