Legal

Cookie Policy

This policy lists every cookie and local-storage key Zerqano sets, explains exactly why each one exists, how long it persists, and how you can control or delete it.

Last updated: 2026-05-25Effective: 2026-05-25UK PECR · EU ePrivacy · GDPR Art. 5(1)(b)

Essential cookies

Always active

Analytics

Consent-gated

Third-party ads

None — zero

Review cycle

Annual minimum

1. What are cookies?

A cookie is a small text file that a website stores on your device when you visit. Cookies help the site remember preferences, keep you authenticated, and measure how the platform is used.

Zerqano also uses localStorage — a browser-based key/value store — for cosmetic preferences (theme, font) that persist across sessions without being transmitted to the server on every request. The same consent principles apply.

Under the UK Privacy and Electronic Communications Regulations (PECR), the EU ePrivacy Directive, and GDPR Article 5(1)(b) (purpose limitation), we must obtain informed consent before setting any non-essential technology. Consent is collected through our cookie banner shown on your first visit and can be withdrawn at any time.

Our cookie commitments

No advertising or cross-site tracking cookies — ever.

Analytics only initialise after you grant consent.

We honour Do Not Track and Global Privacy Control signals.

Functional preferences stay on your device — never sent to our servers.

2. Cookies & storage keys we set

The following table is a complete inventory of every cookie and local-storage key set by Zerqano. We do not set any undisclosed tracking technologies.

NameTypeCategoryPurposeDuration
sb-access-tokenCookieEssentialSupabase JWT — authenticates every API request and keeps you signed in. HttpOnly, Secure, SameSite=Lax.Session
sb-refresh-tokenCookieEssentialSupabase refresh token — silently re-issues access tokens without requiring re-login. HttpOnly, Secure.7 days
zerqano_cookie_consent_v1localStorageEssentialStores your consent decision (accepted / rejected categories). Re-shows the banner if cleared.1 year
zerqano-public-themelocalStorageFunctionalRemembers your colour theme (default / vivid / dark / ink). Never transmitted to servers.Persistent
zerqano-public-fontlocalStorageFunctionalRemembers your font mode (Techno / Editorial) on public pages. Never transmitted to servers.Persistent
ph_*CookieAnalyticsPostHog first-party analytics — anonymous page-view and feature-usage events. Set only after analytics consent. No DOM scraping or session replay.1 year
__cfruidCookieSecurityCloudflare bot-protection session identifier. Distinguishes legitimate users from automated traffic.Session

We do not use Google Analytics, Facebook Pixel, or any cross-site tracking technologies. We do not sell or share cookie-derived data with data brokers or advertising networks.

3. Essential & functional cookies

These cannot be disabled

Essential and security cookies are strictly necessary for the Service to function. Under PECR Regulation 6(4) and the EU ePrivacy Directive, these do not require consent — they are activated solely in response to your explicit request for a service. Zerqano does not use essential cookies for any purpose other than delivering the requested Service.

Authentication cookies (sb-access-token, sb-refresh-token) are issued by our Supabase back-end when you sign in. They are marked HttpOnly, Secure, and SameSite=Lax — these attributes prevent CSRF attacks and ensure credentials are never exposed to JavaScript running on the page. Clearing them signs you out immediately.

Functional localStorage keys (zerqano-public-theme, zerqano-public-font) record your display preferences on public pages. This data is entirely local — it is never sent in HTTP requests and never reaches our servers. Clearing it resets the page to its default theme and font.

4. Analytics & performance cookies

We use PostHog (self-hosted, first-party analytics) to understand how visitors navigate the platform and which features are used most. PostHog is configured with the following privacy settings:

  • No DOM scraping. We do not capture text from form fields, inputs, or content areas.
  • No session replay. Mouse movements, scrolling behaviour, and keystrokes are never recorded.
  • IP anonymisation. IP addresses are truncated to /24 precision and deleted after 90 days.
  • Consent-gated initialisation. PostHog only loads after you have explicitly accepted analytics cookies via our banner.
  • First-party only. Analytics data is stored on our own infrastructure — never shared with advertising networks.

We do not use Google Analytics, Facebook Pixel, or any other cross-site analytics or behavioural tracking service on zerqano.com.

5. Do Not Track & Global Privacy Control

We honour the browser-level Do Not Track (DNT) signal. When your browser sends a DNT: 1 header, our analytics provider (PostHog) is not initialised regardless of any prior consent — effectively treating DNT as a withdrawal of optional analytics consent for that session.

We also support the Global Privacy Control (GPC) signal (see globalprivacycontrol.org), treating a GPC:1 header as an opt-out of analytics tracking and any data sharing, consistent with CCPA/CPRA requirements for California residents.

6. Managing cookies

Cookie consent banner

Re-open the consent panel by clearing site data in your browser (Settings → Clear browsing data → Cookies). Your next visit will prompt a fresh choice.

Browser cookie settings

Block, delete, or restrict cookies via your browser settings. Note: blocking essential cookies will prevent you from signing in.

Clear localStorage

Open DevTools → Application → Local Storage → zerqano.com, then delete the preference keys. Theme and font will reset to default.

PostHog opt-out

Reject analytics cookies via the banner, or email privacy@zerqano.com to request deletion of analytics data linked to your account.

Browser-specific instructions:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data
  • Brave: Settings → Privacy and security → Cookies and other site data

7. Policy changes

We will update this Cookie Policy if we add new cookies, change our analytics provider, or if applicable law requires. For material changes — such as adding a new analytics vendor or changing consent mechanisms — we will announce the update via the cookie consent banner on your next visit and, where appropriate, by email to registered users. The “Last updated” date at the top of this page always reflects the most recent revision.

8. Contact

For questions about this Cookie Policy, to withdraw consent, or to request deletion of analytics data associated with your account:

Email: privacy@zerqano.com

Subject line: “Cookie Policy Enquiry” or “Analytics Opt-Out Request”

Response time: Within 5 business days.

Document information

Document: Zerqano Cookie Policy

Version: 1.1.0

Effective: 2026-05-25

Applicable law: UK PECR · EU ePrivacy

Language: English (governing)

Privacy contacts

Privacy & cookies: privacy@zerqano.com

General legal: legal@zerqano.com

Security reports: security@zerqano.com

This Cookie Policy was last reviewed on 2026-05-25. Zerqano reviews cookie use at least annually and upon adding new analytics technologies or changing consent mechanisms. Historic versions are available on request from privacy@zerqano.com. Where a conflict exists between this English-language version and any translation, this English version prevails.