Quick choice: reopen the in-app Cookie settings button on any page footer area through the floating banner path if you change your mind after the first visit.
What we mean by cookies
In this policy, “cookies” covers HTTP cookies, HTML local storage, session storage, service worker caches that store preference bits, and pixel tags that write first-party identifiers when deployed on our origin. Third-party scripts may set additional names only after you opt in through the relevant category toggle; until then, our tag manager keeps those calls inert where technically feasible.
Strictly necessary storage
These technologies let you complete core actions: load-balanced routing, bot deterrence, session continuity through checkout, consent string persistence, and fraud-signal hashing bound to your browser fingerprint at a coarse level. They do not require consent under the ePrivacy directive implementation in Norway because they are essential to deliver the service you request. Disabling them via browser settings may break cart recovery or prevent us from remembering that you already dismissed the banner.
Consent vault
A localStorage key stores JSON describing accepted categories and timestamps so we do not spam prompts.
Security cookies
Short-lived flags may rotate when you cross sensitive account boundaries, even though most Velio journeys stay guest-based.
Analytics category
With consent, we may collect pseudonymous event streams: page path, dwell buckets, interaction depth, and attribution parameters stripped of obvious personal identifiers before hitting dashboards. IP truncation happens at collection or ingestion depending on vendor capability. Retention for event-level rows often caps at fourteen months but you can request a shorter profile if your jurisdiction encourages aggressive minimisation.
Marketing category
Marketing cookies help us understand which creative variants drive orderly supplement education rather than impulse funnels we dislike. They may support dynamic creative optimisation, frequency capping, and partner settlement. You can reject this stack entirely and still buy products; only behavioural personalisation on some landing repetitions might mute.
Similar technologies policy
If we pilot browser notifications or progressive app shells in the future, the same category principles apply: we ask before storing push tokens, we segregate notification IDs from checkout databases, and we surface an unsubscribe path mirrored in profile settings whenever accounts exist.
Before consent
Only necessary cookies and passive TLS diagnostics load automatically.
After partial accept
Analytics may fire without marketing tags, preventing social retargeting you did not want.
After reject all
We still log aggregate server metrics such as total requests per second without persistent client IDs.
Typical retention horizons
Session cookies expire when you close the browser unless we set a sliding renewal for cart resilience of up to seven days. Persistent identifiers for analytics respect vendor defaults but we instruct deletions sooner when campaigns end. Necessary security cookies generally live fewer than twenty-four hours unless escalation teams extend them during active investigations.
Managing preferences
Use our modal toggles, browser global blocking, or industry opt-out pages where available. Because combinations diverge across Safari, Firefox, and Chromium forks, the modal path remains the safest way to align with Norwegian enforcement guidance on valid consent.
Vendors acting on cookies
Processors receive instructions through data processing addenda referencing this policy and the Privacy Policy. They cannot reuse Velio-collected data for their independent purposes beyond what the subprocessors list in our RoPA annex describes.
Changes and version pulses
We bump the explanatory paragraphs when regulators publish new FAQ items or when we onboard materially different trackers. The dynamic date ribbon shows when you rendered this HTML; diffs against earlier static exports are available on request for enterprise buyers performing joint compliance reviews.
Questions
Email ask@vomrelonvythreon.world with Cookies in the subject. We answer practical questions about names, lifetimes, and domains under which files are set.