VULNARY
Let's talk
Legal

Cookies Policy

How Vulnary uses a small set of cookies to keep your account secure and our site working.

Overview

This Cookies Policy explains how Vulnary ("we", "us", "our") uses cookies and similar technologies on our marketing website and customer portal at vulnary.com. We are a privacy-minded company: we use the smallest set of cookies needed to run the service securely, and we do not run invasive advertising networks, cross-site ad trackers, or profiling cookies. Read alongside our Privacy Policy for the full picture of how we handle your data.

What are cookies?

Cookies are small text files that a website stores in your browser when you visit. They let a site remember information between page loads and visits — for example, that you are signed in, or a preference you set. Related technologies such as local storage and tokens work in a similar way, and we treat them under this same policy. Cookies can be "session" cookies, which are erased when you close your browser, or "persistent" cookies, which remain until they expire or you delete them. They can also be "first-party" (set by vulnary.com) or "third-party" (set by another service embedded on a page).

How Vulnary uses cookies

Our marketing pages are largely static and set almost nothing. The one place cookies genuinely matter is the customer portal, which uses passwordless sign-in: when you follow an emailed magic link, we set a secure session cookie so the portal knows you are authenticated for the duration of your login. Beyond that, our infrastructure provider (Cloudflare) sets strictly-necessary cookies for security, bot protection, and traffic routing — including the Turnstile challenge that protects our contact and booking forms — and we may use a minimal, privacy-respecting measure of aggregate usage to understand which pages are helpful. We do not sell cookie data and we do not use cookies to build advertising profiles.

Categories of cookies we use

CategoryPurposeExamplesDuration
Strictly necessaryKeep you signed in to the portal after a magic-link login, protect against forgery and abuse, and balance traffic across our servers. The site cannot function securely without these.Portal session/authentication cookie, CSRF/security token, load-balancing routing cookie.Session — persists for your login window and is cleared on sign-out or expiry.
PreferencesRemember non-essential choices you make so the interface behaves the way you left it. Used sparingly and only if you set such an option.Interface or display preference, cookie-notice acknowledgement.Persistent — typically up to 12 months, or until you clear it.
AnalyticsMeasure aggregate, anonymised usage so we can improve content and navigation. Kept intentionally minimal; no cross-site tracking or advertising profiles.Privacy-respecting page-view and referrer counts.Session to short-lived persistent — where used, generally up to 12 months.
Security & infrastructureOur CDN and security provider (Cloudflare) sets cookies to protect the site against bots and abuse — including the Turnstile challenge on our contact and booking forms — and to route traffic. Subject to Cloudflare's own cookie and privacy policies.Cloudflare bot-management and Turnstile cookies (e.g. __cf_bm, cf_clearance).Session to short-lived — set and controlled by Cloudflare.

Managing and disabling cookies

You are in control. Every major browser lets you view, block, and delete cookies through its settings — usually under "Privacy" or "Cookies and site data". You can choose to block third-party cookies, clear cookies on exit, or remove individual cookies for vulnary.com. Helpful guides are published by the makers of Chrome, Firefox, Safari, and Edge.

Do Not Track

Some browsers can send a "Do Not Track" (DNT) or Global Privacy Control signal. There is no industry-wide standard for how sites must respond, so we do not rely on these signals for compliance. In practice it makes little difference here: we already limit ourselves to essential cookies and a minimal, non-invasive usage measure, and we never engage in cross-site behavioural advertising regardless of any DNT preference.

Changes to this policy

We may update this Cookies Policy from time to time to reflect changes to our site, the tools we use, or legal requirements. When we make material changes we will revise the date below and, where appropriate, provide a more prominent notice. Continued use of vulnary.com after an update means you accept the revised policy.

Contact

If you have questions about how we use cookies, or you would like to exercise a privacy right, contact us at [email protected] and we will be glad to help.

Last updated: July 2026