1. What this Policy covers
A “cookie” is a small file stored on your device that lets a website or app remember information about you between visits or sessions. The Services also use related technologies such as web beacons, pixel tags, software development kits (SDKs), local storage, and mobile advertising identifiers (Apple’s IDFA and Google’s Advertising ID) that perform similar functions. References to “cookies” in this Policy include those technologies.
2. Types of cookies we use
We classify cookies into the following categories:
- Strictly necessary. Required for the Services to function (for example, session management, authentication, security, fraud prevention, load balancing, and remembering your cookie preferences). These cannot be turned off.
- Functional. Remember your preferences, language, and display settings, and enable enhanced features such as live chat or accessibility options.
- Performance & analytics. Collect aggregated information about how you use the Services (pages and screens viewed, time spent, errors, performance) so that we can improve them.
- Marketing & advertising. Where used, measure the effectiveness of marketing and may build limited audience profiles for cross-context advertising. We do not serve advertising inside the regulated financial features of the app.
3. Purposes of each category
| Category | What it does | Lawful basis (EEA / UK) |
|---|---|---|
| Strictly necessary | Authenticate you, keep you signed in, secure your session, prevent fraud, balance traffic, remember consent choices. | Necessary for performance of the contract; legitimate interest in security. |
| Functional | Remember language, locale, theme, last-used currency, accessibility settings. | Consent (where required) or legitimate interest. |
| Performance & analytics | Measure aggregate usage, debug errors and crashes, monitor reliability and latency. | Consent (where required) or legitimate interest. |
| Marketing & advertising | Measure marketing effectiveness; serve limited cross-context behavioral advertising on public-marketing surfaces. | Consent. |
4. Third-party providers
Some cookies are set by third parties. Examples include:
- Sentry— performance and error reporting on the website and app (with PII scrubbing applied);
- Apple, Google, and Firebase— sign-in, push notifications, and analytics where used;
- Marketing platforms— where used, to measure campaign performance on the public-marketing site only.
5. Mobile identifiers & SDKs
On mobile, the Services may use device identifiers, advertising identifiers (where you have not opted out at the OS level), and SDKs from the providers listed above. We do not use Apple’s App Tracking Transparency framework to track you across other companies’ apps and websites without prompting you for permission.
6. Your choices
- Cookie banner. When required, we present a banner that lets you accept or reject non-essential cookies, with granular control over each category.
- Browser controls. Most browsers let you block or delete cookies. Doing so may break parts of the Services.
- Mobile OS controls. iOS and Android let you reset, limit, or delete advertising identifiers, and let you control App Tracking Transparency prompts.
- Push and analytics toggles. The app provides in-app toggles for push notifications and certain analytics.
7. Do Not Track & Global Privacy Control
Most modern browsers do not honor Do Not Track signals consistently. We honor recognized Global Privacy Control (GPC) signals on our website as an opt-out of “sale” or “sharing” of personal information for cross-context behavioral advertising under applicable U.S. state laws.
8. Changes to this Policy
We may update this Cookie Policy from time to time. The “Last updated” date at the top indicates when it was last revised. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.
9. Contact us
Questions about this Cookie Policy can be sent to privacy@victoi.com.