Circlworld

Cookie Policy

Version 1.0 · Effective 2026-06-02 · Last updated 2026-05-20

1.1 Purpose

This Cookie Policy describes how Circlworld uses cookies and similar technologies on the Circlworld website at circlworld.com, our mobile applications, and the services provided through them (collectively, the "Platform").

This Cookie Policy is referenced from the Privacy Notice available at circlworld.com/legal/privacy and forms part of the wider documentation governing your use of the Platform. The defined terms used in the Privacy Notice apply here.

This Cookie Policy covers:

(a) Cookies — small text files stored on your device when you visit the Platform (b) Similar technologies — pixels, local storage, session storage, IndexedDB, and other client-side storage mechanisms (c) Server-side tracking — server-side mechanisms that achieve effects similar to cookies (for example, fingerprinting techniques)

For brevity, this document refers to all of these as "cookies" except where the distinction matters.

1.3 Regulatory framework

Circlworld's use of cookies is regulated by:

(a) For UK members: the Privacy and Electronic Communications Regulations 2003 (PECR), as amended, and the UK GDPR in respect of personal data collected through cookies (b) For EU members: the ePrivacy Directive as implemented in member state law, and the EU GDPR (c) For Jamaican members: the Jamaica Data Protection Act 2020 in respect of personal data collected through cookies (d) For all members: the general principles of transparency and consent that apply across these frameworks

Where the standards differ, Circlworld applies the higher standard universally to the maximum extent practicable.

1.4 Plain-language summary (non-binding)

The provisions of this Cookie Policy are binding in the form set out below. To assist your understanding, the following plain-language summary describes the substance in non-binding form.

(a) Circlworld uses cookies that are necessary to operate the Platform (login, security, language preference). These cannot be disabled. (b) Circlworld uses cookies that help us understand how the Platform is used so we can improve it. You can opt in or out of these. (c) Circlworld does not use advertising cookies. The Platform contains no advertising and no advertising trackers. (d) Circlworld does not sell your information to data brokers or share cookie data with advertising networks. (e) You can manage your cookie preferences at any time through the cookie preferences banner that appears at the bottom of the Platform, or through your browser's cookie settings.

2. What are cookies?

2.1 Definition

A cookie is a small text file that a website places on your device (computer, tablet, smartphone) when you visit. The file contains information that allows the website to recognise your device on subsequent visits, remember your preferences, and provide certain features.

Cookies can be set by the website you are visiting (first-party cookies) or by a third party whose content or services are integrated into the website (third-party cookies).

Cookies can persist on your device until they expire or are deleted (persistent cookies) or only until you close your browser (session cookies).

Similar technologies include:

  • Local storage and session storage — browser-based storage that persists beyond cookies' typical size limits
  • Pixels — small images that load from a server and record that loading occurred (commonly used for email open tracking)
  • Fingerprinting — techniques that identify a device by characteristics such as screen resolution, installed fonts, and timezone

2.2 Why Circlworld uses cookies

Circlworld uses cookies for the purposes set out in Clause 3. Every cookie used has a specific purpose; Circlworld does not use cookies for any purpose other than those described in this Cookie Policy.

3. Categories of cookies Circlworld uses

Circlworld uses cookies in four categories. The specific cookies in operation are listed in Schedule 1.

3.1 Strictly necessary cookies

Purpose: These cookies are essential for the operation of the Platform. They include cookies that:

  • Authenticate you when you log in
  • Maintain your session as you navigate the Platform
  • Protect against cross-site request forgery (CSRF) and other security threats
  • Remember the language and accessibility preferences you have set
  • Enable load balancing across servers

Consent: Under UK PECR Regulation 6(4)(b) and equivalent provisions, strictly necessary cookies do not require your consent because they are essential for providing a service you have actively requested. They cannot be disabled while you use the Platform.

Persistence: Most are session cookies (deleted when you close the browser); some persist for up to 30 days (e.g., the cookie remembering your accessibility preferences).

Examples: session ID, CSRF token, language preference, dark mode preference.

3.2 Analytics cookies

Purpose: These cookies help Circlworld understand how the Platform is used:

  • Which pages members visit and in what order
  • How long members spend on each feature
  • Which features are encountered most frequently
  • Where members encounter errors or get stuck

This information is aggregated and de-identified at the analysis stage. Circlworld uses it to improve the Platform; we do not use it to target you with marketing or to share with advertisers.

Consent: These cookies are set only with your consent. The cookie preferences banner offers you the choice to accept or decline analytics cookies. You can change this choice at any time.

Persistence: Up to 13 months for aggregated analysis purposes (in line with industry standards), then automatically deleted.

Examples: analytics session ID, page view counter, feature interaction tracker. Specifics in Schedule 1.

