Cookie Policy

This page explains how Soteryan BV (“Soteryan,” “we,” “us,” “our”) uses cookies and similar storage technologies on this website (soteryan.com), in compliance with the EU General Data Protection Regulation (GDPR) and the e-Privacy Directive (Cookie Law). The short version: we do not use cookies, analytics trackers, or advertising profiles — we keep one technical setting on your device for theme preference, and that’s it.

1. What is a cookie?

A cookie is a small text file a website asks your browser to store on your device so that the site can remember things between visits — for example, that you are logged in, or that you prefer a certain language. The term “cookie” in EU law also covers similar technologies like localStorage, sessionStorage, and IndexedDB; all of them fall under the same rules.

2. Cookies on this website

We use a small set of first-party cookies. All of them are set by soteryan.com directly — no third-party server ever sees them. We do not use third-party trackers (no Google Analytics, no Meta Pixel, no LinkedIn Insight Tag, no Hotjar, no FullStory, no advertising or re-targeting pixels of any kind).

All three cookies are Secure, SameSite=Lax first-party cookies on the soteryan.com domain. They are not sent to any third party. Analytics events leave your browser only over HTTPS to /api/analytics/event on this same domain and are stored on our own EU infrastructure (Vercel / Neon Frankfurt). See the Privacy Policy for full data-flow details.

3. What we DO store on your device

In addition to the cookies in §2, the website uses your browser’s localStorage for a single functional preference:

The soteryan-theme entry and the soteryan_consent cookie are strictly functional — they do not identify you, are not transmitted to any third party, and are set only in response to your direct action (clicking the theme toggle, or making a consent choice). Under the e-Privacy Directive these qualify for the “strictly necessary” exemption from prior consent (Art. 5(3)).

3a. Withdrawing or changing your consent

You can change your cookie choices at any time:

• Click Manage cookie preferences in the footer of any page, or here in this paragraph.
• The modal shows your current choices and lets you toggle each category. The change takes effect immediately — if you turn Analytics off, the soteryan_visitor and soteryan_session cookies are erased on the next interaction.
• You can also use the same modal to export everything we have stored for your visitor ID as a JSON file, or to permanently delete all your analytics data (GDPR Articles 15 and 17 / right of access and right to erasure).

4. How to inspect or remove it

You can view, change, or remove the soteryan-theme entry at any time from your browser’s developer tools or settings:

• Chrome / Edge — F12 → Application → Storage → Local Storage → soteryan-site.vercel.app → right-click the row to delete.
• Safari — Settings → Privacy → Manage Website Data → search “soteryan” → Remove.
• Firefox — F12 → Storage → Local Storage → right-click the row to delete.

Removing it has no effect other than the site reverting to the default theme on your next visit.

5. Third-party content

All page assets — HTML, CSS, JavaScript, images, brand fonts (Space Grotesk, Open Sans, both self-hosted) and SVG logos — are served from our own deployment on Vercel (see Privacy Policy §5 for hosting details). We do not load fonts from Google Fonts, embedded YouTube/Vimeo players, social-media share widgets (Facebook, X/Twitter, LinkedIn), live-chat widgets, marketing-automation pixels, advertising trackers, or any other external resource that would directly expose your IP address or browser fingerprint to an additional third party.

One narrow exception applies on the “Get in touch” contact section: when you reach that part of the page we load the Cloudflare Turnstile CAPTCHA widget from challenges.cloudflare.com for spam protection. Turnstile is designed by Cloudflare to be privacy-preserving (no third-party tracking cookies, no profile build-up) and is a contractual data-processor under our terms with Cloudflare. We use it only to verify that submissions come from a real browser, not a bot.

6. Analytics in practice

As of the date on this page we operate a small, self-hosted, first-party analytics system. It is the only analytics surface on this website. Specifically:

• What is collected: page-views, time on page, scroll depth, clicks on a small number of tagged calls-to-action (e.g. “Get Started”, “Schedule a briefing”), submission of the contact form, and basic environment data (country code, device type, browser, language preference).
• What is NOT collected: your name, email, phone, IP address (we read the country code from network headers but never store the raw IP), keystrokes, mouse movements, content of form fields, session recordings, or any cross-site activity. We do not run heatmaps or replay tools.
• Where it goes: directly from your browser to /api/analytics/event on this domain, then into our Neon Postgres database hosted in Frankfurt, Germany (eu-central-1). The data does not leave the EU and is not shared with any third party.
• How long it is kept: raw events for 24 months; aggregated daily summaries indefinitely. Visitor records expire on the 12-month cookie schedule or sooner if you delete them via the privacy modal.
• How to opt out: click “Reject All” in the banner on first visit, or open “Manage cookie preferences” in the footer at any time and turn Analytics off. With Analytics off, no soteryan_visitor / soteryan_session cookie is set and no event leaves your browser.

If we change anything in this section — for example introduce a new event type, change the retention period, or add a processor — we will update this page before the change goes live.

7. Contact

For any questions about this Cookie Policy or how we handle data on this website:

For broader data-handling questions, see our Privacy Policy.