Cookie Policy
Last Updated: March 2026 · v2.1
This Cookie Policy explains how Mango Technologies Ltd. (DIFC CL5222) uses cookies on maiviswealth.com. maivis maintains a minimal, analytics-only cookie footprint with no advertising cookies, social media tracking pixels, or behavioural advertising technology.
Note: maivis also uses PostHog (self-hosted on GCP) for in-product analytics. PostHog does not set browser cookies on maiviswealth.com. It operates server-side within maivis infrastructure. This Cookie Policy covers only the browser cookies set by maiviswealth.com.
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website. Under the EU ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC) and UK PECR, certain cookies require explicit consent; others are exempt as strictly necessary.
2. Cookies We Use
2.1 Firebase Auth Session Token
Category: Strictly Necessary
Maintains authenticated session after FIDO2/passkey or TOTP sign-in. HttpOnly, Secure, SameSite=Strict. 30-day expiry with refresh; 30-minute idle timeout. Exempt from consent under ePrivacy Article 5(3) (Article 29 Working Party Opinion 04/2012).
2.2 Firebase Analytics (GA4)
Category: Analytics (Optional), Consent Required
Tracks anonymised page views, scroll depth, CTA clicks, and conversion funnels on the maiviswealth.com landing page. IP anonymisation enabled. Google processes data within the EEA under a GDPR-compliant DPA. 2-year cookie persistence. Analytics cookies do not qualify for the strictly necessary exemption (confirmed by ICO and CNIL). For EU/UK members, GA4 cookies are blocked until explicit opt-in consent.
2.3 Stripe Payment Cookies
Category: Functional
Session-only cookies active exclusively on checkout pages for fraud detection and payment processing. Stripe is PCI DSS Level 1 compliant. Payment processing cookies directly related to a user-initiated transaction are likely exempt; Stripe fraud detection cookies are assessed individually.
2.4 CSRF Protection Token
Category: Strictly Necessary
Session-only security token preventing cross-site request forgery. Exempt from consent as strictly necessary for security.
3. Cookie Categories Summary
| Cookie | Provider | Category | Purpose | Duration | Consent? |
|---|---|---|---|---|---|
| __session | Firebase Auth | Strictly Necessary | Auth session (HttpOnly, Secure, SameSite=Strict) | 30 days | No, exempt ePrivacy Art. 5(3) |
| _ga, _ga_* | Firebase Analytics (GA4) | Analytics (Optional) | Page views, scroll, CTA clicks (landing page only) | 2 years | Yes, opt-in (EU/UK) |
| __stripe_* | Stripe | Functional | Payment fraud detection (checkout only) | Session | Exempt for payment; assess fraud cookies |
| _csrf | maivis | Strictly Necessary | CSRF prevention | Session | No, exempt as security |
4. Third-Party Cookies
Firebase Analytics (GA4): Google-hosted with EEA data processing. GDPR-compliant DPA with Google LLC (via GCP CDPA). IP anonymisation enabled.
Stripe: US-hosted. PCI DSS Level 1. EU-US adequacy decision + SCCs. Active during payment flow only.
maivis does not use: Meta/Facebook pixels, Google advertising cookies, social media tracking pixels, retargeting cookies, or cross-site behavioural advertising technology.
5. Jurisdiction-Specific Requirements
5.1 EU/UK (GDPR + ePrivacy + PECR)
Opt-in model: GA4 cookies blocked until explicit consent. Banner offers "Accept All", "Reject All", and "Customise" with equal visual prominence. No pre-checked boxes, no cookie walls. Consent documented with timestamps and version. Renewal: 12-month cycle (CNIL recommends 6 months, German DPAs 6-12, Spanish AEPD 24).
5.2 US/California (CCPA/CPRA)
Opt-out model. maivis does not sell/share PI via cookies. GPC browser signals honoured automatically.
5.3 DIFC/UAE
DIFC DP Law does not impose specific cookie consent requirements. We apply the EU/UK opt-in standard as best practice.
5.4 India (DPDPA 2023)
No specific cookie provisions. We apply the EU/UK consent mechanism for Indian members.
5.5 WhatsApp Members
WhatsApp-only members are not subject to this Cookie Policy (no browser cookies used).
6. How to Manage Cookies
Cookie banner on first visit: Accept All, Reject All, or Customise. Browser settings: Chrome (chrome://settings/cookies), Safari (Preferences > Privacy), Firefox (about:preferences#privacy). GA4 opt-out: decline on banner, email privacy@maiviswealth.com, or enable DNT/GPC.
7. Do Not Track and Global Privacy Control
maivis respects DNT and GPC signals. When detected, GA4 analytics cookies are not set and no usage data is collected. Strictly necessary and functional cookies are unaffected. GPC signals are treated as valid CCPA opt-out requests.
8. Changes
Reviewed annually or when new cookies are added. Material changes notified via site banner. Consent renewal requested at least every 12 months for EU/UK members.
9. Contact
- Privacy:
- privacy@maiviswealth.com
- DPO:
- dpo@maiviswealth.com
- Postal:
- Mango Technologies Ltd., DIFC Innovation Hub, Gate Avenue, Dubai, UAE