Cookie Policy

This Cookie Policy explains how ZEOUR LTD ("we", "us") uses cookies and similar technologies on our Feedback Portal. It explains what these technologies are, why we use them, and how you can control them.

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners.

How We Use Cookies

We use strictly necessary cookies to provide secure core functionality (such as authentication and CSRF protection) and to remember basic UI preferences. We only set analytics or marketing cookies if you provide consent via the cookie banner. As of today, we do not load any third‑party analytics or marketing cookies by default.

Cookies We Set

• cookie-consent (first‑party) — stores your cookie preferences (categories consented, version, timestamp). Legal basis: consent (UK GDPR Art. 6(1)(a)). Retention: up to 12 months.
• csrf-token (first‑party, HttpOnly) — protects forms against cross‑site request forgery. Legal basis: legitimate interests in ensuring security (Art. 6(1)(f)). Retention: session.
• auth-token (first‑party, HttpOnly) — maintains authenticated admin sessions. Legal basis: contract/legitimate interests (Art. 6(1)(b)/(f)). Retention: ~12 hours.
• sidebar_state (first‑party) — remembers UI sidebar open/close preference. Legal basis: legitimate interests in a usable interface (Art. 6(1)(f)). Retention: ~7 days.
• Bot protection tokens (third‑party: Cloudflare Turnstile or hCaptcha) — set only after you enable non‑essential cookies; used to prove you are human before submitting feedback or DSAR requests. Legal basis: consent (Art. 6(1)(a)) + legitimate interests in preventing abuse. Retention: typically minutes to 1 day per provider policy.

Cookie Categories

• Strictly necessary — required for the site to function securely. Always active.
• Security/Bot protection — Cloudflare Turnstile or hCaptcha to stop automated abuse; requires opt‑in.
• Analytics — measure usage to improve the product. Only used if you opt in (currently disabled).
• Marketing — personalize content and measure campaigns. Only used if you opt in (currently disabled).

Note: At present, no analytics or marketing tools are loaded by default. If we enable them in the future, we will update this policy and the cookie banner so you can provide or withhold consent. Bot challenges only load after you consent to non‑essential cookies; if you decline, you can still request data via privacy@zeour.co.uk.

Where Consent Is Stored

When you save preferences we record them in both the cookie-consent cookie and in localStorage using the same schema (version, categories, timestamp). Clear both storage locations (or use the “Cookie settings” button) if you want to withdraw consent.

Managing Your Preferences

• Use the cookie banner controls or click “Cookie settings” in the footer to accept all, reject non‑essential, or save category preferences.
• You can withdraw consent at any time by updating your preferences via “Cookie settings”.
• You can also block or delete cookies in your browser settings. Doing so may impact site functionality.

International Transfers

Cloudflare Turnstile and hCaptcha may process limited telemetry (e.g., IP, user agent) outside the UK/EEA. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place before any transfer occurs.

Your Rights

Under UK GDPR/EEA GDPR, you have rights including access, rectification, deletion, restriction, objection, and data portability. See our Privacy Policy for details on how to exercise your rights.

Changes to This Policy

We may update this Cookie Policy from time to time. We will update the banner and this page to reflect material changes.

Contact

Controller: ZEOUR LTD. Data protection contact: privacy@zeour.co.uk