3.3 Performance cookies

Purpose: These cookies help the Platform operate efficiently:

  • Caching frequently-accessed resources for faster page loads
  • Tracking technical errors and crash reports
  • Monitoring page load times and identifying performance regressions

Consent: Where a performance cookie is essential to the operation of a feature you have requested, it is treated as a strictly necessary cookie. Where it is used for monitoring or optimisation that you can opt out of without losing the feature, your consent is requested.

Persistence: Up to 12 months.

Examples: CDN edge cache identifier, error tracking identifier (Sentry).

3.4 Preferences cookies

Purpose: These cookies remember choices you have made:

  • Your time zone
  • Your currency display preference
  • Your notification settings within the Platform
  • Your dismissal of one-time banners and tooltips

Consent: Where the preference is essential to a feature you have configured, treated as strictly necessary. Otherwise, set with your consent.

Persistence: Until you change the preference or for up to 12 months.

3.5 Cookies Circlworld does NOT use

For clarity, Circlworld does NOT use:

  • Advertising cookies — there is no advertising on the Platform and no advertising trackers
  • Cross-site tracking cookies — Circlworld does not follow you across other websites
  • Data broker cookies — Circlworld does not share cookie data with data brokers
  • Social media tracking pixels — the Platform does not include Facebook Pixel, LinkedIn Insight Tag, Twitter conversion tracking, or equivalent

4. Third-party cookies

Circlworld integrates with third-party services that may set cookies on your device when you use the Platform. The third parties are described below.

4.1 Identity verification providers

When you complete identity verification (Onfido, Smile ID, Persona, Sumsub, depending on your residence and document type), the verification flow may occur in an embedded interface provided by the verification provider. The provider may set cookies on your device for the duration of the verification session.

These cookies are governed by the provider's own cookie policy, available on their website. Circlworld has contractual arrangements with each provider that constrain their use of the data collected through these cookies to the purposes of identity verification.

4.2 Hosting and CDN providers

The Platform is delivered through:

  • Vercel (frontend hosting and edge delivery)
  • Cloudflare (CDN and DDoS protection)

These providers may set technical cookies for load balancing, security, and performance purposes. These are treated as strictly necessary cookies as they are essential for the operation of the Platform.

4.3 Error monitoring

Circlworld uses Sentry for error tracking. When an error occurs in the Platform, Sentry records technical details about the error (the page, the action attempted, the technical fault). Sentry may set a session identifier cookie for the duration of your session to correlate multiple events.

4.4 Email tracking pixels

Transactional emails sent through Resend may contain a pixel that records whether the email was opened. This is used to monitor email deliverability and to identify members who may not be receiving important communications.

You can disable email open tracking by configuring your email client not to load remote images, or by contacting privacy@circlworld.com.

4.5 No advertising or analytics tracking from external advertising networks

The Platform contains no integration with Google Ads, Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel, or any equivalent advertising or social platform tracker. This is a deliberate architectural choice; the Platform is not advertising-funded and does not surveil members for advertising purposes.

When you first visit the Platform, a cookie preferences banner appears at the bottom of the page. The banner offers three options:

(a) Accept all — strictly necessary cookies plus analytics, performance, and preferences cookies (b) Reject non-essential — strictly necessary cookies only (c) Manage preferences — granular control over each category of non-essential cookies

You can re-open the cookie preferences banner at any time by clicking the "Cookies" link in the Platform footer.

5.2 Browser-based controls

Most browsers allow you to control cookies through their settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Safari: Settings → Privacy → Cookies and website data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Edge: Settings → Cookies and site permissions

You can typically:

  • Block all cookies (note: this will prevent you from using the Platform; strictly necessary cookies are required)
  • Block third-party cookies only
  • Clear cookies on browser exit
  • Delete cookies individually or in bulk

The "Do Not Track" browser signal is honoured by Circlworld where it is meaningful — that is, where you have not separately set cookie preferences in our preferences banner, a "Do Not Track" signal causes us to treat your visit as opting out of analytics and performance cookies.

5.3 Mobile applications

In Circlworld's mobile applications (when published), the equivalent of cookies is managed through:

  • iOS: device-level App Tracking Transparency settings, which Circlworld honours
  • Android: device-level advertising and analytics settings, which Circlworld honours

The mobile applications do not use tracking identifiers for advertising purposes.

5.4 Effect of disabling cookies

If you disable strictly necessary cookies, the Platform will not function correctly. Specifically, you will not be able to log in, your session will not persist, and security mechanisms will not be operative.

If you disable analytics, performance, or preferences cookies, the Platform will function correctly for use, but:

  • We have less data with which to improve the Platform
  • Some preferences will need to be reset on each visit

Disabling cookies does not delete cookies already on your device; you must clear them through your browser settings.

