Cookie Policy
[DATA] token before going live. The cookie declaration table must match your CMP banner categories exactly. Analytics cookies require consent — do not fire GA before the user accepts. See file header for DUA Act 2025 implications and the CMP installation checklist.Key Points — the short version
- 🍪We use cookies and similar tracking technologies on https://orvexcore.com. This policy explains exactly what we use, why, and how to control it.
- ✅Strictly necessary cookies are always active — they keep the site working. All other cookies (analytics, marketing) are only set after you give explicit consent via our cookie banner.
- 🔧You can change your cookie preferences at any time using the link in our footer.
- 📊Analytics cookies (Google Analytics) are only placed with your consent. Disabling them does not affect your use of the platform, though it limits our ability to improve the site.
- ⚠️The Data (Use and Access) Act 2025 raised maximum cookie-related fines to £17.5 million. We take our cookie obligations seriously and review this policy with each site update.
2. Legal Basis
Cookie use on [NAME] is governed by three UK laws working together:
- Privacy and Electronic Communications Regulations 2003 (PECR):the primary UK cookie law. Requires informed, specific, and explicit consent before placing any non-essential cookie. “Legitimate interests” does not apply to cookies under PECR — consent is the only valid basis for non-necessary cookies.
- UK GDPR and Data Protection Act 2018: applies where cookies process personal data (which most non-essential cookies do). Sets the standard for valid consent: freely given, specific, informed, unambiguous, and as easy to withdraw as to give.
- Data Use and Access Act 2025 (DUA Act): raised maximum PECR fines to £17.5 million or 4% of global turnover. Introduced new exemptions for analytics and user preferences cookies — but these are not yet in force. Until commencement, all existing PECR consent rules apply. See Section 11.
For visitors from EU/EEA countries, the EU ePrivacy Directive and EU GDPR apply alongside (or instead of) UK law, and these require consent for non-essential cookies in all cases.
Our consent mechanism: we use Termly as our Consent Management Platform (CMP). No non-essential cookies are set before you interact with our cookie banner. Your consent choices are recorded and stored for 12 months.
3. Cookie Categories
We group cookies into four categories. Only Strictly Necessary cookies are active without your consent.
Essential for the website to function. These include session authentication, CSRF protection, payment processing security, and the cookie consent record itself. You cannot opt out of these cookies without disrupting core site functionality. No consent is required for this category under PECR.
Remember your preferences (such as dark/light mode) across sessions. Disabling them does not break the site but means your preferences will reset each visit. Require consent under PECR.
Help us understand how visitors use our website by collecting anonymised data about page views, session duration, and navigation paths (Google Analytics 4 with IP anonymisation). No personal data is linked to an identifiable individual. Require consent under PECR — these cookies are not set until you accept.
Used to show relevant advertisements on other platforms (Facebook, LinkedIn) and to measure the effectiveness of our ad campaigns. These cookies track activity across websites and require explicit consent. Disabling them will not reduce the number of ads you see — only their relevance.
4. Cookie Declaration Table
The following table lists all cookies known to be set on [NAME] as of June 26, 2026. Run a cookie scan after any site update to keep this list current. Third-party providers may add or rename cookies without notice.
Want to change your preferences right now?
