Cookie Policy

1. Introduction and What These Technologies Are

A "cookie" is a small text file that a website or web application places on your device (computer, tablet or phone) when you visit it. Cookies allow the service to recognise your device on subsequent requests, to keep you signed in, to remember choices you have made and to operate securely. Cookies may be "session" cookies, which are deleted when you close your browser, or "persistent" cookies, which remain on your device for a defined period or until you delete them.

Alongside cookies, modern web applications use related technologies that perform comparable functions. These include browser "local storage" and "session storage" (which let an application store information such as preferences or non-sensitive state in your browser), pixels or tags (small pieces of code used to detect interactions), and software development kits or similar identifiers. In this Policy, references to "cookies" should be read as including these similar technologies unless the context requires otherwise. The combination of these technologies is what allows the Platform and the stores hosted on it to function reliably and securely.

This Policy applies to the Banzena Platform, including its public marketing pages, its administrative dashboard and the account areas operated by the Company. Individual Merchant storefronts hosted on Banzena are operated by the relevant Merchant, and additional cookies set within those storefronts are addressed in Section 5 below. This Policy does not create any rights or warranties beyond those expressly set out in the Banzena Terms of Service and the Banzena Privacy Policy, and is provided for transparency and compliance purposes.

2. How and Why Banzena Uses Cookies

We use cookies and similar technologies primarily to make the Platform work and to keep it secure. When you sign in to the Banzena admin dashboard, create or manage a store, or process orders and customers, the Platform must be able to recognise your authenticated session, protect your account from unauthorised access, defend the service against automated abuse, and route your requests efficiently across our infrastructure. Cookies are the standard mechanism by which these functions are delivered.

Our use of cookies is deliberately limited. The Company's own use of cookies on the Platform is principally strictly necessary and security related, supplemented by a small amount of functional and basic analytics use that helps us keep the service stable and improve it. We do not use cookies to build advertising profiles about you across unrelated websites, we do not engage in cross-context behavioural advertising on our own account, and the Platform does not use cookies to sell or share Personal Data within the meaning of applicable privacy laws. Where we describe specific purposes below, those purposes are the only purposes for which the corresponding cookies are used.

The legal bases on which we rely for these activities, including our legitimate interests and, where applicable, your consent, are described further in Section 8 and in the Banzena Privacy Policy. Nothing in this Section is intended to limit our ability to use strictly necessary and security technologies to the extent required to operate, protect and maintain the integrity and availability of the Platform.

3. Categories of Cookies We Use

We group the cookies and similar technologies used by the Platform into three categories, described below. The first category is essential to the operation of the service; the remaining categories support functionality and limited measurement. The specific cookies within each category, and their names and durations, are summarised in Section 4 and may be updated from time to time as described in Section 9.

• Strictly necessary cookies. These are required for the Platform to operate and cannot be switched off in our systems without breaking core functionality. They include authentication and session tokens that keep you securely signed in, security and bot-protection mechanisms (such as Cloudflare Turnstile and related bot-management and challenge technologies) that detect and block automated abuse, and load-balancing and routing identifiers that help direct your requests to the correct servers and maintain availability. Because these cookies are essential, they are generally exempt from consent requirements but are described here in the interest of transparency.
• Functional and preference cookies. These remember choices you make so that the Platform behaves the way you expect. Examples include remembering interface preferences, language or display settings, and similar state stored to improve usability. If these cookies are disabled, the Platform will still function, but some conveniences may be lost and certain preferences may need to be set again on each visit.
• Analytics cookies. These help us understand, in aggregate, how the Platform is used so that we can monitor performance, diagnose errors and improve the service. Our analytics use is basic and oriented toward measuring service health and usage trends rather than tracking individuals across the internet. Where required by applicable law, non-essential analytics cookies are used only with your consent.

To be explicit: the Platform operated by the Company is built around strictly necessary and security cookies, with only limited functional and analytics use, and it does not use cookies to sell or share Personal Data or to engage in cross-context behavioural advertising on our own account. Any cross-context advertising or third-party marketing technology that you encounter in connection with a Merchant store is the responsibility of the relevant Merchant, as described in Section 5.

4. Specific Cookies and Identifiers Used

The following describes, in plain language, the main types of cookies and identifiers the Platform relies on. The exact names, providers and durations of individual cookies may change as we maintain, secure and improve the service and our infrastructure, but their purposes will remain materially as described, and we will continue to use them consistently with this Policy and applicable law.

