Cookie Policy

Last Updated: April 18, 2026

1. Introduction

1.1 What This Policy Is

This Cookie Policy describes our use of cookies and similar technologies on the Haagah platform ("Haagah", "we", "our", or "us"), which hosts the Animus Project. It explains what these technologies are, why we use them, and the choices available to you.

This Policy should be read together with our Privacy Policy and our Terms of Service, which together form the complete agreement between you and Haagah. Our general posture toward personal data — including the Corpus you entrust to the platform — is set out in the Privacy Policy. This Policy addresses a narrower question: the technology by which your browser maintains state when you visit our website or use our web-based application.

1.2 What Cookies Are

Cookies are small text files placed on your device when you visit a website. They are used to keep you authenticated across page navigations, to remember interface preferences, and to support security. Cookies are either session cookies, deleted when you close your browser, or persistent cookies, which remain for a set period or until you delete them.

Similar technologies we also use:

Local storage and session storage — browser-side storage used to persist session state
Server logs — records of requests to our infrastructure, used for security and diagnostics

When this Policy refers to "cookies," it includes these similar technologies unless the context requires otherwise.

1.3 Our Approach

Haagah is a platform for the preservation of consciousness. It is not a surveillance product, and the economics of the platform do not depend on tracking you across the internet. Our use of cookies reflects this.

We do NOT use cookies for:

❌ Advertising or retargeting of any kind
❌ Tracking you across other websites
❌ Selling or sharing cookie data with advertisers or data brokers
❌ Building behavioral profiles for third parties
❌ Any purpose related to the monetization of your attention

We DO use cookies for:

✅ Maintaining your authenticated session
✅ Preserving context as you move through the platform
✅ Detecting and preventing security threats
✅ Measuring basic platform health and diagnosing errors

Haagah does not accept advertising and displays no advertisements. No cookie on the Haagah platform exists for advertising purposes.

1.4 Scope

This Policy applies to cookies used on:

https://haagah.com and all associated subdomains
The Haagah web application
Email communications from us that include minimal delivery diagnostics

2. Categories of Cookies We Use

2.1 Strictly Necessary Cookies

These cookies are essential for the platform to function. They are set in direct response to actions you take, such as logging in. They cannot be disabled without preventing use of the platform.

2.1.1 Authentication and Session Management

Function: Maintains your authenticated session as you move through the platform
Duration: Session cookies, or up to 30 days where you elect to stay signed in
Why necessary: Without these cookies you would be logged out on every page navigation

2.1.2 Identity Verification Flow

Function: Carries context through the multi-step identity verification process required to create an Animus, as described in Section 3.3 of our Terms of Service
Duration: Up to 1 hour, discarded on completion
Why necessary: Without these cookies, verification progress would be lost between steps

2.1.3 Security Cookies

Function: Protects sessions against common web security threats, including cross-site request forgery
Duration: Session cookies
Why necessary: Essential to protect your account and the material in your Corpus

Legal basis: Necessary for performance of our agreement with you (POPIA; GDPR Article 6(1)(b)) and for our legitimate interest in the security of the platform (POPIA; GDPR Article 6(1)(f)). Consent is not required for strictly necessary cookies.

2.2 Performance and Diagnostic Cookies

These cookies allow us to measure platform reliability and identify technical issues.

2.2.1 Platform Health

Function: Measures aggregate platform performance and error rates
Duration: Up to 1 year
Privacy protections: Data is aggregated. No individual behavioral profiles are built. No data is shared with advertising networks.

2.2.2 Error Monitoring

Function: Detects technical errors so that we can fix them promptly
Duration: Session cookies, or up to 7 days
Privacy protections: Personal information is removed from error data before processing

Legal basis: Legitimate interest in a reliable and secure platform.

Can you opt out? Yes, via the cookie preferences control described in Section 4, or via browser settings. Core functionality is unaffected.

