Cookie Policy

1. Introduction

This Policy describes the cookies and similar technologies employed by or on behalf of Zoryxon, the purposes for which such technologies are used, the legal bases on which we rely, and the choices available to you with respect to such use. Certain cookies are strictly necessary to deliver the Services you request; others are optional and deployed only with your consent where required by applicable law.

Our use of cookies and similar technologies constitutes the Processing of Personal Data in certain jurisdictions. The manner in which we collect, use, disclose, and otherwise Process such data is further described in our Privacy Policy, which is incorporated herein by reference.

2. What Are Cookies

A "cookie" is a small text file that a website, application, or service places on, or reads from, a user's browser, device, or local storage for the purpose of enabling functionality, remembering preferences, authenticating sessions, or collecting analytics. Cookies may be classified along two principal dimensions: (i) by origin, as either first-party cookies (set directly by the domain the user is visiting) or third-party cookies (set by a domain other than the one the user is visiting); and (ii) by duration, as either session cookies (which are deleted automatically when the browser is closed) or persistent cookies (which remain on the device for a defined period or until manually deleted).

References in this Policy to "cookies" should be read to include substantially similar technologies deployed in connection with the Services, including without limitation web beacons, clear GIFs, tracking pixels, browser local storage (including localStorage and sessionStorage), IndexedDB, mobile and desktop software development kits (SDKs), device identifiers, and server-side session mechanisms that operate in conjunction with client-side identifiers (collectively, "Similar Technologies").

3. Categories of Cookies We Use

We classify the cookies and Similar Technologies deployed in connection with the Services into the following categories:

3.1 Strictly Necessary Cookies

Strictly necessary cookies are essential to enable you to navigate the Services and use their features, including authentication via Sign-In with Ethereum (SIWE) and the issuance and validation of JSON Web Tokens (JWTs), secure session management, cross-site request forgery (CSRF) protection, load balancing, fraud prevention, and maintenance of network security. These cookies do not require consent under the ePrivacy Directive (Directive 2002/58/EC, as amended) or Article 6 of the GDPR because they are strictly necessary for the provision of an information society service explicitly requested by the user. Disabling strictly necessary cookies will impair or prevent core functionality of the Services.

3.2 Functional Cookies

Functional cookies allow the Services to remember choices you make and provide enhanced, more personalized features, including interface language, display preferences (such as dark mode), wallet connection state, and temporary form state. Where required by applicable law, functional cookies are deployed only upon obtaining your prior informed consent.

3.3 Analytics Cookies

Analytics cookies collect information in aggregated and, where feasible, pseudonymized or anonymized form to help us understand how the Services are used, measure performance, diagnose errors, and improve user experience. These cookies are deployed only upon obtaining your prior informed consent in jurisdictions that require such consent.

3.4 Marketing and Advertising Cookies

Zoryxon does not, by default, use marketing or advertising cookies, nor do we permit third-party advertising networks to set cookies through the Services. Should Zoryxon elect to deploy marketing or advertising cookies in the future, such deployment will occur only upon obtaining your prior explicit opt-in consent and will be disclosed in this Policy and, where required, through an updated in-product consent notice.

4. Specific Cookies

The following table identifies representative cookies deployed by Zoryxon in connection with the Services. The list below is intended to be illustrative rather than exhaustive; a current dynamic inventory is maintained in the in-product Cookie Settings panel and may be updated as the Services evolve.

A current, dynamic list of all cookies and Similar Technologies in use is maintained within the in-product Cookie Settings panel and may be updated from time to time as the Services evolve.

5. Third-Party Cookies and Similar Technologies

Certain third parties engaged by Zoryxon to provide specific functionality may set cookies or deploy Similar Technologies through the Services. Currently identifiable third parties include:

• Stripe — payment processing, deployed solely on checkout and payment-related pages to enable secure transaction processing and fraud prevention. Stripe's use of cookies is governed by the Stripe Privacy Policy.
• Vercel — hosting and, where enabled, privacy-respecting analytics that do not rely on persistent cross-site identifiers. Vercel's data practices are described in the Vercel Privacy Policy.

Wallet providers (including without limitation MetaMask, Coinbase Wallet, and WalletConnect) may set their own cookies or use their own Similar Technologies when you interact with them. Such use is governed by each provider's respective privacy policy and is not controlled by Zoryxon. Any future additions to the list of third-party providers will be reflected in this Policy and, where consent is required under applicable law, disclosed to you before activation.

6. Legal Bases for Cookie Use

In jurisdictions governed by the GDPR, the UK GDPR, and the ePrivacy Directive (and its national implementations, including the UK Privacy and Electronic Communications Regulations ("PECR")), Zoryxon relies on the following legal bases for the deployment of cookies and Similar Technologies:

• Strictly Necessary Cookies: contractual necessity (GDPR Article 6(1)(b)) and our legitimate interests in providing secure, reliable, and functional Services (GDPR Article 6(1)(f)); such cookies are exempt from the consent requirement under Article 5(3) of the ePrivacy Directive.
• Functional, Analytics, and Marketing Cookies: your prior informed consent (GDPR Article 6(1)(a) and Article 5(3) of the ePrivacy Directive), which you may withdraw at any time without affecting the lawfulness of Processing conducted prior to withdrawal.
• California (CCPA/CPRA): notice at or before the point of collection, together with honoring your right to opt out of the "sale" or "sharing" of Personal Information, including through recognized opt-out preference signals such as Global Privacy Control (GPC).
• Other U.S. State Privacy Laws: notice and, where applicable, the right to opt out of targeted advertising, sale, and certain profiling activities, as required under the privacy laws of Virginia, Colorado, Connecticut, Utah, and other jurisdictions with comparable regimes.