| Cookie name | Provider | Category | Expiry | Purpose |
|---|---|---|---|---|
| __Secure-next-auth.session-token | [NAME] (Next.js / NextAuth) | Necessary | Session / 30 days | Authenticates your login session. Without it, you cannot stay logged into the platform. |
| next-auth.csrf-token | [NAME] (Next.js / NextAuth) | Necessary | Session | Prevents cross-site request forgery (CSRF) attacks. Required for form submissions. |
| __cf_bm | Cloudflare | Necessary | 30 minutes | Bot management and DDoS protection. Required for site security. |
| cf_clearance | Cloudflare | Necessary | 30 minutes – 24 hours | Records when a visitor has passed a Cloudflare security challenge. |
| __stripe_mid | Stripe Inc. | Necessary | 1 year | Required for payment processing functionality. Detects fraud during checkout. |
| __stripe_sid | Stripe Inc. | Necessary | Session (30 minutes) | Required for Stripe payment session management. |
| termly-uuid | Termly ([NAME] CMP) | Necessary | 12 months | Records your cookie consent preferences so the banner does not appear on every page. |
| pp_theme | [NAME] | Functional | 12 months | Stores your dark/light mode preference across sessions. |
| _ga | Google Analytics (Google LLC) | Analytics | 2 years | Distinguishes unique website visitors by assigning a randomly generated ID. Used to calculate visitor, session, and campaign data. |
| _ga_[MEASUREMENT_ID] | Google Analytics (Google LLC) | Analytics | 2 years | Stores and counts pageviews for Google Analytics 4 reporting. |
| _gid | Google Analytics (Google LLC) | Analytics | 24 hours | Distinguishes website users. Expires quickly to enable day-level session reporting. |
| _gat | Google Analytics (Google LLC) | Analytics | 1 minute | Throttles request rate to Google Analytics servers to limit traffic on high-volume sites. |
| _fbp | Meta (Facebook Pixel) | Marketing | 90 days | Used by Facebook to deliver advertising, measure ad effectiveness, and build retargeting audiences across Meta platforms. |
| li_gc | LinkedIn (Microsoft) | Marketing | 6 months | Stores consent state for LinkedIn cookies on the current domain. |
| bcookie | LinkedIn (Microsoft) | Marketing | 1 year | Browser ID cookie used by LinkedIn to track usage of its embedded services and advertising. |
Last scanned: June 26, 2026. Third-party providers may add or change cookies without notice. We conduct cookie scans with every site deployment.
5. Third-Party Cookies & Services
Several third-party services embedded in our website may set their own cookies. These are outside our direct control and are governed by the privacy policies of the respective providers:
- Google Analytics (Google LLC): policies.google.com/privacy
- Stripe Inc. (payments): stripe.com/gb/privacy
- Cloudflare Inc. (security & CDN): cloudflare.com/privacypolicy
- Termly (consent management): termly.io/legal/privacy-policy
- Meta Platforms Inc. (Facebook Pixel): facebook.com/privacy/policy — only active if you consent to Marketing cookies.
- Microsoft / LinkedIn: privacy.microsoft.com — only active if you consent to Marketing cookies.
- Discord Inc. (embedded community widgets, if applicable): discord.com/privacy
We enter into Data Processing Agreements with all third-party providers that process personal data on our behalf under UK GDPR Article 28.
6. Analytics Cookies
We use Google Analytics 4 to understand how visitors interact with our website. This helps us improve content, navigation, and the overall learning experience.
What Google Analytics collects: anonymised usage data including page views, session duration, device type, browser, approximate country-level location, and traffic source. It does not collect your name, email address, or any data that could directly identify you.
IP anonymisation: we have enabled IP anonymisation in our Google Analytics configuration. The final octet of your IP address is masked before any data is stored by Google.
Data processing location:Google Analytics data is processed in the US by Google LLC, under the EU-US Data Privacy Framework (which also covers the UK Extension). See Google's Data Processing Amendment for details.
Consent requirement: Google Analytics cookies are only set after you explicitly accept Analytics cookies via our cookie banner. If you decline, no GA cookies are set and no analytics data is collected about your visit.
Opt out at any time: use the panel in our footer, or install the Google Analytics Opt-out Browser Add-on.
7. Marketing & Advertising Cookies
Marketing cookies enable us to show relevant advertisements on third-party platforms (Facebook, Instagram, LinkedIn) and to understand which ad campaigns are driving traffic to our site. They work by tracking your activity across different websites.
Marketing cookies we use: Facebook Pixel (_fbp) and LinkedIn Insight Tag (bcookie, li_gc) — only active after you consent to Marketing cookies. See the declaration table in Section 4.
What happens if you decline: you will not see [NAME] advertisements on Facebook, Instagram, or LinkedIn that are targeted to previous visitors. You may still see our ads but they will be less relevant.
Industry opt-out tools: you can opt out of targeted advertising through these industry platforms:
8. Managing Your Preferences
You can change your cookie preferences at any time in two ways:
- Cookie Settings panel: or use the “Cookie Settings” link in our footer. This opens the Termly preference centre where you can toggle individual cookie categories on or off.
- Browser settings: see Section 9 for browser-level instructions.
