Effective date: 24 September 2025
Company: Crylo Tech Ltd
Registered address: 128 City Road, London, United Kingdom, EC1V 2NX
Contact: Phone +44 7881 673483 · Email crylotechltd@gmail.com
Website: http://cryloltd.tech/
- Purpose and Scope
1.1 This Cookies and Tracking Technologies Policy (the “Policy”) outlines how Crylo Tech Ltd (“Crylo Tech,” “we,” “us,” or “our”) utilizes cookies and related client-side tracking technologies on its websites, online platforms, hosted services, SaaS applications, embedded widgets, APIs, and other electronic distribution mechanisms under its control
1.2 This Policy applies to natural persons who access or use Crylo Tech’s public websites, customer portals, trial environments, demo sites, hosted applications, mobile applications, and any other Crylo Tech online or electronically delivered services
1.3 This Policy supplements Crylo Tech’s Privacy Policy and other contractual documents and should be read together with them where relevant. In the event of any inconsistency with a specific contractual data processing agreement, that agreement will prevail to the extent of the inconsistency - Definitions and Interpretation
2.1 In this Policy, the following terms have the following meanings:
Cookies: Small data files placed on or read from a user’s device by a website or application via a web browser
First-party cookies: Cookies set by the domain of the service the user is visiting
Third-party cookies: Cookies set by a domain other than the domain of the site being visited
Similar technologies: Other client-side storage or tracking mechanisms including, without limitation, localStorage, sessionStorage, IndexedDB, web beacons, pixel tags, device identifiers, SDK tracking, and device/browser fingerprinting
Consent: A freely given, specific, informed, and unambiguous indication of a user’s wishes by which the user signifies agreement to processing of their personal data by means of an affirmative action
UK GDPR: The UK General Data Protection Regulation as retained in United Kingdom law together with the Data Protection Act 2018
2.2 Capitalized terms not defined in this Policy shall have the meanings given to them in Crylo Tech’s Privacy Policy - Online Service Context and Applicability
3.1 Crylo Tech provides many of its Services online. Use of cookies and similar technologies is therefore intrinsic to the delivery of online features, secure authentication, account management, billing, telemetry, diagnostics, and interactive content. References in this Policy to “Services” and “Deliverables” include online services, hosted access, and electronic transmissions unless stated otherwise
3.2 This Policy also applies to cookies placed by third parties through Crylo Tech’s properties (for example, analytics, CDN, payment gateway, chat provider, and embedded media vendors) when those cookies are set in the context of a Crylo Tech property - Purposes of Cookie and Tracking Processing
4.1 Crylo Tech uses cookies and similar technologies for the following non-exhaustive purposes:
4.1.1 To provide and secure essential functionality required to render the Services and to manage authenticated sessions, including session tokens, anti-CSRF mechanisms, and load balancing
4.1.2 To preserve user preferences and accessibility settings such as language, regional display, consent preferences, and saved form states
4.1.3 To perform diagnostics, capture error telemetry, measure performance, measure feature adoption, and enable capacity planning and resilience testing
4.1.4 To support authorized customer account functionality, preferences, entitlement checks, and subscription management
4.1.5 To enable integrated third-party functionality such as embedded video playback, payment authorization flows, chat and support widgets, maps, and content delivery networks
4.1.6 To measure marketing campaign performance, conversion tracking, and attribution where lawful and where users have provided consent where required
4.1.7 To enable permitted remarketing and personalized content for users who have given consent, subject to user choices and applicable law
4.1.8 To conduct fraud detection, abuse prevention, and security analytics to protect the Services, users, and infrastructure
4.2 Crylo Tech shall not use cookies or similar technologies for purposes materially beyond those described in this Policy without updating this Policy and, where required by law, obtaining fresh consent - Cookie Classification, Typical Examples, and Retention Approach
5.1 Crylo Tech classifies cookies and tracking technologies into categories to aid transparency and user choice. The categories are indicative and may be supplemented in the cookie register described in clause 5.6
5.1.1 Essential cookies and secure session tokens: Cookies strictly necessary for the operation of the Service and for security. These are typically transient and expire on session termination or within short intervals
5.1.2 Functional cookies: Cookies that enable remembered settings and preferences; typical retention ranges from weeks to up to two years depending on user choice and provider settings
5.1.3 Analytics and performance cookies: Cookies used to generate aggregated usage statistics and performance metrics; typical retention periods are provider-dependent and commonly range from 6 to 26 months. Crylo Tech uses aggregation and pseudonymization where practicable
5.1.4 Advertising, targeting, and conversion cookies: Cookies used for advertising, cross-site tracking, targeting, and conversion measurement. These cookies are activated only where lawful consent has been obtained and may have retention periods of several months or more as set by vendors
5.1.5 Third-party integration cookies: Cookies set by vendors providing embedded services; retention and purpose are governed by the third party’s policy as well as by the choices made by the user on Crylo Tech’s consent interface
5.2 The specific cookie names, provider details, purpose statements, and retention periods are recorded in Crylo Tech’s internal cookie register which is publicly available on request in anonymized form as described in clause 5.6. Crylo Tech reviews and updates the cookie register at least semi-annually and whenever a new tracking technology is introduced
5.3 Retention periods for cookies that store or relate to personal data are set in line with data protection principles and may be reduced or anonymized where feasible. Persistent identifiers used for advertising are limited to the retention periods required for legitimate business needs and to comply with industry guidance
