03 Essential Cookies
Essential cookies enable core functionality — authentication, security, and session management. The Platform cannot function correctly without them and they cannot be disabled through our consent mechanism (though you can block them in your browser, which will prevent you from using the Platform).
Authentication & Session
- __session — Session identifier for your authenticated account. Expires when you close the browser or after 30 days (if "remember me" is selected).
- next-auth.session-token — NextAuth.js session token. Used to verify your identity on each request. HttpOnly, Secure, SameSite=Lax.
- next-auth.csrf-token — Cross-site request forgery protection token. Prevents unauthorised form submissions. Session-scoped.
- next-auth.callback-url — Stores the URL to redirect to after successful sign-in. Session-scoped.
Security
- __cf_bm — Cloudflare bot management cookie. Identifies and manages automated traffic. Expires after 30 minutes.
- __cflb — Cloudflare load balancing cookie. Ensures your requests are consistently routed to the same server. Session-scoped.
Consent Record
- ow-cookie-consent — Records your cookie consent preferences so we do not ask again on every visit. Expires after 12 months.
- ow-tcf-string — IAB TCF 2.2 consent string. Stores your granular consent decisions for the programmatic advertising ecosystem. Expires after 13 months.
04 Functional Cookies
Functional cookies remember your preferences and settings to provide a more personalised and convenient experience. They are not strictly necessary for the Platform to operate but improve usability.
- ow-theme — Stores your light/dark mode preference. Expires after 12 months.
- ow-sidebar-state — Remembers whether the dashboard sidebar is expanded or collapsed. Session-scoped.
- ow-timezone — Stores your selected timezone for reporting and scheduling. Expires after 12 months.
- ow-currency — Remembers your preferred display currency. Expires after 12 months.
- ow-locale — Stores your language and region preference. Expires after 12 months.
You can withdraw consent for functional cookies at any time. This will reset your preferences and you will need to reconfigure them on your next visit.
05 Analytics Cookies
Analytics cookies help us understand how users interact with the Platform so we can improve its design, performance, and functionality. All analytics data is aggregated and anonymised — we cannot identify individual users from this data.
Vercel Analytics
- _va_id — Anonymous visitor identifier used by Vercel Web Analytics. No cross-site tracking. No personally identifiable information is collected. Data is aggregated and stored by Vercel. Expires after 400 days.
Platform Performance Monitoring
- ow-perf — Internal performance measurement token. Used to detect slow page loads and frontend errors in aggregate. No personal data. Session-scoped.
We do not use Google Analytics or similar third-party analytics platforms that track users across multiple websites.
06 Advertising Cookies
Advertising cookies are used to measure the effectiveness of ad campaigns served through the OrbitWise Platform. These cookies are only set with your explicit consent and only in the context of the ad measurement features of the Platform.
Conversion Tracking
- ow-cv-{campaign_id} — Conversion attribution cookie set on the advertiser's landing page after an ad click. Contains a hashed click ID for attribution matching. Expires after 30 days.
- ow-attr — Cross-session attribution helper. Stores the most recent ad interaction for last-click attribution. Expires after 7 days.
Frequency Capping
- ow-freq — Ad impression frequency counter. Prevents the same user from seeing the same ad too many times. Contains only a counter and a pseudonymous identifier. Expires after 24 hours.
07 Third-Party Cookies
Some pages on our Platform may include content or functionality provided by third parties. These third parties may set their own cookies when you interact with their content. We do not control these cookies and they are subject to the respective third-party privacy and cookie policies.
Infrastructure Partners
- Vercel — Our hosting provider. Vercel may set performance and security cookies. See Vercel Privacy Policy.
- Cloudflare — DDoS protection and CDN. Sets security-related cookies (see Section 03 above). See Cloudflare Privacy Policy.
Partner Advertising Networks
When ad creatives are delivered through partner advertising networks, those networks may set cookies on end-user devices for their own purposes (e.g., frequency capping, attribution, fraud prevention). This only occurs on publisher websites where you have given consent via the TCF 2.2 consent mechanism — not on the OrbitWise dashboard itself.
08 Managing Cookies
Via OrbitWise Preference Centre
The easiest way to manage non-essential cookies is through our cookie preference centre, accessible by clicking the "Cookie Settings" link in the footer of any page, or by revisiting the cookie banner that appears on first visit.
Via Your Browser
You can configure your browser to block or delete all cookies. Instructions for common browsers:
- Chrome — Settings → Privacy and security → Cookies and other site data
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Safari — Preferences → Privacy → Manage Website Data
- Edge — Settings → Site permissions → Cookies and site data
Opt-Out of Analytics
To opt out of Vercel Analytics tracking, you can use standard browser privacy settings or enable your browser's "Do Not Track" signal. Vercel Analytics respects DNT headers.
09 Cookie Consent
When you first visit the OrbitWise website, a cookie consent banner is displayed. This banner allows you to:
- Accept all cookies (essential + functional + analytics + advertising)
- Accept only essential cookies
- Customise your preferences by category
Your consent choices are stored in the ow-cookie-consent cookie and remain valid for 12 months, after which you will be asked again. You may change your preferences at any time through the cookie preference centre.
For registered users, your consent preferences are also stored in your account so they persist across devices and browser sessions.
TCF 2.2 Compliance
For advertising-related processing, we comply with the IAB Europe Transparency & Consent Framework v2.2. Your TC string is stored and transmitted to partner networks with each bid request to ensure only consented processing occurs.
10 Policy Updates
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in technology, or legal requirements. The "Last updated" date at the top of this page indicates when the policy was most recently revised.
Material changes to how we use cookies will be communicated via an updated consent banner on your next visit. Continued use of the Platform after such changes constitutes acceptance of the updated policy.
11 Contact
If you have questions about our use of cookies or wish to exercise your rights, please contact us:
Orbitwise OÜ
Tartu mnt 25-4, Kesklinna linnaosa
10117 Tallinn, Harju maakond, Estonia
privacy@orbitwise.io — cookie-related enquiries
dpo@orbitwise.io — formal GDPR requests
support@orbitwise.io
This Cookie Policy forms part of our Privacy Policy. By using OrbitWise, you confirm that you have read and understood our cookie practices. This policy was last revised on February 19, 2026.