• Authentication and session token. A cookie or token that records that you have signed in and keeps your session active as you move through the admin dashboard. It allows the Platform to associate your requests with your account securely, and it is removed or expires when you sign out or after a period of inactivity. Without it, you could not stay logged in.
• Security and bot-protection identifier. Cookies and challenge tokens used by our security and bot-protection layer (including Cloudflare's security and bot-management services and Cloudflare Turnstile) to distinguish genuine human users from automated traffic, to mitigate fraud and denial-of-service activity, and to protect both the Platform and the stores it hosts. These are essential to the integrity and availability of the service.
• Load-balancing and routing identifier. Short-lived identifiers used to maintain a consistent and efficient connection between your device and our servers, helping ensure reliability and performance during your session.
• Basic analytics identifier. A limited identifier used to measure aggregate usage and performance of the Platform so that we can detect problems and improve the experience. This is used for service measurement rather than for advertising, and, where required by applicable law, only with consent.
• Payment-processing identifier. Where a payment is initiated, our payment processor, Stripe, may set its own cookies or use similar technologies to process the transaction securely and to help detect and prevent fraud, as further described in Section 6. Banzena does not store full card numbers.

5. Cookies Set by Merchant Stores; Merchant Responsibility and Indemnity

Banzena is a multi-tenant platform on which independent Merchants build and run their own online stores. A Merchant may choose to enable or add its own cookies, tags, pixels or analytics within its storefront, for example to measure its own marketing campaigns, to integrate third-party analytics or advertising tools, or to provide store-specific functionality. These cookies are configured and controlled by the Merchant, not by the Company, and they are set in the context of that Merchant's store.

Where a Merchant sets or permits such cookies, the Merchant acts as the controller (or equivalent responsible party) of the resulting data and is solely responsible for that activity. This includes providing any required notices and store-level cookie disclosures, deploying any cookie banner or consent-management mechanism required for its store, obtaining and recording any consent required by applicable law, honouring the rights and choices of shoppers and visitors, and complying with all applicable cookie, privacy, data-protection and electronic-communications laws and with the Banzena Terms of Service. The Company does not control, endorse, monitor or assume responsibility for the cookie practices, third-party tools, tracking technologies or privacy compliance of individual Merchant stores.

To the fullest extent permitted by applicable law, each Merchant shall indemnify, defend and hold harmless the Company and its affiliates, and their respective officers, directors, employees, agents and sub-processors, from and against any and all claims, demands, investigations, proceedings, damages, fines, penalties, losses, liabilities, costs and expenses (including reasonable legal fees) arising out of or relating to: (a) cookies, tags, pixels, scripts or other tracking or analytics technologies that the Merchant sets, enables, integrates or permits within its store; (b) the Merchant's failure to provide required disclosures or to obtain or manage any consent required by applicable law; or (c) the Merchant's breach of this Policy or of the applicable cookie, privacy or electronic-communications laws. This indemnity is in addition to, and does not limit, any indemnity set out in the Banzena Terms of Service.

If you are a shopper or visitor and have questions about cookies set within a particular store, you should contact that store's operator, who is responsible for those cookies. If you are a Merchant, you remain responsible for the cookies you deploy and must ensure your store provides appropriate, accurate and timely disclosures to your customers.

6. Third-Party and Sub-Processor Cookies

Some cookies and similar technologies on the Platform are set by trusted third parties that provide infrastructure and processing services to us. In particular, our hosting, content-delivery, security and bot-protection layer is provided by Cloudflare, which may set cookies and challenge tokens necessary to secure traffic, mitigate abuse and deliver the service reliably. These functions are integral to operating Banzena safely and to maintaining the availability and integrity of the Platform and the stores it hosts.

Card payment processing is handled by Stripe. When a payment is made, Stripe may set its own cookies or use similar technologies to process the transaction securely and to help detect and prevent fraud. Banzena does not store full card numbers; payment card details are handled by Stripe as the payment processor. Within a Merchant store, additional third-party cookies may also be present as a result of tools the Merchant has chosen to integrate, as described in Section 5.

We use Cloudflare and Stripe as sub-processors to operate the Platform. The use of cookies and similar technologies by these and any other third-party providers is governed by their own cookie and privacy notices, over which the Company has no control, and we encourage you to review those notices. To the fullest extent permitted by applicable law, the Company is not responsible or liable for the independent cookie or data practices of any third party, including any third-party tool integrated by a Merchant. Further information about our sub-processors and how Personal Data is handled is set out in the Banzena Privacy Policy.

