Cookie Policy
Last Updated: April 22, 2025
1. Scope and Purpose
This Cookie Policy ("Policy") explains how apurikotto ("Voyay", "we", "us" or "our") and our partners deploy cookies and comparable tracking technologies (collectively, "Cookies") on:
- voyay.app and any sub‑domains;
- our mobile applications;
- marketing e‑mails and embeds that link to or reference this Policy.
It also describes your choices regarding these technologies and refers you to additional resources. This Policy forms part of our Privacy Notice, which describes more broadly how we handle personal data.
2. Key Definitions
| Term | Meaning |
|---|---|
| Cookie | A small text file placed on a device that stores information. This Policy also covers HTML5 local storage, SDK storage, tracking pixels, device fingerprinting, server‑side tag‑based tracking and any "information stored in or accessed from a user's terminal equipment" within the meaning of Article 5(3) of the EU e‑Privacy Directive. |
| First‑party Cookie | Set directly by Voyay. |
| Third‑party Cookie | Set by domains that are not controlled by Voyay and that enable third‑party features (e.g., analytics, advertising). |
| Session Cookie | Expires when you close your browser or app. |
| Persistent Cookie | Remains until its scheduled expiry date or until you delete it. |
3. Legal Bases and Regulatory Framework
Voyay is headquartered in the Netherlands and primarily relies on:
- Consent under Article 6(1)(a) GDPR and Article 5(3) e‑Privacy Directive for any non‑essential Cookies;
- Legitimate Interests under Article 6(1)(f) GDPR for strictly necessary Cookies that enable core functionality (e.g., load balancing, authentication, security);
- The California Consumer Privacy Act (as amended by the CPRA), which requires we give California residents the right to opt‑out of the "sale" or "sharing" of personal information via cross‑context behavioural advertising Cookies. We honour browser‑based Global Privacy Control (GPC) signals as a valid opt‑out;
- Other local laws, such as Brazil's LGPD and Canada's PIPEDA, as applicable.
4. What Cookies Do We Use and Why?
Below is a non‑exhaustive list of the main Cookies we use. Because the specific names and lifetimes of Cookies may change as we improve our service, the most accurate list is available at any time through our in‑product Cookie Settings panel.
| Category | Cookie Name | Provider / Domain | Purpose | Duration |
|---|---|---|---|---|
| Analytics | _ga, _ga_XXXX | Google Analytics 4 (google.com) | Measures site usage, aggregates metrics, limits request rate. IP addresses are truncated in the EEA. | 13 months |
Third‑party Cookies. When you accept these Cookies, the providers listed above may combine the information they collect with other data they hold and may transfer it outside your jurisdiction (e.g., the United States). For details, refer to the respective privacy policies of each provider.
5. Consent Management
We employ a consent‑management platform (CMP) that:
- Presents an explicit, granular choice on first visit, with "Accept All", "Reject All" and "Manage Settings" given equal prominence;
- Records proof of consent (date/time, preference string, user agent, IP truncated to /24) in an encrypted log retained for 13 months (in line with CNIL guidance);
- Re‑presents the banner at least every 12 months or whenever we materially change the set of non‑essential Cookies;
- Respects the Do Not Track header (where supported) and Global Privacy Control (GPC) signal by automatically disabling non‑essential Cookies;
- Allows you to withdraw consent at any time via the Cookie Settings link in the footer or app settings.
6. How You Can Control or Delete Cookies
- Browser Settings – You may set your browser to block or delete Cookies. Instructions: Firefox, Chrome, Safari, Edge, Opera.
- Mobile App Settings – Use your device settings (e.g., "Limit Ad Tracking" on iOS, "Opt‑out of Ads Personalization" on Android).
- Platform Opt‑outs – Google Analytics (https://tools.google.com/dlpage/gaoptout), Meta Ad Preferences, Network Advertising Initiative (NAI) opt‑out, Digital Advertising Alliance (DAA) choices.
- GPC / DNT – We treat the Global Privacy Control signal or equivalent Do Not Track headers as a valid request to opt‑out of any "sale" or "sharing" of personal information.
Note that blocking Cookies may affect site functionality.
7. Retention of Cookie Data
Cookie data are retained only for as long as necessary to fulfil the purposes described above. Aggregated analytics data are retained for 24 months, after which they are deleted or de‑identified.
8. International Transfers
Where Cookie data are transferred outside the EEA/UK, we rely on:
- Adequacy decisions (e.g., EU–US Data Privacy Framework for Google diagnostics);
- EU Standard Contractual Clauses (SCCs) with additional transfer‑impact assessments;
- Any supplementary measures recommended by the EDPB.
9. Security Practices
We implement TLS encryption in transit, AES‑256 encryption at rest, strict Content Security Policy (CSP), Subresource Integrity (SRI), and regular security reviews of our tag‑manager containers to prevent unauthorised injection of third‑party scripts.
10. Your Rights
Depending on where you reside, you may have the right to:
- Access, rectify or erase personal data collected via Cookies;
- Restrict or object to processing;
- Port data to another controller;
- Opt‑out of the sale or sharing of personal information (California);
- Lodge a complaint with a supervisory authority (e.g., the Dutch Data Protection Authority, Autoriteit Persoonsgegevens).
Please see our Privacy Notice for full details.
11. Children's Privacy
Voyay does not knowingly place non‑essential Cookies on users under 16 in the EEA/UK (or 13 in the United States). Where age is known or reasonably assumed, we will suppress any profiling Cookies by default.
12. Updates to This Policy
We will post any changes on this page and, where appropriate, provide more prominent notice (e.g., via banner or email). If we make material changes, we will obtain your consent again where required by law.
13. Contact Us
Email: hello@voyay.app