Cookie Policy
Effective Date: 2026-02-20
Last Updated: 2026-02-20
Provider: Seriauth Limited ("Airygen," the "Company," "we," "us," or "our")
Contact: [email protected]
This Cookie Policy explains how the Company uses cookies and similar tracking technologies (including Local Storage, Session Storage, pixels, SDKs, and tags) in connection with our website, applications, and related services (collectively, the "Services").
This Policy forms an integral part of our Privacy Policy. In the event of any inconsistency between this Cookie Policy and the Privacy Policy with respect to cookies and similar technologies, this Cookie Policy shall prevail.
1. What Are Cookies
Cookies are small text files stored on your device by websites. Cookies may be used to recognize a browser, remember preferences, maintain login state, analyze traffic, and measure performance.
We may also use other technologies with similar functions (such as SDKs, pixels, and Local Storage). For purposes of this Policy, these are collectively referred to as "Cookies."
2. Purposes of Cookie Use
We use Cookies for the following purposes:
- Essential functionality: to support core operation of the Services (e.g., login authentication, security protection, load balancing, language settings, and form state persistence).
- Preferences: to remember your selected language, display preferences, and operating options.
- Analytics and performance: to understand traffic sources, page usage, and feature performance in order to improve service quality.
- Marketing and advertising (where applicable): to measure campaign effectiveness, deliver/limit ad exposure, and support affiliate/referral attribution.
3. Cookie Categories and Legal Basis
We may use the following categories of Cookies:
Strictly Necessary Cookies
- Purpose: to provide functions that are indispensable to delivering services explicitly requested by the user and to core security/operational integrity.
- Consent requirement: generally exempt from prior consent where applicable law provides a "strictly necessary" exception.
- Subsequent personal data processing (if applicable): processed under the legal bases set out in the Privacy Policy, including performance of contract, legitimate interests, legal obligation, or other lawful basis.
Functional Cookies
- Purpose: to remember preferences and improve user experience.
- Consent requirement: prior consent is required in jurisdictions that mandate consent (e.g., EU/UK); other jurisdictions are handled in accordance with applicable law.
Analytics Cookies
- Purpose: statistics, performance analytics, and error diagnostics.
- Consent requirement: prior consent is required in jurisdictions that mandate consent (e.g., EU/UK). Where a specific jurisdiction provides a narrow low-risk measurement exemption, it may apply only where all statutory conditions are fully satisfied.
Marketing Cookies (if any)
- Purpose: advertising measurement, remarketing, and conversion tracking.
- Consent requirement: prior consent is required in jurisdictions that mandate consent (e.g., EU/UK).
Note: Actual categories enabled may vary based on your location, applicable law, and current service deployment.
4. Third-Party Cookies
We may use Cookies set by third-party service providers (e.g., analytics, identity verification, payments, customer support, or marketing tools).
We disclose the relevant third-party provider name (or service type), purpose, retention period, and policy link (where applicable) in the Cookie Inventory appendix to this Policy.
Such third parties may process data under their own privacy policies. We provide required notices and maintain corresponding data-sharing and governance arrangements in accordance with applicable law.
5. Cookie Retention Periods
Cookies may be categorized as follows:
- Session Cookies: expire when you close your browser.
- Persistent Cookies: remain until their expiration date or until manually deleted.
Specific retention periods are set to what is reasonable and necessary, taking into account functional purpose and legal requirements.
6. Your Choices and Controls
You may manage Cookies through the following mechanisms:
- Prior consent and default state (where applicable): In jurisdictions that require consent (e.g., EU/UK), we do not set any non-essential Cookies/tracking technologies before consent is obtained. Non-essential categories are disabled by default, and we do not use pre-ticked boxes or equivalent mechanisms. Refusal of non-essential Cookies should not impair core service availability, except where a specific feature is inherently dependent on such technologies.
- Cookie preference center: You may enable or disable non-essential Cookie categories in the website Cookie settings panel.
- Browser settings: You may refuse, block, or delete Cookies via browser controls.
- Withdrawal of consent: You may withdraw prior consent for non-essential Cookies at any time; upon withdrawal, we will cease relevant processing within a reasonable period and remove related identifiers where feasible.
- Consent records: We retain Cookie preference/consent records for an appropriate period (e.g., consent timestamp, consent categories, policy version, and pseudonymous identifier) to meet legal and audit requirements.
Please note that disabling certain Cookies may affect functionality (for example, login persistence, preference memory, or specific interactive features).
7. Do Not Track (DNT)
Some browsers provide a "Do Not Track" (DNT) signal. Because no uniform technical standard currently exists, our response to DNT signals may vary depending on service functionality and legal requirements.
8. Personal Data Protection and Cross-Border Transfers
Data collected through Cookies may constitute personal data or otherwise identifiable information.
We process such data in accordance with the Privacy Policy and applicable law, including appropriate security measures, third-party governance, and (where applicable) safeguards for cross-border transfers.
9. Children and Minors
The Services are not intended for individuals under 18 years of age. If you believe a minor has provided data without appropriate authorization, please contact us and we will handle the matter in accordance with applicable law.
10. Policy Changes
We may amend this Policy due to legal/regulatory changes, technical updates, or operational requirements.
Material changes will be notified through website notice or other appropriate means. Continued use of the Services after changes take effect constitutes acknowledgement of the updated Policy.
