Key Points — the short version

  • 🍪We use cookies and similar tracking technologies on https://orvexcore.com. This policy explains exactly what we use, why, and how to control it.
  • Strictly necessary cookies are always active — they keep the site working. All other cookies (analytics, marketing) are only set after you give explicit consent via our cookie banner.
  • 🔧You can change your cookie preferences at any time using the link in our footer.
  • 📊Analytics cookies (Google Analytics) are only placed with your consent. Disabling them does not affect your use of the platform, though it limits our ability to improve the site.
  • ⚠️The Data (Use and Access) Act 2025 raised maximum cookie-related fines to £17.5 million. We take our cookie obligations seriously and review this policy with each site update.

1. What Are Cookies

Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They allow the site to recognise your device on subsequent visits and remember information about your preferences or actions.

In addition to traditional cookies, this policy covers other similar technologies that store or access information on your device, including:

  • Pixel tags / web beacons: tiny transparent images embedded in web pages or emails that register whether a page was viewed or an email was opened;
  • Local storage: browser storage that persists after a session ends, used for performance caching and user preferences;
  • Session storage: like local storage but cleared when the browser tab is closed;
  • Tags and scripts: code snippets injected by third-party platforms (analytics, advertising) that may set cookies on their own domains.

Cookies may be first-party (set by [NAME] directly) or third-party (set by third-party services embedded in our site, such as Google Analytics or Stripe). Both types are covered by this policy.

Cookies may be session cookies (deleted when you close your browser) or persistent cookies (stored for a defined period after you close your browser, up to the expiry shown in the table in Section 4).

3. Cookie Categories

We group cookies into four categories. Only Strictly Necessary cookies are active without your consent.

Strictly Necessary

Essential for the website to function. These include session authentication, CSRF protection, payment processing security, and the cookie consent record itself. You cannot opt out of these cookies without disrupting core site functionality. No consent is required for this category under PECR.

Functional

Remember your preferences (such as dark/light mode) across sessions. Disabling them does not break the site but means your preferences will reset each visit. Require consent under PECR.

Analytics

Help us understand how visitors use our website by collecting anonymised data about page views, session duration, and navigation paths (Google Analytics 4 with IP anonymisation). No personal data is linked to an identifiable individual. Require consent under PECR — these cookies are not set until you accept.

Marketing

Used to show relevant advertisements on other platforms (Facebook, LinkedIn) and to measure the effectiveness of our ad campaigns. These cookies track activity across websites and require explicit consent. Disabling them will not reduce the number of ads you see — only their relevance.

4. Cookie Declaration Table

The following table lists all cookies known to be set on [NAME] as of June 26, 2026. Run a cookie scan after any site update to keep this list current. Third-party providers may add or rename cookies without notice.

Want to change your preferences right now?

Cookie nameProviderCategoryExpiryPurpose
__Secure-next-auth.session-token[NAME] (Next.js / NextAuth)NecessarySession / 30 daysAuthenticates your login session. Without it, you cannot stay logged into the platform.
next-auth.csrf-token[NAME] (Next.js / NextAuth)NecessarySessionPrevents cross-site request forgery (CSRF) attacks. Required for form submissions.
__cf_bmCloudflareNecessary30 minutesBot management and DDoS protection. Required for site security.
cf_clearanceCloudflareNecessary30 minutes – 24 hoursRecords when a visitor has passed a Cloudflare security challenge.
__stripe_midStripe Inc.Necessary1 yearRequired for payment processing functionality. Detects fraud during checkout.
__stripe_sidStripe Inc.NecessarySession (30 minutes)Required for Stripe payment session management.
termly-uuidTermly ([NAME] CMP)Necessary12 monthsRecords your cookie consent preferences so the banner does not appear on every page.
pp_theme[NAME]Functional12 monthsStores your dark/light mode preference across sessions.
_gaGoogle Analytics (Google LLC)Analytics2 yearsDistinguishes unique website visitors by assigning a randomly generated ID. Used to calculate visitor, session, and campaign data.
_ga_[MEASUREMENT_ID]Google Analytics (Google LLC)Analytics2 yearsStores and counts pageviews for Google Analytics 4 reporting.
_gidGoogle Analytics (Google LLC)Analytics24 hoursDistinguishes website users. Expires quickly to enable day-level session reporting.
_gatGoogle Analytics (Google LLC)Analytics1 minuteThrottles request rate to Google Analytics servers to limit traffic on high-volume sites.
_fbpMeta (Facebook Pixel)Marketing90 daysUsed by Facebook to deliver advertising, measure ad effectiveness, and build retargeting audiences across Meta platforms.
li_gcLinkedIn (Microsoft)Marketing6 monthsStores consent state for LinkedIn cookies on the current domain.
bcookieLinkedIn (Microsoft)Marketing1 yearBrowser ID cookie used by LinkedIn to track usage of its embedded services and advertising.

Last scanned: June 26, 2026. Third-party providers may add or change cookies without notice. We conduct cookie scans with every site deployment.

5. Third-Party Cookies & Services

Several third-party services embedded in our website may set their own cookies. These are outside our direct control and are governed by the privacy policies of the respective providers:

We enter into Data Processing Agreements with all third-party providers that process personal data on our behalf under UK GDPR Article 28.

