Section 01
About this Cookie Policy
Effective: 10 May 2026
This Cookie Policy explains how SeqoraVault Ltd ("SeqoraVault", "we", "us", "our") uses cookies and similar technologies on the website at seqoravault.co.uk and within the SeqoraVault mobile applications (together, our "Services").
It should be read alongside our Privacy Statement, which describes how we handle personal data more broadly. Where this Cookie Policy refers to specific personal-data practices, the Privacy Statement governs.
SeqoraVault is a global service, rolling out in sequenced phases. Our Phase 1 launch markets are the United Kingdom and Nigeria, with further markets following on our published expansion roadmap. This policy currently reflects the legal frameworks applicable to those markets, principally the UK Privacy and Electronic Communications Regulations 2003 (PECR), UK GDPR, and the Nigeria Data Protection Act 2023.
As we open new markets, we will update this policy to reflect any additional or differing requirements (for example, EU GDPR, the California Privacy Rights Act, or Brazil's LGPD), and we will notify you of any material change before it takes effect.
Section 02
What is a cookie?
A cookie is a small text file placed on your device when you visit a website. Cookies let the site remember things about you between visits or pages. For example, that you are logged in or that you have already accepted the cookie banner.
Types of cookies
- Session cookies are deleted automatically when you close your browser. They typically support log-in sessions or short-lived security tokens.
- Persistent cookies remain on your device for a set period (anything from hours to years), or until you delete them. They remember things across visits, like your language preference.
- First-party cookies are set by SeqoraVault directly.
- Third-party cookies are set by another organisation (for example a payment processor or a security provider) acting under our instructions.
"Similar technologies"
PECR and the ICO treat any technology that stores or accesses information on your device the same way as cookies. In our Services this also covers:
- Local storage and session storage in your browser
- Mobile SDK identifiers (e.g. push-notification tokens, crash-reporting identifiers)
- Web beacons and pixel tags (we do not currently use any)
In plain English
Cookies and similar tools aren't inherently bad. Some are essential for the site to work. The key question is which ones you actually need, and which categories you let in by default. Our answer to both is: as few as possible.
Section 03
Our commitment
Many of our customers are choosing SeqoraVault precisely because they're uncomfortable with how the wider web tracks them. We've built our cookie practices around that. Here's what we publicly commit to never doing on our Services:
Our Commitment
We will not, ever:
- Use third-party advertising or marketing cookies (no Meta Pixel, no Google Ads, no LinkedIn Insight, no TikTok Pixel)
- Run cross-site tracking, remarketing, or behavioural-advertising profiles
- Sell, rent, or share cookie data with data brokers or ad networks
- Use third-party social-media tracking widgets that load before consent
- Use "cookie walls" that block access unless you accept optional cookies
- Pre-tick consent boxes or default optional cookies to "on"
If we ever needed to change any of these commitments (for instance, if our business model evolved) we would notify users in advance, update this policy, and re-request consent. We would not change this quietly.
Section 04
Cookies on our website
The tables below list every category of cookie we use on seqoravault.co.uk, what each is for, who provides it, and how long it lasts.
Strictly necessary
These cookies are essential for the website and the SeqoraVault product to function. Without them, the service cannot operate securely. They do not require your consent under PECR.
| Cookie / token | Purpose | Provider | Duration |
|---|---|---|---|
| cookie_consent | Records your cookie preferences so the banner doesn't reappear on every visit | SeqoraVault | 12 months |
| __Host-session | Maintains your authenticated session and protects against session-fixation attacks | SeqoraVault | Session |
| csrf_token | Protects forms and account actions from cross-site request forgery | SeqoraVault | Session |
| Cognito ID / access tokens | Securely identifies you across the app once you've signed in | AWS Cognito | 1 hour to 30 days (refreshed) |
| AWSALB / AWSALBCORS | Routes your requests to the correct application server (load balancing) | Amazon Web Services | 7 days |
| CloudFront cookies | Delivers website content from the closest edge location and applies WAF protection | Amazon Web Services | Session |
| __stripe_mid / __stripe_sid | Fraud prevention during payment processing (only set when you reach a checkout flow) | Stripe Payments | 1 year / 30 minutes |
Functional preferences
These store your preferences so the site behaves the way you expect it to. They're not strictly required but are not used to track you.