11. Contact Us
If you have any questions regarding this Cookie Policy, or wish to exercise rights relating to personal data, please contact:
[email protected]
12. Cookie Inventory (Appendix)
Inventory Date: 2026-02-20
The following inventory reflects Cookies/similar tracking technologies currently used by the Services. Actual values may change due to deployment environment, regional legal requirements, A/B testing, or third-party tool configuration.
bff_access
| Field | Value |
|---|---|
| Category | Strictly Necessary |
| Primary Purpose | Login authentication (Access Token) |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (server-configured TTL) |
| Technology Type | Cookie (HttpOnly) |
| Personal Data / Identifiable Info | Yes (JWT contains user identifiers) |
| Set Before Consent | Y |
| Activation Condition | After user login |
| Third-Party Policy | N/A |
bff_refresh
| Field | Value |
|---|---|
| Category | Strictly Necessary |
| Primary Purpose | Session renewal (Refresh Token) |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (server-configured TTL) |
| Technology Type | Cookie (HttpOnly) |
| Personal Data / Identifiable Info | Yes (JWT contains user identifiers) |
| Set Before Consent | Y |
| Activation Condition | After user login |
| Third-Party Policy | N/A |
bff_auth_ts
| Field | Value |
|---|---|
| Category | Strictly Necessary |
| Primary Purpose | Front-end auth status hint |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (aligned with refresh cycle) |
| Technology Type | Cookie |
| Personal Data / Identifiable Info | No (timestamp only) |
| Set Before Consent | Y |
| Activation Condition | After user login |
| Third-Party Policy | N/A |
bff_lang
| Field | Value |
|---|---|
| Category | Functional |
| Primary Purpose | Language preference |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (30 days) |
| Technology Type | Cookie |
| Personal Data / Identifiable Info | No (locale code only) |
| Set Before Consent | Y |
| Activation Condition | Language switch or middleware sync |
| Third-Party Policy | N/A |
bff_toc_collapse
| Field | Value |
|---|---|
| Category | Functional |
| Primary Purpose | Stores the documentation table-of-contents collapse preference |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (365 days) |
| Technology Type | Cookie |
| Personal Data / Identifiable Info | No (UI preference only) |
| Set Before Consent | Y |
| Activation Condition | Set when the user toggles the documentation table of contents |
| Third-Party Policy | N/A |
bff_cookie_consent
| Field | Value |
|---|---|
| Category | Strictly Necessary (Consent Management) |
| Primary Purpose | Stores consent preferences and policy version |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (180 days or until changed/withdrawn) |
| Technology Type | Local Storage |
| Personal Data / Identifiable Info | Potentially (preferences, timestamp, version) |
| Set Before Consent | Y |
| Activation Condition | First consent or preference update |
| Third-Party Policy | N/A |
bff_ag_ctx
| Field | Value |
|---|---|
| Category | Marketing (Attribution) |
| Primary Purpose | Affiliate/referral attribution |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (30 days) |
| Technology Type | Cookie |
| Personal Data / Identifiable Info | Potentially (code may indirectly link to an account) |
| Set Before Consent | N (in consent-required jurisdictions) |
| Activation Condition | EU/UK: prior marketing consent required; other regions per applicable law |
| Third-Party Policy | N/A |
bff_ag_context
| Field | Value |
|---|---|
| Category | Marketing (Attribution) |
| Primary Purpose | Stores referral code and expiry metadata |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (30 days) |
| Technology Type | Local Storage |
| Personal Data / Identifiable Info | Potentially (referral code) |
| Set Before Consent | N (in consent-required jurisdictions) |
| Activation Condition | EU/UK: prior marketing consent required; other regions per applicable law |
| Third-Party Policy | N/A |
bff_ag_tracked_*
| Field | Value |
|---|---|
| Category | Marketing (Attribution) |
| Primary Purpose | Prevents duplicate attribution/tracking |
| Provider/Domain | First-party (Airygen) |
| Retention Period | Persistent (30 days) |
| Technology Type | Local Storage |
| Personal Data / Identifiable Info | Potentially (contains user-linkable identifier fragments) |
| Set Before Consent | N (in consent-required jurisdictions) |
| Activation Condition | EU/UK: prior marketing consent required; other regions per applicable law |
| Third-Party Policy | N/A |
_ga, _gid, _gat (if enabled)
| Field | Value |
|---|---|
| Category | Analytics |
| Primary Purpose | Traffic and performance analytics |
| Provider/Domain | Third-party (Google) |
| Retention Period | Session / Persistent (per third-party policy) |
| Technology Type | Cookie |
| Personal Data / Identifiable Info | Potentially (online identifiers) |
| Set Before Consent | N |
| Activation Condition | Prior analytics consent required |
| Third-Party Policy | Google Privacy Policy |
_gcl_* (if enabled)
| Field | Value |
|---|---|
| Category | Marketing |
| Primary Purpose | Ad attribution and conversion measurement |
| Provider/Domain | Third-party (Google) |
| Retention Period | Session / Persistent (per third-party policy) |
| Technology Type | Cookie |
| Personal Data / Identifiable Info | Potentially (online identifiers) |
| Set Before Consent | N |
| Activation Condition | Prior marketing consent required |
| Third-Party Policy | Google Privacy Policy |
Additional Notes:
- Third-party cookies (including Google-related cookies) are enabled only after valid consent is obtained in jurisdictions that require consent.
- bff_access and bff_refresh are HttpOnly and cannot be read by front-end JavaScript.
- This appendix lists principal items only. If new vendors or tools are introduced, this appendix will be updated accordingly.