Controller: Zephyroxoaxikon.world, Fridtjof Nansens plass 5, 0160 Oslo, Norway · ask@zephyroxoaxikon.world
1. Introduction
Digital trust hinges on predictable signals. This Cookie Policy expands the high-level consent banner by naming categories, approximate persistence, legal foundations under the ePrivacy Directive as implemented in Norway, and interoperability with the GDPR transparency duties outlined in our Privacy Policy.
When we say “we”, we refer to the Oslo-based team operating the Alira storefront, inventory tooling, and customer communications for the domain zephyroxoaxikon.ddd.
2. What cookies and peers are
Cookies are small text strings a server stores through the browser. Similar technologies include pixel tags, localStorage items, sessionStorage snapshots, and server-side hashed identifiers that replay state when you return. We group them by function rather than file extension so you can reason about risk, not jargon.
3. Strictly necessary storage
These artefacts keep HTTPS sessions coherent after load balancers rotate, remember that you dismissed or configured the consent layer, throttle brute-force probes, and preserve cart drafts if you temporarily lose connectivity. They rely on Article 5(3) ePrivacy exemptions for communication purposes because disabling them would break basic interactivity.
Session anchor
Maintains TLS affinity between your browser and our ingress nodes for roughly twenty minutes of inactivity.
Consent receipt
Serialises your Accept, Reject, or Custom decision so we do not re-prompt on every navigation.
Security telemetry
Ephemeral tokens counting failed login attempts before temporary cooling-off periods trigger.
4. Analytics (optional)
If you enable analytics, we collect pseudonymous interaction data such as scroll depth buckets, CTA taps, and referrer domains. IP addresses are truncated at the final octet before hitting warehouse tables. Heatmaps, when used, aggregate pointer coordinates into grids that cannot reconstruct individual behavioural biometrics.
You may withdraw analytics consent through the banner’s settings modal; withdrawal propagates to tag managers on the subsequent page load.
5. Marketing (optional)
Marketing cookies attribute visits to partner campaigns, cap how often partner creatives display, and suppress redundant retargeting after purchase. They never receive special-category data or free-text medical context typed into forms.
6. localStorage mirrors
Some browsers block third-party cookies altogether. To keep consent receipts durable, we mirror essential flags in first-party localStorage with identical expiry discipline. Deleting site data manually clears both layers.
7. Typical durations
| Category | Default lifetime | Renewal trigger |
|---|---|---|
| Necessary | Session to twelve months | New device or explicit banner reset |
| Analytics | Thirteen months | Renewed consent after yearly review |
| Marketing | Ninety days | Partner contract refresh |
8. Browser and OS controls
Major browsers let you block third parties, auto-delete on close, or segregate storage per profile. Because those settings are coarse, our granular toggles remain the precision instrument for analytics and marketing while preserving necessary ecommerce continuity.
9. Policy updates
Material adjustments appear here with a refreshed timestamp fed dynamically at render. If cookies materially broaden in scope beyond what you accepted, we re-prompt before new tags fire.
10. Contact
Questions about this Policy or ambiguous tag behaviour should reference “Cookie clarification” in the subject line so routing rules deliver your note to the privacy desk without delay.