Legal

Cookie Policy

How Oholingo (“we”, “us”) uses cookies and similar technologies on https://oholingo.com and related services.

Last updated: 2026-04-13

Policy version for consent records: 2026-04-13

1. Introduction

This Cookie Policy explains what cookies and similar technologies are, why we use them, what choices you have, and how this fits with global privacy expectations including the EU General Data Protection Regulation (“GDPR”), the UK GDPR / Privacy and Electronic Communications Regulations (“PECR”) framework as applicable, and United States state privacy laws such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA / CPRA”) where relevant.

This policy should be read together with our Privacy Policy, which describes personal data processing more broadly. If you have questions, see the contact section below.

Where we rely on consent for non-essential cookies or similar technologies, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Certain processing remains necessary to deliver the core service securely.

2. What are cookies

Cookies are small text files stored on your device when you visit a website. They are widely used to make sites work efficiently, remember preferences, and understand how services are used.

We also use related technologies that may behave similarly to cookies, including local storage, session storage, pixels, scripts, software development kits, and clear GIFs. For simplicity, this policy refers to all of these as “cookies and similar technologies.”

Cookies may be “first-party” (set by us) or “third-party” (set by a partner whose technology we integrate, such as payment, analytics, or embedded content providers).

3. Why we use cookies

Oholingo is a web-first language learning platform and learning management style experience. We use cookies and similar technologies to:

Keep accounts secure and sessions reliable (authentication and anti-abuse)
Remember your preferences (language, accessibility, and product settings)
Operate course enrollment, progress, gamification (such as XP and streak mechanics), and notifications
Measure reliability and performance (latency, errors, core web vitals style signals)
Understand product usage when you opt in to analytics
Support billing, subscription management, and receipts where applicable
Deliver and measure marketing campaigns and referrals only where permitted and when you opt in

We limit data collection to what is reasonably necessary for each purpose, and we apply consent and settings controls before enabling optional categories, subject to regional requirements.

4. Types of cookies we use

We classify cookies into the categories below. Depending on your location and the product surface, not every category may be present at all times.

4.1 Strictly necessary cookies

These are required for core operations such as security, authentication, session continuity, infrastructure routing, and compliance tasks that cannot be reasonably disabled without breaking core functionality. They are typically activated based on contractual necessity and, where required by law, a separate legal basis may apply.

4.2 Functional cookies

These remember choices you make—such as interface preferences—or enable optional improvements like onboarding personalization. If you disable them, the service should still function, but certain conveniences may not work as expected.

4.3 Analytics cookies

These help us understand how learners use lessons and features (for example funnels, feature adoption, retention cohorts in aggregate) so we can improve teaching quality, navigation, and reliability. Analytics cookies are used only with appropriate consent where required.

4.4 Performance cookies

These measure technical quality such as response times, crashes, client errors, and rollout monitoring. Some performance signals may overlap with analytics tooling depending on implementation, which is why consent controls may group or govern them together in product settings.

4.5 Advertising / marketing cookies

These support advertising delivery, conversion measurement, remarketing, and partner attribution where permitted by law. We use marketing technologies only when you opt in, except where a technology is strictly limited and treated as essential under applicable guidance.

5. Specific cookies / technologies used

Exact cookie names may evolve as we ship features. The following table reflects representative technologies commonly used in a Supabase-backed Next.js SaaS product with optional analytics and billing. Replace or amend this table with your final production identifiers as part of counsel review.

Technology	Category	Purpose	Typical storage / notes
Supabase Auth session tokens (HttpOnly cookies)	Strictly necessary / Security	Maintains signed-in sessions and protects account access.	Server-managed session cookie(s); duration bounded by session and rotation policy.
CSRF / anti-abuse tokens (where applicable)	Strictly necessary	Prevents cross-site request forgery and certain abuse patterns.	Short-lived; rotated per security policy.
Theme / UI preference storage	Functional (may be local)	Remembers display settings across visits (for example light/dark).	May use local storage rather than a cookie depending on implementation.
Consent record (oholingo.cookie-consent.v1)	Strictly necessary (consent evidence)	Stores your category choices and policy version reference for banners and gating.	Local storage key; duration until you clear site data or update preferences.
Google Analytics 4 (optional)	Analytics / Performance	Product measurement when enabled and consented.	Loads only after consent when configured; uses GA cookies/storage per Google policies.
Stripe (if checkout enabled)	Strictly necessary / Payment	Fraud prevention and payment session continuity.	Third-party cookies or similar identifiers governed by Stripe.
Marketing pixels (optional)	Marketing	Campaign measurement and remarketing where permitted.	Loaded only when marketing consent is enabled and integrations are configured.

