Cookie Policy Cevera
Updated 03/26
This standalone Cookie Policy explains how and why Cevera (“we” or “our”) uses cookies on
our web-based platform. It applies to all visitors and users (registered or not) of the Cevera
website. We are committed to transparency and legal compliance with relevant data protection
laws, including UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law), the
EU General Data Protection Regulation (GDPR), and the Philippines Data Privacy Act of 2012.
1. WHAT ARE COOKIES?
2. Cookies are small text files stored on your device when you visit websites. They serve
various purposes, like keeping you logged in, remembering your preferences, or securing
the site. Some cookies are essential for a website’s core functionality, while others are
optional and help improve your experience. Under data protection laws, cookies
(especially those that can identify individuals) are treated as personal data, meaning their
use must have a lawful basis (e.g. your consent for non-essential cookies or necessity for
service). We do not use any advertising or third-party cookies on Cevera only a minimal
set of first-party cookies needed for our platform’s limited functions.
TYPES OF COOKIES WE USE
2.1 We use two categories of cookies on Cevera: Necessary Cookies and a Preference
Cookie. Below we explain each type, its purpose, and whether it is essential or optional:
Necessary Cookies (Essential for Website Functionality)
These cookies are strictly necessary for the platform to function securely and properly.
They are placed in response to your requests or actions on the site (such as logging in or
setting preferences). Because they are essential for providing the service you expect, they
do not require your consent and cannot be disabled. (However, you may still block them
via browser settings, though parts of the site would then not work.) We use the following
necessary cookies:
2.1.1. shadow_token – Security/Session Cookie. This cookie stores an authentication
token or similar identifier to ensure secure communication between the web app
and our server. It helps verify your identity and maintain a secure session while
you browse Cevera. Without it, you would not be able to log in or access certain
secure features. This cookie contains no personal profile information it’s used
only to maintain security and is typically a session cookie that expires when you
log out or close your browser. Why it’s necessary: It protects your account and
data by preventing unauthorized access and ensuring requests to our servers are
authentic. Because it is essential for account security and basic functionality, we
set this cookie by default as you use our site.
2.2.
2.1.2. cookie_registry – Preferences Storage Cookie. This cookie saves your cookie
preferences (i.e. whether you accepted or declined our optional cookies) and
records that choice for future visits. It ensures that once you set your cookie
options, the site remembers them so you aren’t repeatedly asked. Why it’s
necessary: Storing your consent decision is required for compliance and user
convenience. In fact, setting this cookie is considered strictly necessary because
it’s essentially an action you’ve requested – namely, to remember your cookie
settings. This cookie does not track you; it only contains a record of your consent
or preference selection. We treat it as an essential cookie since it’s critical to
honor your choices and meet legal requirements (without it, we couldn’t reliably
respect your cookie opt-in/opt-out status).
According to privacy laws, we may set necessary cookies like the above without asking
for explicit consent, but we still want you to know what they do and why we use them.
These cookies do not collect personal data beyond what’s needed for their function, and
they are used only for the purposes stated.
Preference Cookie (Functional – Optional)
We use one optional cookie to enhance your experience on Cevera. This cookie is not
essential for basic operation of the site, so it will only be set if you consent to it via our
cookie banner or settings. If you choose not to allow it, Cevera will still work normally
and you will have access to all services (you just might need to manually reposition your
scroll or lose that bit of convenience). Our single preference cookie is:
2.2.1. scroll_position – Functionality Cookie. This cookie remembers your last scroll
position on the posts/comments list page. Its purpose is to “remember” where you
left off so that if you navigate to another page (for example, viewing a portfolio
item or leaving a comment) and then return to the list, the page can scroll back to
the same spot. This saves you from having to scroll and find your place again,
improving your browsing continuity. Why it’s optional: While helpful, this
cookie is not strictly necessary for using Cevera it’s a convenience feature
categorized as a preference/functionality cookie. Websites use such cookies to
remember user choices or interface preferences (like language selection or UI
settings). We will only use scroll_position if you have agreed to preference
cookies. If you disable or do not accept it, you may simply have to manually
scroll to where you left off, as the site won’t remember that position. No critical
features are lost if this cookie is absent.
All of the above cookies are first-party cookies, meaning they are set by Cevera’s own
systems, not by any external domains. We do not use any analytics cookies, advertising
cookies, or social media t racking plugins that set cookies. In other words, we do not
share cookie data with third parties for marketing or profiling purposes. Our platform’s
focus is purely on displaying user portfolios, so we keep cookie usage to the bare
minimum needed for security and user-requested functionality.
