Phaltronith.world

Signal governance

Cookie Policy

Articulated for · Companion to our Privacy Charter

Definitions harmonised with ePrivacy thinking

For this Policy, “cookies” encompass HTTP cookies, HTML5 local storage, session storage, server-set flags, software development kits embedded in tags, and pixel GIFs that recognise returning browsers. “Similar technologies” include ultrasonic beacons only if explicitly deployed—with none presently active on phaltronith.world.

The ePrivacy Directive (2002/58/EC), as amended, informs our approach even as national telecom laws evolve toward a European Electronic Communications Code alignment.

Why disciplined signalling matters

Cookies can remember laudable things—language, accessibility contrasts, cart continuity—but also enable longitudinal tracking. We document each purpose, default duration, and corporate recipient before activation, mirroring Accountability under GDPR Article 5(2).

Strictly necessary cookies do not require advance consent under the ePrivacy exemption for communication transmission; nevertheless, we disclose them transparently.

Consent architecture on the Xavico estate

Your first visit surfaces a triad of choices:

  • Accept all enables optional analytics and marketing tiers alongside necessary storage.
  • Reject leaves only what is essential to render secure pages and memorise your refusal.
  • Cookie settings opens a glassmorphism modal with granular switches mirrored in localStorage under the key xavico_cookie_prefs.

Withdrawal equals giving fresh instructions through the same modal after clearing site data, or emailing us for manual resets when browsers malfunction.

Necessary storage inventory

  • Consent ledger: persists twelve months to prove which banner version you saw.
  • Load balancers: short-lived session affinity tokens stripped at connection close.
  • Security: CSRF or nonce cookies rotated per sensitive POST.
  • Accessibility overlays: if enabled, stores contrast mode only until session end.

Legal basis: Article 6(1)(f) GDPR legitimate interests in secure, faithful service delivery.

Optional analytics constellation

When you opt in, we may deploy privacy-forward analytics capturing aggregated paths, scroll depth bands, and JavaScript error fingerprints—not keystroke biometrics. Retention aligns with vendor defaults capped at thirteen months unless shortened by data-minimisation reviews.

Legal basis: Article 6(1)(a) consent.

Optional marketing choreography

Pixels may attribute creative variants to outcomes, frequency-cap exposures, or build hashed custom audiences uploaded through platforms requiring contractual GDPR roles. No psychographic modelling occurs on-site today; any future change would trigger a refreshed consent string.

Legal basis: Article 6(1)(a) consent.

Processors, subprocessors, and transparency updates

Third-party tags execute within sandboxed containers where feasible. Subprocessor lists rotate with infrastructure tenders; you may request the contemporary schedule via email. Transfers outside the EEA rely on modules described in our Privacy Policy.

Browser-native levers

Every major browser ships cookie-clearing workflows. Blocking all cookies may break continuity features. Consult official documentation for Safari Intelligent Tracking Prevention, Firefox Total Cookie Protection, Chrome Privacy Sandbox summaries, or Edge tracking prevention tiers.

Global Privacy Control & Do Not Track

We monitor emerging standards such as the Global Privacy Control signal. Until interoperable frameworks stabilise, our banner remains the authoritative consent surface. Legacy “DNT” headers lack uniform legal effect and are treated as advisory.

Direct correspondence

Questions about this Cookie Policy may be directed to question@phaltronith.world or in writing to Leppävaarankatu 3 9, 02600 Espoo, Finland.