Overview.
This policy explains how VYRA Data Inc. ("VYRA", "we", "us", "our") uses cookies and similar technologies on our websites, including vyradata.com and the client sites we host on a client.vyradata.com pattern. It sits alongside our Privacy Policy, which explains how we handle personal information more generally. Read them together.
The date this policy last changed is shown at the top of this page. We may update it as described in "Changes to this policy" below.
We keep this simple. No non-essential tracker runs before you agree to it. Rejecting is as easy as accepting. You can change your mind at any time.
What cookies and trackers are.
A cookie is a small text file a website stores on your device so it can recognise your browser on later visits. Similar technologies do the same kind of job by other means, including pixels, tags, software development kits, local storage, and server-side event tools. In this policy, when we say "cookies" we mean all of them.
Cookies can be first-party, set by the site you are visiting, or third-party, set by another provider whose tools the site loads. They can last only for your current visit, which we call session cookies, or stay on your device for a set period, which we call persistent cookies. We tell you which is which in the inventory below.
Our consent standard.
For any tracker that is not strictly necessary, we ask for your consent first. That consent is prior, free, specific, informed, and unambiguous. In plain terms:
- Prior: nothing non-essential runs until you have made a choice.
- Free: you can accept or reject without penalty, and rejecting is as easy as accepting.
- Specific: you consent by category, not to everything at once.
- Informed: this page tells you what each category loads and why.
- Unambiguous: consent comes from a clear action you take, not from scrolling, browsing, or accepting general terms.
You can withdraw consent as easily as you gave it, at any time, through the cookie preferences link on our sites. This standard follows the approach set by regulators such as France's CNIL, which many organisations treat as the benchmark for cookie consent in Europe.
The categories we use.
We group cookies into three categories. You control the last two.
Necessary. Always on.
These trackers are required for the site to work, so they do not need your consent and you cannot switch them off through the banner. They include:
- Session and load-balancing trackers that route your requests and keep the site stable.
- Authentication and security trackers that keep you signed in and protect against fraud and cross-site request forgery.
- A tracker that records your cookie choice, so we can honour it and not ask you again on every page.
These match the kinds of trackers regulators treat as exempt from consent, because they are strictly necessary to deliver a service you asked for.
Analytics. Off until you allow them.
These trackers help us understand how our sites are used so we can improve them. When you allow this category, we load Google Analytics 4 with IP anonymisation turned on and a 14-month retention window for event data. We use it to see which pages are visited, how people move through the site, and where things break. We do not use it to identify you personally.
Marketing. Off until you allow them.
These trackers measure and improve the relevance of our advertising. When you allow this category, we load the Meta pixel and send matching events to Meta through the Conversions API for measurement and deduplication. If you submit a form, your email, phone number, and first name are hashed with SHA-256 on our server before they reach Meta. They are never sent in the clear, and they are never sent unless Marketing is on.
For visitors in the EEA and the UK, we send Google Consent Mode v2 signals so that Google and Meta tags respect your choice. Consent Mode v2 uses four signals: ad_storage, analytics_storage, ad_user_data, and ad_personalization. We set them to match the categories you allowed.
Cookie inventory.
This is what we load, grouped by category. Where a specific cookie name depends on the exact build of a site, we describe the tracker by its purpose. Names, durations, and providers can vary slightly between our main site and a client site.
Necessary trackers.
- Session cookie. Provider: VYRA (first-party). Purpose: keeps your session and routes requests. Type: session. Duration: expires when you close your browser.
- Authentication cookie. Provider: VYRA (first-party). Purpose: keeps you signed in to an account or portal. Type: persistent. Duration: up to the length of your sign-in period.
- CSRF token. Provider: VYRA (first-party). Purpose: protects forms against cross-site request forgery. Type: session. Duration: expires when you close your browser.
- Cookie-consent record. Provider: VYRA (first-party). Purpose: remembers your cookie choice so we can honour it. Type: persistent. Duration: up to 12 months.
Analytics trackers.