| Cookie | Purpose | Provider | Duration |
|---|---|---|---|
| theme | Remembers your light/dark mode preference | SeqoraVault | 12 months |
| language | Remembers your chosen language | SeqoraVault | 12 months |
| region | Remembers your country or region for content localisation | SeqoraVault | 12 months |
Performance & error monitoring (optional)
These help us spot bugs and crashes so we can fix them quickly. They only run after you consent.
| Cookie / identifier | Purpose | Provider | Duration |
|---|---|---|---|
| Sentry session ID | Identifies the session that produced an error report so engineers can reproduce and fix bugs | Functional Software, Inc. (Sentry) | 30 days |
Analytics (optional)
We use Plausible Analytics, a privacy-first analytics tool. Plausible doesn't use traditional persistent cookies and doesn't track you across sites. It generates anonymous, aggregated statistics about page views. No personal profile is created.
| Identifier | Purpose | Provider | Duration |
|---|---|---|---|
| Daily anonymous hash | Aggregated, non-identifying counts of unique daily visitors and page views | Plausible Insights OÜ | 24 hours (rotates daily) |
Section 05
Mobile app technologies
Similar technologies in our mobile apps
Our iOS and Android apps don't use browser cookies, but they do use functionally equivalent technologies that PECR and UK GDPR treat the same way. Here's the full list:
| Identifier / SDK | Purpose | Provider | Status |
|---|---|---|---|
| Push notification token (APNs / FCM) | Delivers heartbeat reminders, security alerts, and release-workflow notifications | Apple / Google | Essential when enabled |
| Authentication tokens (secure storage) | Maintains your signed-in state on the device | AWS Cognito | Essential |
| Sentry React Native SDK | Crash and error reporting to help us fix app bugs | Functional Software, Inc. | Optional |
| Plausible mobile beacon | Anonymous, aggregated usage analytics for the app | Plausible Insights OÜ | Optional |
| IDFA / Android Advertising ID | Mobile advertising identifier | n/a | Not collected |
| Meta / Google Ads SDKs | Ad attribution and conversion tracking | n/a | Not used |
In plain English
We deliberately don't collect mobile advertising identifiers (IDFA on iOS, AAID on Android). When the app first launches, you'll be asked to set permissions for push notifications and crash reporting separately. You can change them at any time in your device settings.
Section 06
Third-party processors
A small number of providers help us deliver the Services. They act as data processors on our behalf, under written agreements that bind them to UK GDPR / NDPA standards.
| Provider | What they do | Where data is processed |
|---|---|---|
| Amazon Web Services | Hosting, content delivery (CloudFront), web application firewall, authentication (Cognito) | United Kingdom (eu-west-2) primary; EU regions for failover |
| Stripe Payments Europe Ltd | Payment processing and fraud prevention | Ireland and United States (under EU SCCs) |
| Functional Software, Inc. (Sentry) | Error and crash monitoring | United States (under SCCs / UK IDTA) |
| Plausible Insights OÜ | Privacy-first website analytics | European Union (Estonia) |
Where any provider transfers data outside the UK, we use the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or NDPC SCCs as appropriate. Full details are in our Privacy Statement.
Section 07
How we get your consent
When you first visit seqoravault.co.uk you'll see a cookie banner with three options:
- Accept all: enables strictly necessary, functional, performance and analytics cookies.
- Reject optional: leaves only strictly necessary and functional cookies in place. The site will work normally.
- Manage preferences: lets you turn individual categories on or off.
No optional cookies run before you make a choice. You can revisit your preferences at any time using the "Cookie settings" link in the website footer.
In plain English
Withdrawing consent is just as easy as giving it. Open the cookie settings, switch off what you no longer want, and the corresponding cookies are deleted on your next page load.
Section 08
Managing cookies in your browser
Beyond our own cookie banner, you can manage or delete cookies directly through your browser. Most browsers also let you block all cookies, though this may break sites that rely on essential cookies.
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Settings → Privacy
- Firefox: Settings → Privacy & Security
- Edge: Settings → Cookies and site permissions
We also honour the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a withdrawal of consent for optional cookies.
For an independent guide to cookies and how to manage them, the ICO maintains useful guidance at ico.org.uk/your-data-matters/online.
Section 09
Changes to this policy
We'll update this policy whenever we change which cookies we use. For example, if we add a new processor or remove an existing one. The "Effective" date at the top will reflect the most recent revision.
For any material change, such as adding a new category of cookie or a new third-party provider, we'll notify you and re-request consent before the change takes effect.
Section 10
Contact us
Questions about this Cookie Policy or your choices? Reach us via our contact page.
After resetting, choose Accept all, Reject optional, or Manage preferences when the banner appears.
