VelisAds Network

Cookie Policy

Effective date: February 17, 2026 | Version: 2026.02-global

This Cookie Policy defines how cookies and similar technologies are used for service reliability, consent management, analytics, and lawful personalization on VelisAds Network.

Consent and tracking obligations may differ by region and must be implemented accordingly.

Scope and Applicability

  1. Applies to browser cookies, local storage, pixels, and similar tracking identifiers.
  2. Applies to first-party and approved third-party technologies used in platform workflows.
  3. Applies to desktop web, mobile web, and app webview traffic.
  4. Applies to essential, analytics, fraud-prevention, and consented personalization use cases.
  5. Applies to cookie notice UX, consent logging, and preference synchronization systems.
  6. Applies to all domains and subdomains linked to verified publisher inventory.

Mandatory Requirements

Consent and Preference Management

  • Non-essential cookies must not load before valid consent where law requires prior consent.
  • Reject and withdraw options must be as accessible as accept options.
  • Consent records must include timestamp, version, and context metadata.
  • Preference updates must take effect quickly across active sessions.

Cookie Classification and Disclosure

  • Each cookie must have a documented purpose, owner, and retention duration.
  • Cookie descriptions must be clear and understandable for users.
  • Third-party trackers must be reviewed before activation.
  • Deprecated cookies must be removed from code and policy inventory.

Security and Integrity Controls

  • Security-sensitive cookies must use appropriate Secure and SameSite settings.
  • Session identifiers must be rotated after privileged state changes.
  • Cookie scopes must be minimized to reduce unnecessary cross-domain exposure.
  • Consent states must be protected against client-side tampering abuse.

Prohibited Practices

  1. Dropping non-essential tracking cookies before consent in consent-required regions.
  2. Labeling advertising trackers as strictly necessary without legal justification.
  3. Using hidden scripts to bypass explicit user preferences.
  4. Recreating deleted identifiers through undisclosed fingerprinting techniques.
  5. Ignoring opt-out and withdrawal actions from verified users.
  6. Transferring cookie identifiers to unauthorized third parties.
  7. Tracking minors in ways prohibited by child-protection laws.
  8. Disabling consent interfaces while continuing behavioral tracking.

Governance, Monitoring, and Enforcement

  1. Cookie inventory reviews must run periodically and before major releases.
  2. Consent UX changes require legal and compliance approval.
  3. Tag scanning must detect unauthorized trackers and policy drift.
  4. Operational logs must support regulator-ready consent evidence.
  5. Violations may trigger tag suspension and incident escalation.
  6. Rollback plans are required for consent framework deployments.
  7. Support requests related to cookies must be triaged with evidence logs.
  8. Policy updates are versioned and published with effective dates.

Global Source Links and Standards

  1. EU ePrivacy Directive 2002/58/EC
  2. EU GDPR Regulation (EU) 2016/679
  3. California Privacy Protection Agency (CPPA)
  4. ICO Cookies Guidance
  5. IAB Europe Transparency and Consent Framework
  6. NIST Privacy Framework
  7. FTC Privacy and Data Security Guidance
  8. W3C Tracking Preference Expression