2.3 Functional Cookies

2.3.1 Interface Preferences

Function: Remembers interface preferences so that you do not need to reconfigure them on each visit
Duration: Up to 1 year

Legal basis: Legitimate interest in usability.

Can you opt out? Yes. Preferences will reset to defaults on each visit.

2.4 Categories We Do NOT Use

❌ Advertising cookies
❌ Retargeting cookies
❌ Cross-site tracking cookies
❌ Social media tracking cookies
❌ Data broker cookies

3. Third-Party Cookies

We engage a narrow set of providers who may set cookies. Every provider is contractually bound as described in Section 8.2 of our Privacy Policy.

3.1 Authentication Providers

If you sign in using a third-party identity provider, that provider sets its own cookies, governed by its terms. We receive only the information necessary to identify your account.

3.2 Identity Verification Providers

The provider that performs biometric verification during Animus creation may set cookies in its own flow. Those cookies are governed by the provider's terms and are present only during the verification process itself.

3.3 Infrastructure Providers

Our hosting and content-delivery providers may set technical cookies for load balancing and performance. They receive only the request metadata necessary to deliver the platform.

3.4 Error Monitoring

Our error-monitoring provider may set cookies to correlate errors with sessions. Personal information is removed from error data before submission.

4. Your Choices

4.1 Cookie Preferences

We provide a cookie preferences control accessible from the platform footer and at any point from your account settings. You may accept all cookies, accept only strictly necessary cookies, or customize your preferences at a category level. Preferences can be changed at any time; changes are prospective.

4.2 Browser Settings

All modern browsers allow you to block or delete cookies through their privacy settings.

Chrome: Settings → Privacy and Security → Cookies and Other Site Data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Cookies and Website Data
Edge: Settings → Privacy, Search, and Services → Cookies and Site Data

Blocking strictly necessary cookies will prevent you from signing in.

4.3 Effect of Disabling Cookies

| Cookie category | If disabled | | ------------------ | ------------------------------------------- | | Strictly necessary | Cannot sign in; platform is inaccessible | | Performance | Core functionality unaffected | | Functional | Core functionality works; preferences reset |

5. Retention

Session cookies: Deleted on browser close
Verification-flow cookies: Expire after 1 hour
Authentication cookies: Up to 30 days
Preference cookies: Up to 1 year
Performance cookies: Up to 1 year

You may delete cookies at any time from your browser. Doing so will sign you out and reset stored preferences.

6. Security

All Haagah cookies are transmitted over HTTPS only. Authentication cookies carry standard security attributes to resist common attacks. Session tokens are cryptographically signed. Credentials are never stored in cookies in any form.

7. Regulatory Compliance

7.1 South Africa (POPIA)

We have a lawful basis for all cookie processing under POPIA. You may object to cookie processing on legitimate-interest grounds at privacy@haagah.com.

Information Regulator of South Africa:

Website: https://www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za

7.2 European Union and United Kingdom

For users in the EU, EEA, and UK, consent is obtained for non-essential cookies through the cookie preferences control described in Section 4 and may be withdrawn at any time.

7.3 Other Jurisdictions

We apply the highest applicable standard across jurisdictions in which we operate.

8. Updates to This Policy

For material changes we will post an updated Policy with a revised date and display an in-platform notice. Continued use after the change takes effect constitutes acceptance.

9. Contact

Privacy and Cookie Inquiries: privacy@haagah.com

POPIA Information Officer: infoofficer@haagah.com

Legal: legal@haagah.com

Postal Address: Haagah ehf., Privacy Office Gróska - innovation and business growth center Kristínargata 1, 102 Reykjavík Iceland

10. Related Documents

Privacy Policy: /privacy-policy
Terms of Service: /terms-of-service
Information Regulator (South Africa): https://www.justice.gov.za/inforeg/

Effective Date: April 18, 2026

Last Reviewed: April 18, 2026

Next Scheduled Review: October 18, 2026

Approved By: Haagah Legal and Operations

We use cookies to operate the platform. We do not use them to track you.