7. Consent Mechanism

Where applicable law requires prior informed consent for the use of non-essential cookies, Zoryxon presents a cookie consent banner on your first visit to the Services. The banner provides granular controls allowing you to:

• accept all categories of cookies;
• reject all non-essential cookies (strictly necessary cookies will continue to operate as required by law);
• manage consent on a per-category basis, accepting or declining functional, analytics, and (if applicable) marketing cookies independently; and
• access detailed information about each cookie before providing or withholding consent.

You may withdraw, modify, or reaffirm your consent at any time by accessing the "Cookie Settings" link displayed in the Services footer or within your account preferences. Withdrawal of consent will take effect prospectively and will not affect the lawfulness of Processing carried out prior to withdrawal. Zoryxon honors the Global Privacy Control (GPC) signal as a valid opt-out of the sale or sharing of Personal Information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

8. How to Manage or Disable Cookies

You may control the deployment of cookies through multiple channels:

• In-Product Cookie Settings: the primary mechanism for managing your cookie preferences with respect to the Services. Accessible via the Cookie Settings link in the footer of the Services.
• Browser Settings: most commercial web browsers allow you to block or delete cookies. Instructions for commonly used browsers are available at: Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge.
• Provider-Specific Opt-Outs: where the Services use Google Analytics, you may install the Google Analytics Opt-out Browser Add-on, available at tools.google.com/dlpage/gaoptout.
• Industry Opt-Out Tools: the Network Advertising Initiative opt-out tool at optout.networkadvertising.org and the Digital Advertising Alliance opt-out tool at optout.aboutads.info enable you to opt out of participating advertising networks, should any such networks become associated with the Services in the future.

Please note that blocking or deleting cookies, particularly strictly necessary cookies, may cause certain features of the Services to function incorrectly or to become unavailable. Clearing browser local storage may additionally delete client-side encryption keys maintained by the Services; where such keys have not been separately backed up, encrypted content may become permanently inaccessible, and Zoryxon cannot recover such keys.

9. Do Not Track and Global Privacy Control

The internet industry has not adopted a uniform standard for how websites and services should respond to the browser "Do Not Track" (DNT) signal. Accordingly, Zoryxon does not currently respond differently to DNT signals transmitted by your browser. Zoryxon does, however, honor the Global Privacy Control (GPC) signal as a valid opt-out of the sale or sharing of Personal Information under the CCPA/CPRA and comparable state privacy laws that recognize such signals.

10. Children

The Services are not directed to, and Zoryxon does not knowingly set cookies or deploy Similar Technologies on devices used by, individuals under the age of eighteen (18). If you believe that cookies have been set on a device belonging to a minor in contravention of this Policy, please contact us at the address set forth in Section 15 so that we may take appropriate remedial action.

11. Updates to Cookie Policy

Zoryxon may amend this Policy from time to time to reflect changes in applicable law, the Services, or our data practices. Material changes will be communicated through one or more of the following channels: (i) a cookie banner re-prompt requesting renewed consent where legally required; (ii) an in-product notification; or (iii) an email to the address associated with your account, where available. Each revised version will become effective immediately upon posting, unless a later effective date is stated. Your continued use of the Services after the effective date of any revised version constitutes your acceptance of the revised Policy, subject to your right to withdraw consent for non-essential cookies at any time.

12. International Considerations

This Policy applies to users of the Services in all jurisdictions, including without limitation the European Economic Area (subject to the GDPR and the ePrivacy Directive), the United Kingdom (subject to the UK GDPR and PECR), Switzerland (subject to the revised Federal Act on Data Protection), California (subject to the CCPA/CPRA), Nevada, Virginia, Colorado, Connecticut, Utah, and other U.S. states with comprehensive privacy laws. International transfers of Personal Data collected through cookies are governed by the cross-border transfer provisions set forth in our Privacy Policy and, where applicable, our Data Processing Agreement, including the Standard Contractual Clauses and the UK International Data Transfer Addendum.

13. Severability

If any provision of this Policy is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent necessary such that the remaining provisions of this Policy shall continue in full force and effect.

14. Governing Law

This Policy is governed by, and shall be construed in accordance with, the laws of the State of Ohio, United States of America, without giving effect to its conflict of laws principles. Nothing in this Policy shall derogate from any mandatory rights you may have under the cookie consent and data protection laws of your jurisdiction of residence, including the GDPR, UK GDPR, ePrivacy Directive, PECR, CCPA/CPRA, and other applicable state, national, or supranational privacy regimes, the protections of which shall apply to the extent required by law notwithstanding the choice of Ohio law herein.

15. Contact

Questions, concerns, or complaints regarding this Policy or our use of cookies and Similar Technologies should be directed to: