Important: This Cookie Policy explains how CRA Evidence uses cookies and similar tracking technologies when you visit our website and use our services.
1. What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They help the website remember your preferences and understand how you use the site.
Cookies can be:
- First-party cookies: Set by CRA Evidence directly
- Third-party cookies: Set by external services we use (e.g., analytics providers)
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain on your device for a set period
2. Legal Basis and Compliance
This Cookie Policy is designed to comply with:
- GDPR (General Data Protection Regulation) - For users in the European Union
- ePrivacy Directive (2002/58/EC) - EU cookie consent requirements
- UK GDPR - For users in the United Kingdom
- CCPA (California Consumer Privacy Act) - For California residents
Under GDPR Article 6 and the ePrivacy Directive, we rely on:
- Legitimate interest for essential cookies necessary for website operation
- Consent for analytics and preference cookies
3. Cookie Consent
We use a cookie preference system to obtain your consent before placing non-essential cookies. You can access and modify your preferences at any time by clicking "Cookie Preferences" in the website footer.
For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring consent, non-essential cookies will only be placed after you have provided explicit consent. Essential cookies do not require consent as they are necessary for the website to function.
3.1 How to Manage Consent
- On first visit: You will see a cookie banner asking for your preferences
- Change preferences: Click "Cookie Preferences" in the footer at any time
- Withdraw consent: You can withdraw consent at any time through the preference center
4. Cookie Categories
We organize cookies into the following categories:
4.1 Essential Cookies (Always Active)
These cookies are strictly necessary for the website to function and cannot be switched off. They are usually only set in response to actions you take, such as logging in or filling in forms.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
cra_session |
CRA Evidence | Session management - keeps you logged in | Session |
csrf_token |
CRA Evidence | Security - prevents cross-site request forgery attacks | Session |
lang |
CRA Evidence | Stores your language preference | 1 year |
cookie_consent |
CRA Evidence | Remembers your cookie preferences | 1 year |
4.2 Analytics Cookies (Require Consent)
These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve our services.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
ph_* |
PostHog (EU Cloud) | Anonymous analytics identifier | 1 year |
Note: On public pages, PostHog operates in cookieless mode and sets no cookies or localStorage entries.
4.3 Preference Cookies (Require Consent)
These cookies remember your settings and preferences to enhance your experience:
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
theme |
CRA Evidence | Stores dark/light mode preference | 1 year |
dashboard_layout |
CRA Evidence | Remembers your dashboard customizations | 1 year |
table_preferences |
CRA Evidence | Stores table column and filter settings | 1 year |
sidebar_state |
CRA Evidence | Remembers sidebar collapsed/expanded state | 1 year |
4.4 Marketing Cookies (Require Consent)
We use a website-visitor identification tool on our public marketing pages to understand which organisations engage with our content. The tool runs only on our public marketing pages (homepage, blog, pricing, etc.) and does not run inside the authenticated application.
Leadfeeder (Liidio Oy / Dealfront Group)
Leadfeeder identifies the company associated with your visit using IP-to-company matching. The tracker runs in cookieless mode by default for company-level identification under legitimate interest (GDPR Art. 6(1)(f)). When you accept marketing cookies, it additionally sets a cookie to recognise repeat visits from the same browser.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
_lfa |
Liidio Oy (Finland, EU) | Recognise repeat visits and link them to the previously identified company | 13 months (395 days). Leadfeeder's vendor default is 2 years; we override the duration on our site to align with EU regulator guidance. |
Additional cookies set by Leadfeeder (such as short-lived test cookies) will be listed here once captured from a production audit. Data is processed in the EU (Finland).
Withdrawal of consent: if you have previously accepted marketing cookies and then withdraw your consent, the Leadfeeder tracker will fall back to cookieless mode from the next page view onward. The existing _lfa cookie will remain on your device until it expires or you delete it via your browser settings. You can clear it immediately from your browser's cookie management UI.
LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company)
We use the LinkedIn Insight Tag on our public marketing pages to measure the performance of our LinkedIn ads and build audiences for retargeting. The tag loads only after you accept marketing cookies. It does not run inside the authenticated application.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
bcookie |
LinkedIn Ireland UC | Browser identifier used to recognise a device | 1 year |
lidc |
LinkedIn Ireland UC | Routes the request to the nearest data centre | 1 day |
UserMatchHistory |
LinkedIn Ireland UC | Synchronises advertising identifiers | 30 days |
lms_ads, lms_analytics |
LinkedIn Ireland UC | Identifies a LinkedIn member off LinkedIn for advertising and analytics | 30 days |
li_gc, li_mc |
LinkedIn Ireland UC | Stores your consent choices for LinkedIn cookies | 6 months to 2 years |
LinkedIn is the controller for the data collected through the tag. See the LinkedIn Privacy Policy and LinkedIn Cookie Policy. Data may be transferred to LinkedIn entities outside the EU under Standard Contractual Clauses.