Server logs, application logs, and database records may also contain technical identifiers for security and operations. Those are described in the Privacy Policy and are outside the scope of browser cookie controls.

6. Third-party cookies

We integrate carefully vetted service providers to operate Oholingo (for example authentication infrastructure, hosting, analytics, communications, and payments). Those providers may set their own cookies or similar technologies subject to their policies.

We seek to minimize third-party access and to configure integrations for privacy-preserving defaults. Where a provider processes personal data on our behalf, we align arrangements with contractual terms (such as Data Processing Agreements) where applicable. Where a provider processes personal data for its own purposes, it acts as an independent controller or business under applicable law and provides its own disclosures.

7. Legal basis for cookie usage

Depending on jurisdiction and the specific technology, legal bases may include one or more of the following:

Consent, where required for non-essential cookies and similar technologies (for example analytics or marketing).
Legitimate interests, where permitted for strictly necessary security and service delivery, balanced against your rights and freedoms, and where consent is not required.
Contract, where cookies are strictly necessary to deliver the service you request (for example processing login state to provide an account-backed LMS experience).
Compliance with law, where we must retain certain data for regulatory, tax, or legal obligations (typically processed under separate notices and not dependent on optional cookies).

For United States residents, certain processing may be characterized as a “sale” or “sharing” under state privacy laws when advertising technology is used. We seek to honor opt-out rights and to provide layered controls consistent with this Policy and our Privacy Policy.

9. How users can control cookies

You can change your mind at any time:

Use the “Cookies” floating control in the product (where available) to reopen preferences.
Use browser controls to remove or block cookies as described below.
Contact us using the details in this Policy for assistance with account-related settings.

If you block strictly necessary cookies, parts of Oholingo—including sign-in—may not function. If you block only optional categories, core learning flows should remain available, though measurement and personalization may be reduced.

10. Browser-level cookie management

Most browsers let you refuse or delete cookies, block third-party cookies, and alert you when cookies are set. Instructions vary by browser and version. Common documentation starts from your browser’s help center (for example Chrome, Safari, Firefox, Edge).

Mobile operating systems also offer tracking controls (including mobile advertising identifiers) that operate separately from website cookies. Embedded browsers inside apps may have additional limitations.

11. Impact of disabling cookies

Disabling strictly necessary cookies may prevent authentication or degrade security protections. Disabling functional cookies may reset preferences. Disabling analytics or marketing cookies typically does not block core learning paths, but may reduce our ability to diagnose issues and improve the curriculum experience.

12. Do Not Track signals

Some browsers transmit “Do Not Track” signals. There is no consistent industry interpretation of DNT. At this time, Oholingo does not respond to DNT signals as a universal standard. We instead provide the consent controls described in this Policy and honor applicable opt-out rights as required by law, including where targeted advertising preferences are regulated.

13. Regional cookie rights

Depending on where you live, you may have additional rights regarding personal data and certain “sale” / “sharing” activities. This Policy summarizes cookie choices globally; regional requirements may impose specific timelines and verification steps.

EU / EEA / UK: rights commonly include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent for consent-based processing. You may lodge a complaint with your supervisory authority.
United States (including California): depending on eligibility, you may have the right to opt out of sale/sharing for cross-context behavioral advertising, and additional rights described in our Privacy Policy.
Canada, Australia, and other regions: privacy regimes may impose transparency and consent requirements; we aim to meet reasonable global expectations even where law differs.

To exercise privacy rights, contact us using the information below. We may need to verify requests and will respond in line with applicable law.

14. Updates to this Cookie Policy

We may update this Cookie Policy to reflect product changes, legal requirements, or clarifications. When we publish changes, we will adjust the “Last updated” date and may change the policy version tied to consent records. Material changes may be communicated through additional notices (for example email or in-product banners).

15. Contact information

Questions about this Cookie Policy, privacy requests, or our use of cookies and similar technologies may be directed to:

Privacy: privacy@oholingo.com
Data Protection (where applicable): privacy@oholingo.com
General support: support@oholingo.com

Oholingo — correspondence address to be completed by counsel if required for regulatory disclosures.