3. MANAGING YOUR COOKIE PREFERENCES
3.1. 3.2. We believe in giving you control over optional cookies. When you first visit Cevera, you
will see a cookie notice or settings prompt. By default, we only activate the Necessary
Cookies (since the site cannot run without them). The preference cookie (scroll_position)
is disabled unless you choose to enable it. You have the following choices:
Accept All Cookies: You may choose to allow the preference cookie in addition to the
necessary ones. This provides the fullest experience (including remembering your scroll
position). By selecting this, you consent to our use of the scroll_position cookie as
described.
Allow Only Necessary Cookies: You can decline the optional cookie and proceed with
only the essential cookies. In this case, we will not set scroll_position. Cevera will still be
fully usable; as required by law, we will not deny you any service or features if you
refuse non-essential cookies. The only difference is that certain convenience features
won’t remember your prior settings (for example, the post list won’t auto-scroll to your
last position).
3.3. 3.4. Customize/Change Your Preference: If at any time you change your mind, you can
update your cookie preferences. We provide a way (such as a “Cookie Settings” link or
through your account settings) for you to withdraw consent or grant consent to the
preference cookie. Any consent you give for cookies can be withdrawn as easily as it was
given. For instance, if you initially allowed scroll_position but later decide you don’t
want it, you can disable it via our cookie settings, and we will stop using it and remove it.
Likewise, if you initially declined it but want to enable the feature later, you can do so at
any time.
In addition to our on-site controls, you can manage and delete cookies through your web
browser settings. Most browsers let you block cookies or delete cookies that have been
set. Please note that blocking all cookies (including necessary ones) through your
browser may impair certain essential functionalities of Cevera (for example, you might
not be able to stay logged in if the shadow_token cookie is blocked). If you only want to
remove the optional scroll_position cookie, it may be easier to use our provided
preference center, but manually deleting it from your browser will also work we will
respect that choice and not recreate it unless you later opt in again.
No Cookie Walls: We do not use “cookie walls” or any practice that forces you to accept
optional cookies in order to use our site. You will always have access to the core features
4. 4.1. 4.2. of Cevera even if you decline any non-essential cookies, in line with user rights under
various laws and fair practice guidelines.
COOKIE DATA RETENTION AND SECURITY
Retention Period: We only keep cookies on your device for as long as necessary to
fulfill their purposes, and we adhere to the principle that personal data should not be
retained longer than needed. The lifespan of our cookies is as follows:
4.1.1. shadow_token – This is a session cookie. It remains active only while your
browser session with Cevera is open. It is typically erased when you log out or
close your browser. (In some cases, it may refresh during short sessions for
continued security, but it will not persist beyond the time needed to keep you
securely logged in.)
4.1.2. cookie_registry – This is a persistent cookie used to remember your preferences.
It is designed to last beyond a single session so that your choice (regarding
optional cookies) is remembered on future visits. We set it to expire after a
reasonable period (for example, around 6 to 12 months) unless you clear your
cookies sooner. We consider this timeframe appropriate to avoid asking you to
reconfirm preferences too frequently, while not keeping the data indefinitely. The
exact duration may be adjusted based on legal guidelines or user experience
considerations, but it will not be kept longer than necessary for its purpose of
storing consent. After expiration, it is automatically deleted and you may be asked
about your cookie preference again.
4.1.3. scroll_position – This is a short-term cookie. It may be a session cookie or a
cookie that expires after a short duration (for instance, it might reset when you
navigate away from the list page or after a few hours). Its data (the scroll position
value) is only relevant temporarily to restore your view context. We ensure it does
not persist longer than needed for that functionality. In any case, it holds no
personal identifiers – only a numeric position – and is removed once it’s no longer
useful for providing you continuity.
We periodically review our cookie durations to ensure they align with their intended
purpose and legal recommendations. We do not keep personal data collected via cookies
for any period longer than necessary to serve you, unless a longer retention is required by
law or for resolving legal obligations/disputes. When cookie data is no longer needed, we
dispose of it safely. For example, if you withdraw consent for the scroll_position cookie
or it expires, the cookie data will be deleted or anonymized. In line with best practices,
any personal information derived from cookies that we no longer need is deleted or
permanently de-identified to prevent any unauthorized access or use.
Security Measures: Protecting the confidentiality and integrity of your data is a top
priority. Although our use of cookies is minimal, we apply robust security measures to
any personal data in cookies. This includes technical protections and organizational
processes to prevent unauthorized access, alteration, or misuse of cookie data. For
instance:
4.2.1. Cookies like shadow_token are transmitted over secure, encrypted connections
(HTTPS) to prevent interception. We flag such cookies as Secure and HttpOnly
where applicable, meaning they cannot be accessed by client-side scripts and are
only sent over encrypted channels. This reduces the risk of XSS (cross-site
scripting) attacks stealing the cookie.
