Cookie Policy

Xalata - xalata.com

Effective Date: 2026-05-12 | Version: 1.0

1. Introduction

This Cookie Policy explains what cookies and similar technologies are used on the Xalata website at https://xalata.com (the "Platform"). It should be read together with our Privacy Policy and Terms of Service.

2. What Are Cookies

Cookies are small text files placed on your device by a website. They are widely used to make websites function, improve efficiency, and provide information to website operators. Cookies may be "session" cookies (which expire when you close your browser) or "persistent" cookies (which remain on your device for a set period or until you delete them).

3. Cookies We Use

We use strictly necessary cookies only. We do not use analytics, advertising, profiling, preference, or third-party tracking cookies of any kind.

The following table describes the cookies set by the Platform:

Cookie	Type	Duration	Purpose
PHP session cookie (PHPSESSID or server-configured name)	Strictly necessary	Session (expires when browser closes)	Maintains your login session and carries a security token to prevent cross-site request forgery. Contains only a random session identifier. Does not contain personal data, does not track you across websites, and is not shared with third parties.
Device security cookie (`fw_device_token`)	Strictly necessary	Persistent (up to approximately 1 year unless cleared earlier)	Stores a random token used for account security controls, including device registration, session continuity checks, and device-management enforcement (for example, forcing logout on removed or unauthorised devices). The token is not used for analytics, advertising, profiling, or cross-site tracking.

This cookie is configured with the following security attributes:

HttpOnly: The cookie cannot be accessed by client-side scripts, reducing the risk of cross-site scripting attacks.
SameSite=Strict: The cookie is sent only with requests originating from the same site, providing protection against cross-site request forgery.
Secure: On HTTPS connections, the cookie is transmitted only over encrypted channels.

4. Legal Basis

Strictly necessary cookies do not require your consent under the GDPR or the ePrivacy Directive (Directive 2002/58/EC, as amended by Directive 2009/136/EC), because they are essential for the provision of the service you have requested (including secure login, session management, and device-security controls).

For this reason, you will not see a cookie consent banner on the Platform.

5. What We Do Not Use

The Platform does not use:

analytics or performance cookies;
advertising or retargeting cookies;
social media tracking cookies;
profiling or behavioural tracking cookies;
non-essential functional/preference cookies; or
any first-party or third-party cookies other than the strictly necessary cookies described above.

6. Browser Storage

In limited administrative workflows, the Platform uses browser session storage (sessionStorage) to temporarily hold operational data during a single browser session. This data:

is not a cookie;
is automatically cleared when the browser tab or window is closed;
does not persist across sessions or devices;
is not used for tracking, profiling, or analytics; and
is not accessible to third parties.

The Platform does not use localStorage or any other persistent browser-side storage mechanism.

7. Third-Party Cookies

We do not intentionally deploy third-party tracking cookies for analytics or advertising. The Platform may load technical frontend assets from external content delivery networks. Those providers may process request metadata (such as IP address and user-agent) to deliver and secure content. We do not use such integrations for behavioural profiling or cross-site advertising tracking.

8. How to Manage Cookies

Because we only use strictly necessary cookies, there is no cookie opt-out mechanism on the Platform. If you block or delete these cookies through your browser settings, login and authenticated features may not work, and existing sessions or registered device access may be terminated.

For instructions on managing cookies, consult your browser's help documentation:

Google Chrome: Settings > Privacy and Security > Cookies
Mozilla Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Microsoft Edge: Settings > Cookies and Site Permissions

9. Future Changes

If we introduce additional cookies or similar technologies in the future (for example, analytics, preference, or functionality cookies), we will:

update this Cookie Policy to describe the new cookies;
provide clear information about their purpose and duration;
implement a cookie consent mechanism where required by law; and
request your consent before setting any non-essential cookies.

10. Contact

If you have any questions about this Cookie Policy, please contact us via the Contact Us page at xalata.com.

Last updated: 2026-05-12. Version: 1.0.