Withdrawal of consent: withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal. After withdrawal, the relevant cookies will be removed from your device on your next page load, and no new data will be collected under those categories.
Strictly Necessary cookies cannot be disabled via our consent panel. Disabling them via your browser may cause the site to malfunction, prevent you from logging in, or stop payments from processing correctly.
9. Browser-Level Opt-Out
You can also manage cookies at the browser level. Note that blocking cookies through your browser may affect the functionality of this and other websites:
- Google Chrome: support.google.com/chrome/answer/95647
- Mozilla Firefox: support.mozilla.org — cookies and website preferences
- Apple Safari: support.apple.com — manage cookies in Safari
- Microsoft Edge: support.microsoft.com — delete cookies in Edge
For mobile devices, manage cookies through your browser's or device's privacy/settings menu. iOS users can also use Settings → Safari → Privacy & Security.
Browser-level cookie blocking overrides our consent platform settings. If you block all cookies at the browser level, some strictly necessary cookies will also be blocked, which may prevent login and payment functionality.
10. Consent Records
Under UK GDPR and PECR, we are required to maintain records of cookie consent. We do this through our Termly CMP, which records:
- the date and time of consent;
- the version of the cookie banner shown at the time;
- the categories consented to (or declined);
- a unique consent ID (stored in the
termly-uuidcookie).
Consent records are retained for 3 years and are available to the ICO on request. If you have a question about your specific consent record, contact [LEGAL_EMAIL_ADDRESS] with your termly-uuidvalue (found in your browser's cookies for [NAME]).
Consent expiry: your cookie consent preferences are stored for 12 months. After this period, you will be asked to confirm your preferences again.
11. Data Use and Access Act 2025 Update
The Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025. This is the most significant change to UK cookie law since PECR was first enacted. Here is what it means for [NAME]:
- Increased fines (in force now): maximum PECR fines are now aligned with UK GDPR — up to £17.5 million or 4% of global annual turnover, whichever is higher. The previous cap was £500,000. This makes PECR compliance a board-level risk for any organisation.
- New cookie exemptions (NOT YET IN FORCE): the DUA Act introduces three new categories of cookies that may be exempt from consent requirements: (1) statistical/analytics purposes; (2) user preferences; and (3) security/fraud detection. However, these exemptions are narrow and the ICO commencement guidance has not yet been published. Until commencement, existing PECR consent rules continue to apply in full.
- Complaints handling procedure (in force 19 June 2026): we are required to have a documented, formal data protection complaints procedure. Contact[LEGAL_EMAIL_ADDRESS] for all cookie-related complaints.
We monitor ICO guidance updates at ico.org.uk and will update our cookie practices as new provisions come into force. Check the “Last Updated” date at the top of this page for the most recent revision.
For EU/EEA visitors: the DUA Act applies to UK law only. EU residents remain subject to the EU ePrivacy Directive and EU GDPR, which continue to require consent for non-essential cookies including analytics. Our consent banner applies the stricter EU standard to all visitors globally.
12. Policy Updates
We update this Cookie Policy:
- after every site deployment that may introduce new cookies or tracking technologies;
- when third-party providers change their cookie practices;
- when UK or EU law changes in a way that affects our cookie obligations;
- at minimum, every six months alongside our Privacy Policy review.
Material changes will be signalled by an updated cookie banner that re-requests your consent. The “Last Updated” date at the top of this page shows when content last changed.
Previous versions of this policy are available on request by emailing [LEGAL_EMAIL_ADDRESS]with the subject line ”Cookie Policy Version History“.
13. Contact
For questions about our use of cookies, to request a copy of your consent record, or to report a cookie compliance concern:
$[NAME] Ltd
Privacy & cookies: [LEGAL_EMAIL_ADDRESS]
ICO registration: {ICO Reg No.}
We aim to respond to cookie enquiries within 5 business days. If you believe our cookie practices are non-compliant, you may also report to the ICO at ico.org.uk/make-a-complaint.
Want to change your preferences?
You can update your cookie consent at any time — no account needed.
Related policies
![[NAME] Logo](/_next/image?url=%2Fassets%2Fimages%2Fcandles.webp&w=3840&q=75)