- Google Analytics 4. Provider: Google. Purpose: measures how the site is used, with IP anonymisation on. Type: persistent. Duration: up to 14 months for event data.
Marketing trackers.
- Meta pixel. Provider: Meta. Purpose: measures ad performance and matches events with the Conversions API. Type: persistent. Duration: up to 90 days for the primary identifier.
If you would like the exact current list for a specific site, including live cookie names, use the cookie preferences link on that site, which reflects the trackers actually configured there.
Third-party trackers and international transfers.
The Analytics and Marketing categories load tools from Google and Meta, which are based in the United States. When those tools run with your consent, some data may be processed outside your home region. We rely on Standard Contractual Clauses for these transfers, and where we rely on the EU-US Data Privacy Framework we keep Standard Contractual Clauses as a fallback so your data stays protected. Our Privacy Policy explains our transfer approach in more detail.
How the consent banner behaves.
When you first visit, we show a banner before any non-essential tracker runs. From that banner you can:
- Accept all categories.
- Reject all non-essential categories with a single action that is as easy to find and use as accept.
- Choose categories individually.
Nothing in the Analytics or Marketing categories fires until you make a choice, and rejecting leaves only the Necessary trackers running. We log a record of your choice so we can prove your consent and honour it. You can reopen the banner at any time through the cookie preferences link on our sites. Turning a category off stops the related collection right away.
Google Consent Mode v2.
For visitors in the EEA and the UK, we run Google Consent Mode v2. This is a requirement Google places on advertisers using its products in those regions. In practice it means our Google and Meta tags read the signals described in the Marketing category above and adjust their behaviour to match what you allowed. If you reject Marketing, the tags run in a limited, consent-respecting mode rather than setting advertising identifiers.
Global Privacy Control.
Some browsers and extensions can send a Global Privacy Control signal, which tells sites you want to opt out of the sale or sharing of your personal information. For visitors in United States states that recognise it, we treat a Global Privacy Control signal as a valid opt-out of sale or sharing, and apply it to the relevant advertising trackers. You do not need to do anything else for us to honour it.
Do Not Track.
Some browsers can send a Do Not Track signal. There is no common standard for how sites should respond to it, so we do not treat Do Not Track as a legal opt-out. We do log it. If you want to limit trackers, use the cookie preferences link, or send a Global Privacy Control signal where your state recognises it.
Quebec Law 25.
Quebec's Law 25 applies to sites that reach Quebec residents, and it requires explicit consent before non-essential trackers run. Our approach meets that standard: non-essential trackers stay off until you allow them, rejecting is as easy as accepting, and you can withdraw at any time. Quebec's regulator, the CAI, has enforced these rules, so we hold ourselves to them across our sites.
How to manage cookies.
You have two main ways to control cookies on our sites:
- Use the cookie preferences link on the site to change your category choices at any time. This is the fastest way to withdraw or update consent, and it takes effect right away.
- Use your browser settings to block or delete cookies. Most browsers let you clear existing cookies and refuse new ones. Blocking Necessary cookies may stop parts of the site from working.
If you clear your cookies or switch browsers, we will ask for your choice again, because the record of your last choice is itself stored in a cookie.
Cookies on client sites.
When we build and host a site for a client on a client.vyradata.com address, we configure cookies on that client's instructions and for that client's purposes. In that case the client usually decides what runs and their own privacy notice governs it, while VYRA operates the tools. Where we install and manage advertising trackers such as the Meta pixel and Conversions API on a client's behalf, we do so as the client's agent under the relevant platform terms, and the client is responsible for having the rights and consents its campaigns need.
Changes to this policy.
We may update this policy from time to time, for example when we add or remove a tracker. When we make a change, we update the last-updated date at the top of this page. If a change means we would collect through a new non-essential tracker, we ask for your consent before it runs, rather than treating your continued use as acceptance.
Contact.
For privacy questions and to exercise your rights, email privacy@vyradata.com.
For general and legal questions, email contact@vyradata.com.
You can reach us at VYRA Data Inc., Halifax, Nova Scotia, Canada. For more on how we handle personal information, see our Privacy Policy.