7. Managing and Disabling Cookies

Most web browsers allow you to view, manage, block and delete cookies through their settings. You can usually configure your browser to refuse some or all cookies, to delete cookies that have already been set, or to notify you when a cookie is being placed. The precise steps depend on the browser you use, and the help function of your browser will explain how to do this. You can also typically clear local storage and similar data through the same browser controls.

Please be aware that strictly necessary cookies cannot be disabled without affecting the Platform. If you block or delete authentication, security or routing cookies, you may be unable to sign in, your session may not be maintained, security challenges may not complete, and core features of the admin dashboard or storefront may not work properly or at all. Disabling functional cookies will not break the service but may reduce convenience, while disabling analytics cookies will limit the usage information we receive without affecting your ability to use the Platform. The Company is not responsible for any loss of functionality, access or data that results from your choice to block or delete cookies.

Where we offer in-product cookie or consent controls, you may also use those controls to manage non-essential cookies. Choices you make are specific to the browser and device on which you make them, so you may need to repeat your preferences on other browsers or devices, and your choices may be reset if you clear your cookies.

8. Consent Where Required

Strictly necessary cookies are used on the basis of our legitimate interest in operating, securing and delivering the Platform, and, where applicable law permits, because they are essential to provide a service you have requested. These do not require your consent under most applicable laws, but we describe them transparently in this Policy.

Where applicable law requires consent for non-essential cookies, such as certain functional or analytics cookies, we will seek that consent before such cookies are placed, for example through a cookie banner or equivalent consent mechanism, and you may withdraw your consent at any time using the controls described in Section 7 or any in-product settings we provide. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal, and may affect the availability of certain non-essential features.

For cookies set within an individual Merchant store, the relevant Merchant is solely responsible for determining the applicable legal basis and for obtaining, recording and managing any consent that applicable law requires from shoppers and visitors to that store, as described in Section 5. The Company does not obtain or manage consent on behalf of any Merchant.

9. Intellectual Property and Ownership

The "Banzena" name, the Banzena logo and marks, the Platform software, its source code, designs, store templates, AI features, dashboards, and all related technology, content and materials, including the cookie, consent and security mechanisms described in this Policy and the manner in which they are implemented, are owned exclusively by Zargina Artificial Intelligence Services LLC or its licensors. They are protected by copyright, trademark, trade-secret, database and other applicable intellectual-property laws.

Nothing in this Policy grants or transfers to you, to any Merchant, or to any shopper or visitor any right, title, licence or interest in or to the Banzena name, marks, software, source code, designs, templates or other intellectual property of the Company, whether by implication, estoppel or otherwise. You may not copy, reproduce, modify, reverse-engineer, decompile, scrape, frame, or create derivative works from the Platform or any part of it, and you may not use the Banzena name or marks without the Company's prior written consent. Any unauthorised use of the Company's intellectual property is strictly prohibited and may result in suspension or termination of access and in civil or criminal liability. All rights not expressly granted are reserved to the Company.

10. Disclaimers and Limitation of Liability

The cookie, consent and similar technologies described in this Policy are provided on an "as is" and "as available" basis. While we take reasonable measures to operate them securely and reliably, no security or consent mechanism is perfect, and we do not warrant that such technologies will be uninterrupted, error-free, or effective against every form of automated abuse, interference or unauthorised access. Browser behaviour, device settings and third-party tools are outside our control.

To the fullest extent permitted by applicable law, the Company and its affiliates, and their respective officers, directors, employees, agents and sub-processors, shall not be liable for any indirect, incidental, special, consequential, exemplary or punitive damages, or for any loss of profits, revenue, data, goodwill or business, arising out of or in connection with the use of, or inability to use, cookies and similar technologies on the Platform, your management or blocking of cookies, or the cookie practices, tools or third-party technologies of any Merchant store or third-party provider. The Company's aggregate liability arising out of or relating to this Policy is in all cases subject to, and shall not exceed, the limitations and exclusions of liability set out in the Banzena Terms of Service.

Nothing in this Policy excludes or limits any liability that cannot lawfully be excluded or limited under applicable law, including liability for fraud or for death or personal injury caused by negligence. The limitations and exclusions in this Section apply to the maximum extent permitted by applicable law and survive any termination of your relationship with the Company.

11. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the technologies we use, in our service, in our sub-processors, or in legal or regulatory requirements. When we make changes, we will revise the date or version reference associated with this Policy and, where the changes are material, we may provide additional notice through the Platform or by other appropriate means.

