Cookie Policy
Effective date: 2026-05-07 · Document version: 2026-05-07
This page explains the cookies and similar technologies (web storage, fingerprinting) used on arve.whait.ee. We follow the Estonian Electronic Communications Act (Elektroonilise side seadus) and the GDPR.
1. What is a cookie?
A cookie is a small text file stored by your browser when you visit a website. It allows the site to remember information across page loads, sessions or visits.
2. Categories of cookies we use
2.1 Essential (always on)
Required for the Service to function. We do not ask consent for these because the Service cannot run without them — but we explain them here for transparency.
| Name | Purpose | Lifetime |
|---|---|---|
| _arvepidaja_session | Session, login state, CSRF protection, locale. | Session / 30 days max |
| _csrf_token | Cross-site request forgery protection. | Session |
| arvepidaja_consent | Remembers your cookie-banner choices so the banner does not reappear. | 12 months |
| locale | Preferred display language (et / ru / en). | 12 months |
2.2 Analytics (opt-in)
Help us understand how visitors use the public site so we can improve it. Loaded only after you opt in.
Currently no third-party analytics scripts are loaded. If we add any (e.g. Plausible, self-hosted), they will appear here.
2.3 Marketing (opt-in)
For potential future advertising / retargeting. Loaded only after you opt in.
Currently no marketing scripts are loaded.
2.4 Third-party cookies set by payment processors
When you reach a checkout page, Stripe (m.stripe.com) and EveryPay set their own cookies for fraud detection and Strong Customer Authentication. These are essential to make payment flows secure. Stripe describes them at stripe.com/legal/cookies-policy; EveryPay at every-pay.com.
3. How to manage cookies
- Use the cookie banner that appears on your first visit, or click "Cookie settings" in the footer to change your choices later.
- Most browsers allow you to clear cookies or block them entirely. Blocking essential cookies will break the Service.
- To withdraw consent for analytics or marketing, open the cookie banner again and reject those categories. Withdrawal is as easy as the original acceptance and does not affect the lawfulness of processing prior to withdrawal (GDPR Art 7(3)).
Per European Data Protection Board guidance, our "Reject all" button is given the same prominence as "Accept all". We never use pre-ticked boxes for non-essential cookies, and we do not consider continued browsing to be consent.
4. No-tracking commitments
- We do not sell personal data.
- We do not load analytics from Google Analytics or similar mass trackers.
- We do not use device-fingerprinting or canvas-fingerprinting techniques.
5. Updates
We will update this Cookie Policy when we add or remove categories. The version date at the top of this page is bumped on every change. Material changes also trigger a re-show of the consent banner.
6. Contact
Cookie or privacy questions: info@xprofitx.com.