6. Analytics Cookies

We use Google Analytics 4 to understand how visitors interact with our website. This helps us improve content, navigation, and the overall learning experience.

What Google Analytics collects: anonymised usage data including page views, session duration, device type, browser, approximate country-level location, and traffic source. It does not collect your name, email address, or any data that could directly identify you.

IP anonymisation: we have enabled IP anonymisation in our Google Analytics configuration. The final octet of your IP address is masked before any data is stored by Google.

Data processing location:Google Analytics data is processed in the US by Google LLC, under the EU-US Data Privacy Framework (which also covers the UK Extension). See Google's Data Processing Amendment for details.

Consent requirement: Google Analytics cookies are only set after you explicitly accept Analytics cookies via our cookie banner. If you decline, no GA cookies are set and no analytics data is collected about your visit.

Opt out at any time: use the panel in our footer, or install the Google Analytics Opt-out Browser Add-on.

7. Marketing & Advertising Cookies

Marketing cookies enable us to show relevant advertisements on third-party platforms (Facebook, Instagram, LinkedIn) and to understand which ad campaigns are driving traffic to our site. They work by tracking your activity across different websites.

Marketing cookies we use: Facebook Pixel (_fbp) and LinkedIn Insight Tag (bcookie, li_gc) — only active after you consent to Marketing cookies. See the declaration table in Section 4.

What happens if you decline: you will not see [NAME] advertisements on Facebook, Instagram, or LinkedIn that are targeted to previous visitors. You may still see our ads but they will be less relevant.

Industry opt-out tools: you can opt out of targeted advertising through these industry platforms:

8. Managing Your Preferences

You can change your cookie preferences at any time in two ways:

  • Cookie Settings panel: or use the “Cookie Settings” link in our footer. This opens the Termly preference centre where you can toggle individual cookie categories on or off.
  • Browser settings: see Section 9 for browser-level instructions.

Withdrawal of consent: withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal. After withdrawal, the relevant cookies will be removed from your device on your next page load, and no new data will be collected under those categories.

Strictly Necessary cookies cannot be disabled via our consent panel. Disabling them via your browser may cause the site to malfunction, prevent you from logging in, or stop payments from processing correctly.

9. Browser-Level Opt-Out

You can also manage cookies at the browser level. Note that blocking cookies through your browser may affect the functionality of this and other websites:

For mobile devices, manage cookies through your browser's or device's privacy/settings menu. iOS users can also use Settings → Safari → Privacy & Security.

Browser-level cookie blocking overrides our consent platform settings. If you block all cookies at the browser level, some strictly necessary cookies will also be blocked, which may prevent login and payment functionality.

11. Data Use and Access Act 2025 Update

The Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025. This is the most significant change to UK cookie law since PECR was first enacted. Here is what it means for [NAME]:

  • Increased fines (in force now): maximum PECR fines are now aligned with UK GDPR — up to £17.5 million or 4% of global annual turnover, whichever is higher. The previous cap was £500,000. This makes PECR compliance a board-level risk for any organisation.
  • New cookie exemptions (NOT YET IN FORCE): the DUA Act introduces three new categories of cookies that may be exempt from consent requirements: (1) statistical/analytics purposes; (2) user preferences; and (3) security/fraud detection. However, these exemptions are narrow and the ICO commencement guidance has not yet been published. Until commencement, existing PECR consent rules continue to apply in full.
  • Complaints handling procedure (in force 19 June 2026): we are required to have a documented, formal data protection complaints procedure. Contact[LEGAL_EMAIL_ADDRESS] for all cookie-related complaints.

We monitor ICO guidance updates at ico.org.uk and will update our cookie practices as new provisions come into force. Check the “Last Updated” date at the top of this page for the most recent revision.

For EU/EEA visitors: the DUA Act applies to UK law only. EU residents remain subject to the EU ePrivacy Directive and EU GDPR, which continue to require consent for non-essential cookies including analytics. Our consent banner applies the stricter EU standard to all visitors globally.

12. Policy Updates

We update this Cookie Policy:

  • after every site deployment that may introduce new cookies or tracking technologies;
  • when third-party providers change their cookie practices;
  • when UK or EU law changes in a way that affects our cookie obligations;
  • at minimum, every six months alongside our Privacy Policy review.

Material changes will be signalled by an updated cookie banner that re-requests your consent. The “Last Updated” date at the top of this page shows when content last changed.

Previous versions of this policy are available on request by emailing [LEGAL_EMAIL_ADDRESS]with the subject line ”Cookie Policy Version History“.

13. Contact

For questions about our use of cookies, to request a copy of your consent record, or to report a cookie compliance concern:

$[NAME] Ltd

Privacy & cookies: [LEGAL_EMAIL_ADDRESS]

ICO registration: {ICO Reg No.}

We aim to respond to cookie enquiries within 5 business days. If you believe our cookie practices are non-compliant, you may also report to the ICO at ico.org.uk/make-a-complaint.

Want to change your preferences?

You can update your cookie consent at any time — no account needed.