Cookie Policy

1. What Are Cookies?

Cookies are small text files placed on your device by a website when you visit it. They allow the website to recognise your device on subsequent visits, remember your preferences, and provide core functionality such as keeping you logged in.

Similar technologies — including local storage, session storage, and pixel tags — may also be used for equivalent purposes. Where we refer to “cookies” in this policy, we mean all such technologies unless stated otherwise.

2. Categories of Cookies We Use

2.1 Strictly Necessary Cookies

These cookies are essential to operate the platform. Without them, core features — such as logging in, maintaining your session, and navigating between pages — would not function. These cookies cannot be disabled.

• next-auth.session-token — stores your encrypted authentication session so you remain logged in as you navigate the platform. Expires at the end of your browser session or after 30 days if “Remember me” is selected.
• next-auth.csrf-token — a cross-site request forgery protection token generated per browser session to prevent malicious third-party requests.
• next-auth.callback-url — stores the URL to redirect you to after login. Temporary, cleared after use.

2.2 Functional Cookies

Functional cookies remember your preferences and settings to provide a more personalised experience. Disabling them may affect certain conveniences but will not prevent you from using the platform.

• telova_theme — stores your selected UI theme preference (e.g. dark mode). Expires after 12 months.
• telova_sidebar — remembers whether the sidebar is expanded or collapsed. Expires after 12 months.
• telova_workspace — remembers the last workspace you accessed so you are returned there on next login. Expires after 30 days.

2.3 Analytics Cookies

We use analytics to understand how the platform is used — which features are accessed most, where users encounter friction, and how to prioritise improvements. This data is aggregated and anonymised wherever possible.

• Sentry — we use Sentry for error monitoring. Sentry may set a session-scoped identifier to group related error events. No personal data is included in error reports unless you explicitly provide it in a support request. Data is stored within the EU.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers.

2.4 Security Cookies

These cookies help protect the platform and our users from abuse and unauthorised access.

• __cf_bm — if Cloudflare is active on a request, this cookie distinguishes between legitimate user traffic and automated bots. Expires after 30 minutes.
• telova_rate_limit — a server-side token used to enforce rate limits on sensitive actions such as login attempts and PIN verification. Cleared after the rate limit window.

3. Cookies Set by Third Parties

Some functionality on Telova involves third-party services that may set their own cookies. We have no control over these cookies, and they are governed by the respective provider’s privacy policy.

• AWS CloudFront — if you access signed media content via CloudFront, AWS may set cookies to authenticate your access to private media files. These are functional and expire with the signed URL.
• Payment provider — during checkout and billing flows, our payment provider may set cookies to protect against fraud and enable payment processing. You will be directed to that provider’s cookie information at the point of payment.

We regularly review our third-party integrations to minimise unnecessary data sharing.

4. What We Do Not Do

We are explicit about the following:

• We do not use cookies for behavioural advertising or retargeting
• We do not sell data derived from cookies to third parties
• We do not use cross-site tracking or fingerprinting techniques
• We do not share cookie data with social media platforms

5. Your Consent

Strictly necessary cookies are placed automatically as they are essential to the service. For all other categories of cookies, we request your consent when you first visit the platform. You may withdraw or update your consent at any time via the Cookie Preferences option in the platform footer or account settings.

Where you have not provided consent for a category of cookies, we will not set those cookies. Note that withdrawing consent for functional cookies may affect personalisation features.

6. Managing Cookies in Your Browser

You can control cookies directly through your browser settings. Most browsers allow you to view, block, or delete cookies. The links below explain how to manage cookies in the most common browsers:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge

Please note that blocking or deleting strictly necessary cookies will prevent you from logging in and using core platform features.

7. Cookie Retention Summary

• Session cookies — deleted when you close your browser
• Persistent functional cookies — retained for up to 12 months
• Authentication session cookies — up to 30 days if “Remember me” is active; otherwise session-scoped
• Security / rate-limit cookies — retained for the duration of the applicable window (typically 15–60 minutes)

8. Changes to This Policy

We may update this Cookie Policy as we add new features, change our service providers, or in response to changes in applicable law. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you via the platform or email.

9. Contact Us

If you have questions about how we use cookies or wish to exercise your rights under data protection law:

• Email: privacy@telova.io
• Website: telova.io