Cookie Policy
Last updated: 13 April 2026
Looking for an easier read? A plain English summary of this policy is available at Cookie Policy (plain English summary). The legal text below is the binding version.
Our Approach
The Provii Wallet website does not set any cookies through its own code. We do not use cookies for analytics, advertising, tracking, or personalisation. Your theme preference (light or dark mode) is stored in your browser’s localStorage, which is not a cookie.
Cloudflare Infrastructure Cookies
Our website is served through Cloudflare’s content delivery network. Cloudflare may set strictly necessary cookies at the infrastructure level to protect the website from malicious traffic. These cookies are not set by our application. they are managed by Cloudflare’s security systems.
| Cookie | Purpose | Duration |
|---|---|---|
__cf_bm | Cloudflare Bot Management. Distinguishes humans from automated traffic. Set only when Bot Fight Mode or equivalent protection is active. | 30 minutes |
cf_clearance | Set after a visitor completes a Cloudflare security challenge. Confirms the visitor has passed the challenge so they are not challenged again for a period. | Up to 24 hours |
__cflb | Cloudflare load balancer session affinity. Only set if load balancing with session affinity is enabled. | Session |
All Cloudflare cookies are classified as strictly necessary. they are required for the website to function securely. They do not track you across websites, do not contain personal information, and cannot be used for advertising or profiling.
Because these cookies are strictly necessary for security, they are exempt from consent requirements under both Australian privacy law and the EU ePrivacy Directive (Article 5(3)).
Docs Sandbox Session Cookie
The developer documentation site at docs.provii.app exposes an interactive sandbox for evaluating Provii integrations. The sandbox maintains short-lived session continuity for the in-browser API explorer, credential generators, and styler preview using a single first-party cookie.
| Cookie | Purpose | Attributes | Duration |
|---|---|---|---|
__Host-docs_session | Binds a developer’s sandbox requests to an ephemeral session so the API explorer can issue follow-up calls without re-authenticating per request. Holds an opaque session identifier only; no personal data, no account identifier, no tracking value. | Secure, HttpOnly, SameSite=Strict, Path=/, no Domain attribute (the __Host- prefix pins the cookie to the docs origin and prevents subdomain scope). | 15-minute sliding TTL, 4-hour hard cap from first issuance. |
This cookie is strictly necessary for the service the developer has explicitly requested (the interactive sandbox). Under the EU ePrivacy Directive Article 5(3) and the corresponding UK PECR Regulation 6(4), storage that is “strictly necessary for the provision of an information society service explicitly requested by the subscriber or user” is exempt from prior consent. It is not used for analytics, cross-site tracking, profiling, or advertising, and is never read by the production wallet, verifier, or issuer services. The cookie is scoped to the docs origin only.
The sliding TTL is refreshed only while the sandbox UI is actively used. The 4-hour hard cap is enforced server-side: after four hours from first issuance the sandbox rejects the cookie and issues a fresh one on the next sandbox action. Closing the browser or clearing site data for docs.provii.app removes the cookie immediately. No equivalent cookie is set on the marketing website or the wallet app.
Functional Cookies
We set one functional cookie to remember your cookie preferences:
| Cookie | Purpose | Duration |
|---|---|---|
cookie_consent | Stores your cookie preference choice. Used as a fallback when browser localStorage is unavailable. | 1 year |
This cookie is classified as strictly necessary because it records your consent preferences, and is exempt from consent requirements under the ePrivacy Directive.
Analytics Cookies
We do not currently use analytics cookies. If we enable analytics in the future, those cookies will only be set after you give explicit consent.
More Information
For details on Cloudflare’s cookie practices, see Cloudflare’s cookie documentation.
For questions about this Cookie Policy, contact us at privacy@maelstrom.au.