Your continued use of the Platform after an updated Cookie Policy takes effect constitutes your acknowledgement of the updated Policy, subject to any consent requirements under applicable law. We encourage you to review this Policy periodically so that you remain informed about how cookies and similar technologies are used. If you do not agree with any update, your remedy is to discontinue use of the Platform and, where applicable, to adjust your cookie settings as described in Section 7.

12. General

If any provision of this Cookie Policy is held to be invalid, unlawful or unenforceable by a court or other competent authority, that provision shall be severed to the minimum extent necessary and the remaining provisions shall continue in full force and effect. No failure or delay by the Company in exercising any right under this Policy operates as a waiver of that right, and no single or partial exercise of any right precludes any further exercise of it.

This Cookie Policy supplements, and should be read together with, the Banzena Terms of Service and the Banzena Privacy Policy, which together with this Policy constitute the entire understanding between you and the Company regarding the use of cookies and similar technologies on the Platform. In the event of any conflict, the Banzena Terms of Service govern the allocation of liability, indemnification and dispute resolution, and the Banzena Privacy Policy governs the handling of Personal Data. The Company may freely assign or transfer its rights and obligations under this Policy in connection with a merger, acquisition, reorganisation or sale of assets.

13. Cookies and Identifiers We Use

The specific cookies, tokens and similar identifiers used by the Banzena platform fall into the categories described above. The principal identifiers we use to operate the platform are set out below. Cookies and identifiers set by individual Merchant stores, and by Third-Party Services those stores choose to integrate, are not listed here and are the responsibility of the relevant Merchant or third party.

• Authentication and session token (strictly necessary). Banzena uses a signed authentication token, stored in your browser (for example in local storage, in the form banzena_token_<store>), to keep you signed in to your dashboard or account and to authorise your requests. Without it you cannot sign in or manage a store. It persists until you sign out or it expires.
• Security and bot-protection (strictly necessary). Our infrastructure provider, Cloudflare, sets identifiers used to protect the Service against bots, fraud and abuse and to keep it available and secure, including challenge and bot-management identifiers such as those associated with Cloudflare Turnstile and Cloudflare cookies like __cf_bm and cf_clearance. These are typically short-lived, ranging from minutes to about thirty days.
• Payment-related (strictly necessary where used). Where a store accepts card payments, our payment processor, Stripe, may set identifiers used to process payments securely and to detect and prevent fraud at checkout. These are governed by Stripe's own policies.
• Analytics (optional). The Company may use privacy-respectful, aggregate analytics to understand how the platform is used and to improve it. Where analytics cookies are used (for example, Google Analytics identifiers such as _ga and _gid), they help us measure traffic and usage trends, with lifespans ranging from the end of your session up to about two years. Merchant stores may separately configure their own analytics, for which the Merchant is responsible.

The exact names, providers and lifespans of cookies and identifiers may change as we and our providers update the Service and our security measures. We will update this Policy to reflect material changes.

14. Do Not Track, Global Privacy Control and Consent

Some browsers offer a "Do Not Track" setting. Because there is no finalised common industry standard for interpreting Do Not Track signals, the platform does not respond to them. Where required by applicable law, we treat a recognised Global Privacy Control signal as a valid opt-out request in respect of any sale or sharing of personal information; as explained in our Privacy Policy, we do not sell or share personal information.

Where consent is required by law for non-essential cookies — for example, analytics or any advertising cookies — we, or the relevant Merchant store, will seek that consent through an appropriate mechanism such as a cookie banner or preference centre before those cookies are set, and will record that consent. You can withdraw consent as easily as you gave it, and you can manage or delete cookies at any time using your browser controls. Disabling strictly-necessary cookies and identifiers will prevent core features — including signing in and completing checkout — from working.

15. Contact and Governing Law

If you have any questions about this Cookie Policy or about how cookies and similar technologies are used on the Banzena Platform, you may contact the Company at support@banzena.com. For questions about cookies set within a specific Merchant store, please contact the operator of that store, as the relevant Merchant is responsible for those cookies.

This Cookie Policy is governed by, and shall be construed in accordance with, the laws of the Emirate of Abu Dhabi, United Arab Emirates, without regard to its conflict-of-laws principles. Any dispute, claim or matter arising out of or relating to this Policy is subject to the dispute-resolution, jurisdiction and governing-law provisions of the Banzena Terms of Service, which are incorporated into this Policy by reference.