Cookie Policy
Version: 1.3 · Last updated: 22 May 2026 · Effective: 22 May 2026 · Regulation: Privacy and Electronic Communications Regulations 2003 (PECR) + UK GDPR
We never store health data in cookies. Your biomarkers, test results, wearable data and Overall Status live in our encrypted Firestore database, never in a cookie or local-storage entry on your device.
1. What are cookies?
Cookies are small text files that are placed on your device (computer, phone, or tablet) when you visit a website. They are widely used to make websites work more efficiently, remember your preferences, and provide information to the website owner.
Similar technologies include local storage, session storage, and pixel tags. When we refer to “cookies” in this policy, we mean all of these technologies.
2. How we use cookies
We use cookies on our website (omniwo.com) and dashboard (omniwo.web.app) for the purposes described below. We categorise cookies into four groups: strictly necessary, functional, analytics, and marketing.
2.1 Strictly necessary cookies
These cookies are essential for the website to function. They cannot be disabled.
| Cookie | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
__session | Firebase Auth | Maintains your login session on the dashboard | Session | First-party |
firebase:authUser | Firebase Auth | Stores authentication state for single-page app | Session | First-party |
__stripe_mid | Stripe | Fraud prevention during checkout | 1 year | Third-party |
__stripe_sid | Stripe | Checkout session identification | 30 minutes | Third-party |
csrf_token | Omniwo | Cross-site request forgery protection | Session | First-party |
owCookieConsent | Omniwo | Remembers your cookie preferences (stored in browser localStorage) | Until cleared | First-party (localStorage) |
| Sentry error context | Sentry (Functional Software, Inc.) | Error monitoring on the dashboard — collects browser context, stack traces, and a Sentry session identifier when an error occurs. Health data and PII are stripped before transmission. No cross-site tracking. | Session | Third-party (dashboard only) |
Legal basis: These cookies and storage entries are exempt from consent under PECR Regulation 6(4) because they are strictly necessary for the service you have requested. Sentry runs under legitimate interest (UK GDPR Art. 6(1)(f)) for security and service-availability monitoring of the authenticated dashboard.
2.2 Functional cookies
These cookies remember your preferences and enhance your experience. They are set only with your consent.
| Cookie | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
locale | Omniwo | Remembers your language/locale preference | 1 year | First-party |
ui_prefs | Omniwo | Stores UI preferences (e.g., sidebar collapsed state) | 1 year | First-party |
wearable_state | Omniwo | Remembers which wearable connection view to show | Session | First-party |
Legal basis: Consent (PECR Regulation 6).
2.3 Analytics cookies
These cookies help us understand how visitors use our website. All analytics data is anonymised — we never include health data, biomarker values, or personal health information in analytics.
| Cookie | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
_ga | Google Analytics 4 | Distinguishes unique visitors (anonymised) | 2 years | Third-party |
_ga_[ID] | Google Analytics 4 | Maintains session state | 2 years | Third-party |
_gid | Google Analytics 4 | Distinguishes visitors within 24h | 24 hours | Third-party |
_clck | Microsoft Clarity | Stores a unique user ID for website analytics and heatmaps | 1 year | Third-party |
_clsk | Microsoft Clarity | Connects multiple page views into a single session recording | 1 day | Third-party |
CLID | Microsoft Clarity | Identifies the first-time Clarity saw this user | 1 year | Third-party |
ANONCHK | Microsoft Clarity | Indicates whether MUID is transferred to ANID (used for ads) | Session | Third-party |
MR | Microsoft Clarity | Checks whether to refresh MUID | Session | Third-party |
MUID | Microsoft Clarity | Identifies unique web browsers visiting Microsoft sites; used for analytics | 1 year | Third-party |
SM | Microsoft Clarity | Used in synchronising the MUID across Microsoft domains | Session | Third-party |
What we track: Page views, session duration, device type, browser, general location (city level).
What we NEVER track: Health data, biomarker values, test results, wearable data, personal identifiers.
IP anonymisation: Google Analytics is configured with IP anonymisation enabled. Your full IP address is never stored.
Legal basis: Consent (PECR Regulation 6).