4.2.2. We use encryption and tokenization for the contents of certain cookies. The
shadow_token value itself is a secure token (not your raw credentials or personal
info) and may be pseudonymized/encrypted. If someone were to somehow obtain
it, it would be useless outside our system’s context.
4.2.3. Our servers validate and strictly limit how cookie data is used. For example, the
shadow_token is checked against our database for validity and expiry. Any
anomalies trigger protective actions (like logging out sessions) to safeguard your
account.
4.2.4. Access to cookie data on our side is restricted. Only authorized systems or
personnel (if necessary for support/security) can access details related to cookies,
and even then, only what is needed. We treat cookie-based data with the same care
as other personal data under our Privacy Policy, which includes following
industry best practices and legal requirements for security.
Additionally, we regularly monitor for potential threats and update our security measures.
If we ever became aware of a security incident or breach affecting personal data
(including that stored in cookies), we would promptly inform affected users and
regulators as required by law. We also continuously improve our platform to ensure long-
term confidentiality and integrity of all personal data.
5. CROSS-BORDER DATA TRANSFERS
Cevera is an online platform that may be accessed by users around the world. Our
primary servers and infrastructure may be located in UAE + EEA+ Philippinesand other
countries where Cevera or its service providers operate, and then tie transfers to
adequacy, SCCs / equivalent contractual safeguards, and comparable protection. This
means that cookie data (which might include personal data like the identifiers in
shadow_token or preference indicators) could be transferred to or stored on servers
outside of the country you are in. For example, if you are in the UAE or the Philippines
and our servers are in another country (or vice versa), your cookie information will travel
across national borders to reach our servers. We want to reassure you that any such cross-
border data transfer is handled in compliance with all applicable data protection laws.
Different laws have provisions to ensure your data remains protected even when
transferred internationally. We adhere to those requirements. In practice, this means:
5.1. 5.2. 5.3. 5.4. Adequate Protection: We only transfer personal data (including cookie identifiers, if
they are considered personal data) to jurisdictions that are deemed to have an “adequate”
level of data protection, or we ensure other safeguards are in place. For instance, the
UAE’s PDPL allows transfers to countries approved as having an adequate level of
protection, and similarly, the GDPR permits transfers to countries with European
Commission adequacy decisions. When applicable, we rely on these approved regions to
store or process data.
Contractual and Legal Safeguards: If we must transfer data to a country that is not
officially recognized as having adequate protection, we implement appropriate safeguards
such as standard contractual clauses (data transfer agreements) or other legally required
measures. These contracts impose strict data protection obligations on the recipient of the
data, ensuring your cookie data receives a comparable level of protection to that under
your home jurisdiction. In the Philippines, for example, the law requires that personal
information transferred abroad receives protection comparable to the Philippine Data
Privacy Act’s standards, and model clauses are recommended by the National Privacy
Commission. Cevera will use such mechanisms (contracts or any government-approved
transfer frameworks) to cover cross-border data flows.
Explicit User Consent if Required: In rare cases where neither an adequacy decision
nor standard safeguards are available or sufficient, we may request your explicit consent
for a particular transfer, as allowed under law. For instance, UAE PDPL and GDPR both
recognize that a user’s explicit consent can legitimize a cross-border transfer when other
grounds are not present. We would only do this in exceptional scenarios and would
inform you of any risks before obtaining your consent. (As of now, Cevera’s routine
operations rely on the aforementioned safeguards, and asking for consent for data
transfers is generally not needed for our cookie data, given the protections we have in
place.)
Other Legal Bases: We also ensure any international transfers meet other relevant
conditions. For example, if a transfer is necessary to perform a contract with you, or to
fulfill a service you requested, or to establish/defend legal claims, we will transfer data
under those allowable conditions in compliance with regulations. Our goal is that no
matter where your data goes, your rights and protections travel with it.
In summary, whether your data stays within your country or goes to another, Cevera
guarantees that it is handled lawfully and securely. We stay updated on international data
transfer rules and will adjust our practices if laws change (for example, if new
agreements or restrictions come into force). If you have questions about how your data
might be stored in other countries, feel free to contact us (see Contact Us below). We can
provide additional details specific to your situation if needed.
6. 6.1. 6.2. 6.3. 6.4. YOUR PRIVACY RIGHTS AND CHOICES
In using cookies and processing data, we respect all rights you have under UAE, EU,
Philippine, and other applicable data protection laws. Cookie identifiers and related data
(to the extent they are personal data) are covered by these rights. Key rights include:
Right to Withdraw Consent: If we rely on your consent to use a cookie (such as the
scroll_position preference cookie), you have the right to withdraw that consent at any
time. We make this easy through our cookie settings – you can toggle off the preference
cookie whenever you wish, and we will honor that choice immediately.