5.4 Where cookies or tracking mechanisms create profiles that are likely to significantly affect a natural person, Crylo Tech will ensure that lawful bases, transparency, and rights mechanisms required by law are observed
5.5 Crylo Tech does not place advertising or targeting cookies on visitors from jurisdictions where such use is forbidden without explicit consent
5.6 Cookie Register and Disclosure Process
5.6.1 Crylo Tech maintains a cookie register (the “Register”) which identifies cookie names (or stable identifiers), the responsible provider (first-party or third-party), the functional purpose, legal basis for processing, retention period, and any relevant vendor privacy link. The Register is maintained by Crylo Tech’s Privacy & Cookies Coordinator and audited at least twice per year
5.6.2 A copy of the Register or an anonymized extract may be requested by emailing crylotechltd@gmail.com; Crylo Tech may redact commercially sensitive vendor contract identifiers but will provide the substantive content required for an individual to exercise privacy choices
5.6.3 The Register also documents any server-side or backend pseudonymization, hashing, or encryption applied to identifiers prior to storage or export - Legal Bases for Cookie Processing and Consent Handling
6.1 For cookies that are strictly necessary to provide functionality requested by the user and to perform contractual obligations (for example, session cookies used for an authenticated service purchased by the user), Crylo Tech relies on performance of a contract or legitimate interests as the legal basis, following an appropriate balancing test where required
6.2 For non-essential cookies (for example, analytics and advertising cookies), Crylo Tech relies on informed and explicit user consent where required by applicable law. Consent is recorded and kept auditable
6.3 Consent management is implemented through a layered approach: concise banner summary, granular preference modal, full Policy text, and a mechanism to record and persist the user’s selection. Where local law permits, essential cookies may be set prior to consent but no non-essential cookies shall be set until consent is obtained
6.4 Consent records include the timestamp, scope of consent (which cookie categories), chosen vendor preferences where applicable, the method of consent collection, and an auditable identifier tied to the consent token
6.5 Users may withdraw consent at any time through the “Cookie Settings” link or equivalent mechanism. Withdrawal of consent applies prospectively and does not affect the lawfulness of processing conducted prior to withdrawal - Consent Presentation, Preference Management, and UX Requirements
7.1 Crylo Tech’s consent interface is designed to be clear, specific, and user-friendly. The interface includes: a short, plain language summary of cookie categories; a link to the full Policy; the option to accept all cookies; the option to reject all non-essential cookies; and an option to configure preferences by category
7.2 The preference interface facilitates granular vendor choices for analytics and advertising categories where technically feasible and where vendors support consent signaling protocols
7.3 For authenticated users, preferences are persisted to the user profile where feasible so that preferences follow users across devices when they log in. For unauthenticated users, preferences are stored in client storage while consent tokens permit identification or persisted via opt-out tokens where vendor APIs support it
7.4 The preference UI informs users about functional impacts of blocking or deleting cookies and provides simple instructions for common tasks (for example, how to disable cookies in major browsers or how to clear local app storage) - User Controls, Browser Settings, and Opt-Out Mechanisms
8.1 Users may exercise control over cookies using the preference interface, by changing browser settings, by using operating-system level privacy settings, or by employing browser extensions/plug-ins. Crylo Tech provides high-level guidance for major browsers (Chrome, Edge, Safari, Firefox) and for common mobile platforms in our help pages; those instructions are indicative and may change as browsers evolve
8.2 For advertising cookies, where relevant vendor opt-out mechanisms exist (for example, industry opt-out pages or vendor preference centers), Crylo Tech provides links to these mechanisms in the preference modal. Crylo Tech also implements advertising consent signals where supported by vendors (for example, TCF, GPC, or equivalent) to propagate user choices to programmatic ecosystems
8.3 Users are informed that completely blocking cookies at browser level may prevent access to certain features, cause degraded experience, and may break authentication or payment flows - Third-party Cookies, Vendor Relationships, and Contractual Requirements
9.1 When third parties set cookies in the context of a Crylo Tech property they may be independent controllers with separate purposes; Crylo Tech is not responsible for third-party practices but requires vendors to comply with contractual privacy and security obligations as set out in processor/sub-processor agreements
9.2 Crylo Tech’s standard vendor selection includes privacy and security due diligence to confirm that the vendor respects consent signals, implements appropriate security controls, and documents retention and deletion policies. Vendors are required to cooperate in responding to data subject requests and to provide transparency about their cookies where material
9.3 Crylo Tech discloses the use of third-party cookies in the Register and in the preference UI and, where appropriate, obtains consent for third-party cookies that require consent. - Security Controls, Minimization, and Technical Safeguards
10.1 Crylo Tech applies technical safeguards to reduce the risk of data exposure from cookies and tracking identifiers. Controls include, as applicable: use of secure transport protocols (TLS) for data in transit; use of cookie attributes such as Secure, HttpOnly, and SameSite where supported; minimization of Personally Identifiable Information (PII) in client-side storage; hashing or pseudonymization of identifiers prior to export; and short lifespans for high-risk cookies
10.2 Server-side measures include access control, encryption at rest for sensitive linkages, token rotation, retention limits, logging and monitoring of vendor script activity. Crylo Tech performs periodic vulnerability scanning and third-party script audits
10.3 Where Crylo Tech processes data derived from cookies that is combined with other personal data, applicable security and access controls for personal data apply in accordance with the Privacy Policy