Withdrawal of consent: if you withdraw consent, the tag does not load on the next page view. Cookies already set remain on your device until they expire or you delete them via your browser.
For the canonical list of all third-party data processors we use, see our Subprocessors page.
5. Third-Party Cookies and Services
We use the following third-party services that may place cookies on your device:
5.1 Analytics
| Provider | Purpose | Privacy Policy |
|---|---|---|
| PostHog (EU Cloud, Frankfurt) | Website usage analytics and product analytics | PostHog Privacy Policy |
PostHog: We use PostHog EU Cloud hosted in Frankfurt, Germany. IP anonymization is enabled. No session recordings are captured. Data is processed in the EU in accordance with GDPR.
5.2 Infrastructure and Security
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Cloudflare | CDN, security protection, and performance optimization | Cloudflare Cookie Policy |
Cloudflare Cookies: Cloudflare may set the following cookies for security purposes:
__cf_bm: Bot management cookie (30 minutes)cf_clearance: Security clearance cookie (30 minutes to 1 day)
5.3 Payment Processing
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Secure payment processing | Stripe Cookie Policy |
Stripe: When you access payment pages, Stripe may set cookies for fraud prevention and secure transactions. Stripe cookies are considered essential for payment functionality.
5.4 Support and Communication
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Intercom (if enabled) | Customer support chat | Intercom Privacy Policy |
Each third-party provider operates under their own privacy policy. We recommend reviewing their policies to understand how they process your data.
6. Other Tracking Technologies
In addition to cookies, we may use:
6.1 Web Beacons (Pixel Tags)
Small transparent images embedded in web pages or emails to track whether content has been viewed. We use these to:
- Measure email open rates
- Understand which pages are visited
6.2 Local Storage
HTML5 local storage may be used to store preferences locally on your device. Unlike cookies, local storage data is not automatically sent to our servers with each request.
| Storage Key | Purpose | Duration |
|---|---|---|
user_preferences |
UI preferences | Persistent |
draft_content |
Auto-saved form drafts | Session |
6.3 Session Storage
Similar to local storage but cleared when you close your browser tab. Used for temporary data during your session.
7. Browser Privacy Signals
We recognize and honor the following browser privacy signals:
7.1 Global Privacy Control (GPC)
If your browser sends a GPC signal, we will treat this as a request to:
- Opt out of non-essential cookies
- Opt out of any sale or sharing of personal information (though we do not sell personal information)
To enable GPC in your browser, visit: Global Privacy Control
7.2 Do Not Track (DNT)
We acknowledge Do Not Track signals. When DNT is enabled:
- We will not place analytics cookies without explicit consent
- Third-party services may have their own DNT policies
Learn more: All About DNT
8. Managing Your Cookie Preferences
8.1 On Our Website
Click "Cookie Preferences" in the footer to:
- View which cookie categories are enabled
- Enable or disable non-essential cookies
- Update your preferences at any time
8.2 In Your Browser
You can manage cookies through your browser settings:
| Browser | Instructions |
|---|---|
| Chrome | Manage cookies in Chrome |
| Firefox | Clear cookies in Firefox |
| Safari | Manage cookies in Safari |
| Edge | Delete cookies in Edge |
8.3 Third-Party Opt-Out Tools
You can opt out of interest-based advertising through:
- Your Online Choices (EU)
- Network Advertising Initiative (US)
- Digital Advertising Alliance (US)
- Google Ads Settings
8.4 Mobile Devices
For mobile devices:
- iOS: Settings > Privacy > Tracking
- Android: Settings > Privacy > Ads
Important Note: Blocking essential cookies may prevent the website from functioning properly. Some features may be unavailable if you disable functional or preference cookies.
9. Cookie Retention
| Cookie Category | Retention Period |
|---|---|
| Essential (Session) | Deleted when you close your browser |
| Essential (Persistent) | Up to 1 year |
| Analytics | Up to 1 year (PostHog) |
| Preferences | Up to 1 year |
| Consent Record | Up to 1 year |
We periodically review our cookie usage and remove cookies that are no longer necessary.
10. Children's Privacy
Our website is not intended for children under 16 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.
11. International Data Transfers
Some third-party cookie providers may transfer data outside the European Economic Area. We ensure appropriate safeguards are in place:
- PostHog: Data processed exclusively in the EU (Frankfurt, Germany). No international transfers.
- Cloudflare: Standard Contractual Clauses
- Stripe: EU-U.S. Data Privacy Framework certified
12. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in:
- Our practices or technologies
- Legal or regulatory requirements
- Third-party services we use
Changes will be posted on this page with an updated "Last updated" date. For significant changes, we may notify you via email or a prominent notice on our website.
Last updated: February 14, 2026
13. Contact Us
For questions about our use of cookies or this policy, contact us at:
Senda Tech Solutions, S.L. (trading as CRA Evidence) Email: privacy@craevidence.com
You can also contact our Privacy Contact at: privacy@craevidence.com
For more information about how we handle your personal data, please see our Privacy Policy.