When you make a choice in the cookie preferences banner, Circlworld records:

  • The date and time of your choice
  • The categories of cookies you accepted or declined
  • The version of this Cookie Policy in effect at the time

This record is held in your Settings → Compliance → Consent Log alongside other consent records.

You can change your cookie preferences at any time; doing so updates the record without removing the history.

Circlworld may update this Cookie Policy from time to time. Changes that materially affect your privacy (for example, the addition of a new category of cookies) will be notified through the cookie preferences banner with the requirement to renew your consent before the new cookies are set.

The current version of this Cookie Policy is always available at circlworld.com/legal/cookies. Previous versions are archived at circlworld.com/legal/archive/cookies-v.

8. Contact

For questions about this Cookie Policy or about Circlworld's use of cookies:

  • Data Protection Officer: dpo@circlworld.com
  • General privacy queries: privacy@circlworld.com
  • Postal: as set out in the Privacy Notice

Schedule 1 — Specific cookies in use

The following table lists the specific cookies currently in operation on the Platform. The table is verified against the deployed Platform at the time of publication of each version of this Cookie Policy and is updated when cookies are added, removed, or substantially changed.

Note for publication: The list below is illustrative and must be verified against the deployed Platform before publication. A cookie audit is required as part of the legal site Phase L7. The audit produces the definitive list of cookies in use; this Schedule must reflect that list precisely.

Strictly necessary cookies

| Name | Provider | Purpose | Type | Persistence | |------|----------|---------|------|-------------| | circl_session | Circlworld (first-party) | Session authentication | HTTP cookie | Session | | circl_csrf | Circlworld (first-party) | CSRF protection | HTTP cookie | Session | | circl_lang | Circlworld (first-party) | Language preference | HTTP cookie | 12 months | | circl_theme | Circlworld (first-party) | Display mode preference (light/dark/system) | HTTP cookie | 12 months | | cf_clearance | Cloudflare (third-party) | DDoS protection challenge | HTTP cookie | Session | | __cf_bm | Cloudflare (third-party) | Bot detection | HTTP cookie | 30 minutes | | _vercel_jwt | Vercel (third-party) | Edge routing | HTTP cookie | Session |

Analytics cookies (opt-in)

| Name | Provider | Purpose | Type | Persistence | |------|----------|---------|------|-------------| | _ga_* | [TBD analytics provider] | Aggregated usage analytics | HTTP cookie | 13 months |

Note: Circlworld has not yet selected an analytics provider. The above is a placeholder. Options under consideration: Plausible (privacy-respecting, EU-hosted), Fathom (privacy-respecting), or no analytics at all. The choice affects this Schedule materially.

Performance cookies

| Name | Provider | Purpose | Type | Persistence | |------|----------|---------|------|-------------| | sentry-trace | Sentry (third-party) | Error tracking correlation | HTTP cookie | Session |

Preferences cookies

| Name | Provider | Purpose | Type | Persistence | |------|----------|---------|------|-------------| | circl_tz | Circlworld (first-party) | Time zone preference | HTTP cookie | 12 months | | circl_currency | Circlworld (first-party) | Currency display preference | HTTP cookie | 12 months | | circl_banner_dismissed_* | Circlworld (first-party) | Banner dismissal records | HTTP cookie | 90 days |

Local storage (similar technologies)

| Key | Provider | Purpose | Persistence | |-----|----------|---------|-------------| | circl.user.preferences | Circlworld (first-party) | UI preferences | Persistent until cleared | | circl.draft.attestation.* | Circlworld (first-party) | Draft attestation data (for crash recovery) | Cleared on submission |

Schedule 2 — Items Pending Finalisation

The following items in this Cookie Policy are placeholders and must be resolved before publication:

| Item | Location | Pending Decision | |------|----------|------------------| | Effective date | Header | Set at publication | | Last updated date | Header | Set at publication | | Version number | Header | Confirm 1.0 at publication | | Analytics provider selection | Schedule 1 (Analytics) | Choose between Plausible, Fathom, alternative, or none | | Specific cookies in deployed Platform | Schedule 1 | Cookie audit required against live Platform before publication | | Mobile application cookie/SDK behaviour | Clause 5.3 | Defer until mobile applications launch | | Email tracking pixel default | Clause 4.4 | Confirm whether email open tracking is on by default or opt-in | | Status of "Do Not Track" handling | Clause 5.2 | Confirm engineering implementation |

This schedule should be reviewed by qualified counsel and a cookie audit conducted before publication.

End of Cookie Policy draft.

Document prepared: May 2026 Prepared by: Drafted with AI assistance; requires professional legal review in both jurisdictions and a cookie audit against the deployed Platform before publication