Cookie Policy

Cookies are small text files that a website asks your browser to store on your device. They are widely used to make websites work, to keep them secure, and (on many other sites) to collect information about how visitors behave. When you return to a site, the cookies it previously set can be read back by that site.

"Similar technologies" is a broad term for other ways of storing or accessing information in your browser that are not technically cookies but can perform comparable functions. The categories most relevant to understanding this policy are:

• **Local storage** — a browser store that a website can use to keep information until it is explicitly deleted. We do not use local storage on our website; it is described here only for completeness.
• **Session storage (sessionStorage)** — a temporary store tied to the current browser tab. Anything kept here is automatically cleared when you close the tab. Session storage is not a cookie and is not sent to any server. We use a single, minimal sessionStorage entry, as explained below.
• **Cookies set by infrastructure providers** — for example, the security and bot-management cookies set to protect a website from automated abuse, which our hosting provider sets on our behalf.

Cookies and similar technologies can be "strictly necessary" (the site cannot function safely or correctly without them) or non-essential (for example, analytics, advertising, or tracking). As explained below, we use only strictly-necessary and basic functional technologies, and no non-essential ones.

Our website is a marketing and portfolio site for a business-to-business software studio. It has no user accounts, no payments or e-commerce, and no operational newsletter. Because of this, we have no need for the kinds of cookies that track visitors, measure marketing performance, or build profiles, and we deliberately do not use any of them.

The technologies we do use fall into two narrow categories:

• **Security and anti-spam (strictly necessary).** Our website is hosted on Cloudflare, and we use Cloudflare's security, bot-management and CDN features, together with Cloudflare Turnstile — a privacy-friendly anti-spam challenge on our Contact and Get a Quote forms. These set strictly-necessary cookies and process the visitor's IP address transiently to tell genuine visitors apart from automated abuse. Without them, the site could not be protected and our forms could not safely be submitted.
• **Interface state (functional).** We use a small amount of browser sessionStorage to remember a piece of interface state during your visit — for example, that you have dismissed a blog pop-up — so that it does not reappear in the same tab. This is not a cookie, is not transmitted to us, and is cleared when you close the tab.

The list below describes each cookie or storage item we are aware of on our website, what it is for, and how it is classified. Cookie names and lifetimes are set by Cloudflare and may change as that provider updates its services.

Cloudflare security cookies

• **`__cf_bm`** — set by Cloudflare for bot management; helps distinguish humans from automated requests. Purpose: security / bot management. Classification: strictly necessary. Typically a short-lived cookie (around 30 minutes).
• **`cf_clearance`** — set by Cloudflare where a security challenge has been completed, to record that your browser passed and to avoid repeating the challenge. Purpose: security. Classification: strictly necessary.
• Cloudflare may set other short-lived security or load-balancing cookies as part of protecting the site. Where set, these are strictly necessary and are not used for analytics, advertising or tracking.

Cloudflare Turnstile

• **Cloudflare Turnstile** — a privacy-friendly CAPTCHA presented when you submit the Contact or Get a Quote form. It checks that the submission is from a person rather than a bot and processes your IP address transiently for that purpose. Purpose: bot / spam protection on forms. Classification: strictly necessary.

Interface state (sessionStorage)

• **Blog pop-up dismissal key** — a single sessionStorage entry that records that you have dismissed a blog pop-up, so it is not shown again in the same browser tab. Purpose: remember a UI choice during your visit. Classification: functional. This is not a cookie, is never sent to a server, and is cleared automatically when you close the tab.

To be completely clear about what is not happening on our website, we do not use:

• **No Google Analytics** or any other web-analytics or audience-measurement tool.
• **No advertising or marketing cookies**, and no marketing pixels or tags.
• **No cross-site or third-party tracking** of your activity across other websites.
• **No profiling** and no automated decision-making based on your browsing.
• **No social-media tracking cookies** or embedded trackers for that purpose.

The only third parties involved in operating the site are our infrastructure and email providers: Cloudflare, Inc. (hosting, Cloudflare Workers, CDN, security and Turnstile) and Brevo, formerly Sendinblue (transactional delivery of form submissions to us by email). Neither is used to track you for advertising.

Two providers are relevant to the technologies described in this policy, and some of the data they handle may be processed outside the United Kingdom, including in the United States:

• **Cloudflare, Inc.** provides our hosting, Cloudflare Workers, CDN, and security layer, including Turnstile. As part of protecting the site, it sets the strictly-necessary security cookies listed above and processes the visitor's IP address transiently for anti-spam and bot-management purposes.
• **Brevo** acts as our transactional-email processor, delivering Contact and Get a Quote form submissions to us by email. Brevo does not set cookies on our website.

Where personal data such as an IP address or a form submission is transferred outside the UK, we rely on appropriate safeguards recognised under the UK GDPR — for example, UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, as applicable. Further detail on these providers, the recipients of personal data, and international transfers is set out in our Privacy Policy.

In the United Kingdom, the use of cookies and similar technologies is governed by the Privacy and Electronic Communications Regulations 2003 (PECR), read alongside the UK GDPR and the Data Protection Act 2018. PECR requires consent before storing or accessing information on your device, with an important exception: consent is not required for technologies that are strictly necessary to provide a service that you have requested.

The cookies and storage described in this policy are limited to strictly-necessary security functions and to a small piece of functional interface state. Because we use only strictly-necessary technologies and no analytics, advertising or tracking, no cookie consent banner is required under PECR, and we do not show one.

If this ever changes — for example, if we decided to introduce analytics or any other non-essential technology — we would first put in place an appropriate consent mechanism that lets you accept or reject those technologies, and we would update this policy before doing so. We will not deploy non-essential cookies or trackers without your prior consent.

You remain in control of cookies through your browser. Most browsers let you view the cookies stored, delete them, and block or restrict cookies from particular sites. You can usually find these options in your browser's privacy or security settings. Helpful general guidance is available from the Information Commissioner's Office (ICO) at ico.org.uk.

You can typically:

• Delete existing cookies stored by your browser.
• Block all cookies, or block third-party cookies, through your browser settings.
• Use a private or incognito browsing window, which discards cookies and storage when closed.
• Clear local and session storage from within your browser's site-data controls.

Please note that the cookies we use are strictly necessary for security and for our forms to function. If you block or delete them, parts of the site — in particular the Contact form and the Get a Quote form, which rely on Cloudflare security and Turnstile — may not work correctly or may not let you submit at all. The functional sessionStorage entry can be cleared at any time without affecting the operation of the site.

We may update this Cookie Policy from time to time to reflect changes in the technologies we use, in our providers, or in legal and regulatory requirements. When we make changes, we will revise the content on this page, and material changes — such as the introduction of any non-essential technology — will be accompanied by the consent mechanism described above.

We encourage you to review this page periodically. Your continued use of the website after an update indicates that you are aware of the current version, although, as explained, we will not rely on continued use as consent for any non-essential cookies.

If you have any questions about this Cookie Policy, or about how we use cookies and similar technologies, you can contact us by email at info@pyramidledger.com. As a remote-first studio, email is our contact channel for these enquiries.

For more about how we handle personal data, the lawful bases we rely on, the recipients of personal data, international transfers, your rights under the UK GDPR, and how to complain to the Information Commissioner's Office, please see our Privacy Policy.