Cookie Policy

Last Updated: October 26, 2025

This Cookie Policy explains how Innerself ("we," "us," or "our") uses cookies and similar technologies when you visit our website. This policy should be read together with our Privacy Policy.

Service Provider Information

1. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. Cookies are widely used to make websites work more efficiently and to provide information to website owners.

Similar technologies include:

• Local Storage: Browser storage that allows websites to store data locally on your device
• Web Beacons: Small graphic images (also called pixel tags) used to track user behavior
• Scripts: Code that runs in your browser to enhance website functionality

2. Our Approach to Cookies

We prioritize your privacy: Innerself uses minimal tracking technologies and requires your consent before setting analytics cookies.

3. Storage Technologies We Use

3.1 Local Storage (Browser-Based)

Purpose: Temporary storage during payment processing to preserve your results when redirecting to and from payment processor

Type: Essential for service functionality

Duration: Automatically cleared after successful payment (persists across browser sessions to ensure seamless payment flow)

What We Store:

• innerself_pending_payment - Payment status flag
• innerself_results_html - Your personality analysis results (temporarily)
• innerself_top_traits - Your top personality traits (temporarily)
• innerself_scores - Your personality scores (temporarily)

Legal Basis: Necessary for contract performance (GDPR Article 6(1)(b))

Can You Disable It? No - required for payment processing. Without local storage, you cannot purchase premium features.

3.2 Third-Party Cookies (Stripe)

Provider: Stripe, Inc.

Purpose: Secure payment processing and fraud detection

Type: Strictly necessary for service functionality

Duration: Varies (set by Stripe)

Common Stripe Cookies:

• __stripe_mid - Fraud detection and prevention
• __stripe_sid - Session management for payments
• private_machine_identifier - Device fingerprinting for security

Legal Basis: Necessary for contract performance and legitimate interest in fraud prevention

Privacy Policy: Stripe Privacy Policy

Can You Disable It? No - required for secure payment processing. Blocking Stripe cookies will prevent purchases.

3.3 Analytics Cookies (Google Tag Manager & Google Analytics)

Provider: Google LLC

Purpose: Tag management and website usage analytics

Type: Performance/Analytics (non-essential)

Duration: Varies by cookie (see below)

Google Tag Manager (GTM):

GTM is a tag management system that loads and manages analytics tools (like Google Analytics) based on your consent. GTM itself does not set cookies but coordinates when other tools can run.

Google Analytics Cookies (managed via GTM):

• _ga - Distinguishes unique users (Expires: 2 years)
• _ga_<container-id> - Persists session state (Expires: 2 years)
• _gid - Distinguishes users (Expires: 24 hours)
• _gat - Throttle request rate (Expires: 1 minute)

Data Collected: Pages visited, time on site, traffic source, device information, geographic location (country/city level), browser type

Legal Basis: Consent (GDPR Article 6(1)(a)) and legitimate interest in improving service (Article 6(1)(f))

Privacy Policies: Google Privacy Policy | GTM Use Policy

Can You Disable It? Yes - via our cookie banner or by installing the Google Analytics Opt-out Add-on

4. URL Parameters

We use URL parameters to track payment status after you return from Stripe:

• ?success=true - Indicates successful payment
• ?fantasy=true - Indicates Fantasy Set purchase
• ?canceled=true - Indicates canceled payment

These parameters are automatically removed from your browser's address bar after processing.

Legal Basis: Necessary for contract performance

5. Server Logs

Our hosting provider (Vercel) automatically collects server logs containing:

• IP address
• Browser type and version
• Operating system
• Referral URL
• Date and time of access
• Requested pages

Purpose: Security, troubleshooting, and service improvement

Retention: 90 days

Legal Basis: Legitimate interest in maintaining service security and performance (GDPR Article 6(1)(f))

6. Cookie Categories

Under EU cookie laws (ePrivacy Directive), cookies are categorized as follows:

7. Do We Need Your Consent?

YES - Cookie consent IS required for analytics.

Strictly Necessary Cookies: Do not require consent

• Local storage for payment processing
• Stripe payment cookies

Analytics Cookies (Google Tag Manager & Google Analytics): Require explicit consent

• Not strictly necessary for service operation
• Used to improve user experience
• Under GDPR and ePrivacy Directive, you must consent before these cookies are set
• Managed via GTM Consent Mode v2 for GDPR compliance
• You can accept or decline via our cookie banner
• You can withdraw consent at any time

How We Obtain Consent: When you first visit our website, you'll see a cookie banner asking for your consent. Google Tag Manager sets default consent states to "denied" and only loads analytics tools if you click "Accept Analytics" or "Accept All". This ensures GDPR compliance through Google's Consent Mode v2 framework.

8. How to Manage Cookies and Storage

8.1 Browser Settings

You can control cookies through your browser settings. However, disabling cookies may prevent you from using certain features (especially payment processing).

Browser-specific instructions:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

8.2 Clear Local Storage

To manually clear local storage:

1. Open your browser's Developer Tools (F12 or Ctrl+Shift+I)
2. Go to the "Application" or "Storage" tab
3. Find "Local Storage" in the sidebar
4. Clear entries for the Innerself website

Note: Local storage used for payment processing is automatically cleared after successful payment.

8.3 Do Not Track (DNT)

We respect the "Do Not Track" browser setting. However, since we don't use tracking technologies, this setting doesn't change our behavior.

9. Third-Party Services

We use the following third-party services that may set their own cookies:

Note: OpenAI and Google Gemini process data via API calls but do not set cookies on our website.

10. International Data Transfers

Stripe and Vercel may transfer data internationally. For EEA users, these transfers are protected by:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions (where applicable)
• Other GDPR-compliant safeguards

11. Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly set cookies or collect data from children.

12. Changes to This Cookie Policy

We may update this Cookie Policy to reflect changes in our practices or legal requirements. Changes will be effective immediately upon posting. The "Last Updated" date will be revised.

If we introduce new types of cookies that require consent, we will implement a consent mechanism before deploying them.

13. Contact Us

If you have questions about our use of cookies or tracking technologies, please see the contact information at the top of this page.

14. Summary: What You Need to Know