Right to Access and Correction: You have the right to request a summary of any
personal information we hold about you, which would include data tied to cookies if
applicable. In practice, our cookies store very minimal personal data (mostly technical
tokens). Nonetheless, if you wish to know what data is associated with your cookies or if
any of it is linked to your account, you can contact us to request that information. If you
believe something is inaccurate (for example, an outdated preference), you can ask us to
correct it, though typically cookie data is either correct by design or simply deleted when
obsolete.
Right to Erasure: You can request that we delete personal data we hold about you. For
cookies, the simplest way to exercise this is by clearing cookies or withdrawing consent
(which causes us to delete associated data). We automatically purge cookie data as it
expires or is no longer needed, but you may also specifically request deletion. If you ask,
for instance, to delete all data tied to your account, we will also clear any related cookies
or identifiers where feasible. Note: Some necessary cookies cannot be “stopped” without
losing functionality (e.g., if you want to use the service, the shadow_token must be
present), but if you delete your account or fully stop using the service, these will naturally
disappear. We will assist with any manual deletions as required by law.
Right to Object or Restrict Processing: You have the right to object to certain data
processing activities. In cookie context, this likely means you can object to us using non-
essential cookies or similar tracking. We have already given you control to disable
optional cookies. If you have a special situation or objection (perhaps you want even
necessary cookies restricted), let us know. We will evaluate such requests in line with
applicable laws – keeping in mind some processing (like security tokens) may be exempt
from objection if it’s necessary for providing the service or our legitimate interests (like
securing the platform). We won’t use cookies for any purpose that you reasonably object
to without a compelling reason permitted by law.
6.5. Data Portability: This right typically applies to data you provided to us in a structured
format. Cookies are small and not user-provided in the traditional sense (they are issued
by our system), so this is usually not relevant. However, if you need a copy of data
you’ve given us (which might include preferences or settings that could be stored in a
cookie), we can provide that in a suitable format on request.
6.6. Lodging Complaints: If you believe our use of cookies or handling of personal data
violates any law or your privacy rights, you have the right to lodge a complaint with the
relevant data protection authority. For example, UAE users can contact the UAE Data
Office, EU users can reach out to their national Data Protection Authority, and Philippine
users can contact the National Privacy Commission. We encourage you to contact us first
so we can address your concerns directly, but you are fully entitled to seek regulatory
help. We will cooperate with authorities in resolving any concerns.
We uphold these rights in accordance with each law’s specifics. For instance, the UAE
PDPL and the Philippine DPA recognize similar rights as the GDPR (access, correction,
deletion, etc.) and we extend those to all our users. We will not discriminate against or
penalize you for exercising your privacy rights – our service will remain available under
the same terms.
7. UPDATES TO THIS POLICY
7.1. 7.2. We may update this Cookie Policy from time to time to reflect changes in our practices,
operational or legal requirements, or for any other purpose. If we make material changes
(for example, if we add new cookies or change how we ask for consent), we will notify
you in an appropriate manner – such as by posting a prominent notice on our site or via
an email notification if appropriate. We will always indicate the date of the latest revision
at the top of the policy.
Any update will comply with applicable laws. For instance, if laws change in the UAE,
EU, or Philippines impacting cookies or personal data handling, we will adjust our policy
to maintain compliance. If the changes require it, we may prompt you to review the new
policy or re-consent to cookies (especially if a new optional cookie is introduced). We
encourage you to periodically review this Cookie Policy for the latest information on our
cookie practices.
7.3. By continuing to use Cevera after any updates take effect, you will be deemed to have
accepted the revised policy. However, we will not reduce your rights under this policy
without your explicit consent. If you do not agree to the changes, you can always adjust
your cookie preferences or stop using our site. Historical versions of this policy can be
provided upon request for your reference.
Contact Us
If you have any questions or concerns about this Cookie Policy or our use of cookies and similar
technologies, please contact us. We are here to help and will gladly explain or address anything
regarding your privacy on Cevera.
You can reach our privacy team at: privacy@ceveraapp.com
(Please include attention to “Data Protection Officer” if your inquiry is of a legal/privacy
nature, as we have personnel responsible for data protection compliance.)
We will respond to your inquiries as soon as possible, and no later than any timeframe required
by law. For example, if you are in the EU or UAE, we strive to answer data requests or questions
within 30 days or the period mandated by regulations.
Thank you for reading our Cookie Policy. Your trust is important to us, and we are dedicated to
protecting your privacy while providing a secure and user-friendly platform. For more details on
how we handle personal data beyond cookies (e.g., account information), please see our Privacy
Policy (available on our site). Download PDF: Cookie Policy, 2026.