2.4 Marketing cookies
These cookies are used only if you have opted in to marketing communications. They help us measure the effectiveness of our marketing campaigns.
| Cookie | Provider | Purpose | Duration | Status |
|---|---|---|---|---|
_gcl_au | Google Ads | Conversion attribution for paid campaigns | 90 days | Active on marketing site |
__kla_id | Klaviyo | Email campaign engagement — only set if you submit your email to our newsletter | 2 years | Set only on newsletter sign-up |
_fbp | Meta Pixel | Measures ad performance | 90 days | Not active at launch (planned) |
Note: Meta Pixel is not active at launch. Google Ads conversion tracking is active on the marketing site (omniwo.com) and fires only after you give marketing consent on the cookie banner. Klaviyo only sets a cookie if you submit your email address to our newsletter form.
Legal basis: Explicit consent (PECR Regulation 6).
3. Third-party cookies
Some cookies are set by third-party services that appear on our pages. We do not control these cookies. Please refer to the relevant third party’s privacy policy for more information:
| Provider | Privacy Policy |
|---|---|
| Google Analytics & Google Ads | policies.google.com/privacy |
| Microsoft Clarity | privacy.microsoft.com/en-us/privacystatement |
| Stripe | stripe.com/privacy |
| Klaviyo | klaviyo.com/legal/privacy |
| Sentry (Functional Software, Inc.) | sentry.io/privacy |
| Firebase / Google Cloud | firebase.google.com/support/privacy |
4. Cookie consent management
First visit
When you first visit omniwo.com, you will see a cookie consent banner asking for your preferences. You can:
- Accept all cookies — enables all categories
- Reject non-essential cookies — only strictly necessary cookies remain active
- Manage preferences — choose which categories to enable/disable
Changing your preferences
You can change your cookie preferences at any time by:
- Clearing your browser’s site data for omniwo.com — the cookie banner will reappear on your next visit
- Emailing privacy@omniwo.com with your preference change
A one-click “Manage Cookies” link in the footer is on our roadmap and will be added shortly after launch.
What happens when you reject cookies
If you reject non-essential cookies:
- Analytics: Google Analytics and Microsoft Clarity will not record your visit
- Marketing: Google Ads conversion tracking will not fire; no marketing cookies will be set
- Functional: Your UI preferences may not be remembered between visits
- Strictly necessary: These will still function (required for log-in, checkout, and core service to work)
Your cookie preferences are stored in your browser’s localStorage under the key owCookieConsent. This entry persists until you clear your browser data; it is not a traditional cookie and has no fixed expiry.
5. Health data & cookies
We never store health data in cookies.
Your blood test results, biomarker values, health insights, wearable data, Overall Status, and any other health-related information are stored exclusively in Firestore — our secure, encrypted database hosted on Google Cloud Platform in the UK.
Cookies contain only technical identifiers (session tokens, preference flags, analytics identifiers). No cookie on our site will ever contain your health information.
6. How to disable cookies in your browser
You can also control cookies through your browser settings. Here’s how:
| Browser | Instructions |
|---|---|
| Chrome | Settings → Privacy and Security → Cookies and other site data |
| Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Safari | Preferences → Privacy → Manage Website Data |
| Edge | Settings → Cookies and site permissions → Manage and delete cookies |
| iOS Safari | Settings → Safari → Clear History and Website Data |
Note: Blocking all cookies may prevent you from logging in to your dashboard or completing checkout.
7. Do Not Track and Global Privacy Control
Some browsers send a Global Privacy Control (GPC) signal or the legacy “Do Not Track” (DNT) header to indicate that you do not wish to be tracked across sites. Omniwo honours both signals automatically.
On your first visit, if your browser sends a GPC signal (navigator.globalPrivacyControl === true) or a DNT signal (navigator.doNotTrack === '1'), we default your analytics and marketing cookie preferences to denied without showing the cookie banner. Only strictly-necessary cookies are set.
You can override this at any time via the Cookie Settings link in the footer — for example, to opt in to analytics or marketing on a specific device. Your explicit choice is remembered for that browser and takes precedence over GPC/DNT on subsequent visits.
Because there is no universally-agreed standard for these signals, our interpretation may differ from other sites. If you have questions about how a specific browser, extension, or device-level setting interacts with our cookie banner, contact privacy@omniwo.com.
8. Changes to this policy
We may update this Cookie Policy from time to time. When we make changes:
- We will update the “Last updated” date at the top of this page
- For significant changes, we will reset your cookie preferences and ask for new consent
- Previous versions are available on request
9. Contact us
If you have questions about our use of cookies:
| Method | Details |
|---|---|
| privacy@omniwo.com | |
| Post | Data Protection, Omniwo Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ |
For broader privacy concerns, please see our Privacy Policy.