Cookie Policy
Version 2.0 - Effective April 2025
This Cookie Policy explains how VistaLink Technologies Ltd ("VistaLink," "we," "us," or "our") uses cookies and similar tracking technologies when you access or use any of our websites, applications, and services. It should be read alongside our Privacy Policy, which describes our broader data handling practices.
This policy applies across all VistaLink products, including but not limited to vistalink.com, the Parley consumer application (web, iOS and Android), the VistaLink Hotel Extranet (extranet.vistalink.com), and the VistaLink Developer API and associated portals.
1. What Are Cookies
Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work, or work more efficiently, to improve the user experience, and to provide information to site owners.
In addition to cookies, we use similar technologies including local storage, session storage, and web beacons (also known as pixels or tags). Throughout this policy, we refer to all of these technologies collectively as "cookies" unless we specifically distinguish between them.
Cookies can be "first-party" (set by us directly) or "third-party" (set by a service we integrate with, such as an analytics provider). They can also be "session" cookies (deleted when you close your browser) or "persistent" cookies (remaining on your device for a set period or until you delete them).
2. Categories of Cookies We Use
We group the cookies we use into the following categories. The legal basis for strictly necessary cookies is our legitimate interest in operating a secure, functional service. For all other categories, the legal basis is your consent where required under applicable law.
2.1 Strictly Necessary Cookies
These cookies are essential for our websites and services to function correctly. They enable core features such as authentication, session management, security protections, and bot detection. Without these cookies, certain parts of our services cannot be provided. Strictly necessary cookies are set without requiring your consent, as they are indispensable to the service you have requested.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| vl_dev_session | Maintains your authenticated session on the VistaLink Developer Portal. Contains a signed JWT with your account identifier. | 7 days | First-party, HttpOnly, Secure |
| oauth_state | Used during the OAuth sign-in flow (Google, GitHub) to prevent cross-site request forgery (CSRF) attacks. | 10 minutes | First-party, HttpOnly, Secure |
| oauth_code_verifier | Stores the PKCE code verifier during the Google OAuth sign-in flow to ensure the authorisation code exchange is secure. | 10 minutes | First-party, HttpOnly, Secure |
2.2 Functional Cookies
These cookies enable enhanced functionality and personalisation, such as remembering your preferences. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these features may not function properly.
| Cookie / Storage | Purpose | Duration | Type |
|---|---|---|---|
| vl-theme | Stores your light or dark mode preference. Set on the .vistalink.com domain so your theme choice is shared across all VistaLink subdomains. | 1 year | First-party cookie |
| theme | Duplicate of the theme preference stored in your browser's local storage as a fallback. | Persistent (until cleared) | Local storage |
2.3 Analytics and Performance Cookies
These cookies help us understand how visitors interact with our websites by collecting and reporting information. The data collected is aggregated and used to improve site performance, content, and user experience. We do not use the information to personally identify individual visitors.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| _ga | Set by Google Analytics (loaded via Google Tag Manager). Distinguishes unique visitors by assigning a randomly generated number as a client identifier. | 2 years | Third-party (Google) |
| _ga_* | Set by Google Analytics 4 to persist session state. The suffix is unique to your Google Analytics property. | 2 years | Third-party (Google) |
| _gid | Set by Google Analytics to distinguish users and throttle request rate. | 24 hours | Third-party (Google) |
Google Analytics data is collected in an anonymised form. IP addresses are not stored in full. For more information on how Google processes this data, see Google's Privacy Policy and Google Analytics Data Safeguards.
2.4 Marketing and Advertising Cookies
We do not currently use any marketing or advertising cookies, tracking pixels, or retargeting tags. If this changes in the future, we will update this policy and seek your consent before setting such cookies.
3. Session Storage and Local Storage
In addition to traditional cookies, we use browser storage mechanisms that behave similarly but are not transmitted to our servers with every request.
| Key | Purpose | Duration | Type |
|---|---|---|---|
| theme | Stores your light or dark mode preference as a fallback alongside the vl-theme cookie. | Persistent (until cleared) | Local storage |
| vl_utm | Campaign attribution data (UTM parameters) from the URL you used to arrive at our site. Used to understand how visitors find us. | Session (cleared when tab closes) | Session storage |
4. Third-Party Services and Their Cookies
We integrate a number of third-party services that may set their own cookies on your device. We do not control the cookies these services set, and we encourage you to review their respective privacy policies.
4.1 Google Tag Manager and Google Analytics
We use Google Tag Manager to load Google Analytics, which collects anonymised usage data including pages visited, time on site, referral sources, and general geographic region. Google may set cookies such as _ga, _ga_*, and _gid as described in section 2.3 above. See Google's Privacy Policy.
4.2 Stripe
Stripe is used for payment processing on the Developer Portal. When you interact with payment forms, Stripe may set cookies to detect fraud, prevent abuse, and process payments securely. These cookies are set by Stripe's own domain (js.stripe.com). See Stripe's Privacy Policy.
4.3 Sentry
We use Sentry for error monitoring and performance tracking. Sentry helps us detect and resolve technical issues to maintain service quality. Sentry may collect error reports that include technical metadata such as browser type, operating system, and the page URL where the error occurred. Sentry does not set persistent tracking cookies in our configuration. See Sentry's Privacy Policy.
4.4 Cloudflare Turnstile
We use Cloudflare Turnstile as a bot-detection mechanism on our contact and enquiry forms. Turnstile is a privacy-preserving alternative to traditional CAPTCHAs and may set a cookie (cf_clearance or similar) to verify that you are a genuine visitor. Turnstile does not track you across websites. See Cloudflare's Privacy Policy.
5. Cookie Consent
When you first visit our website, non-essential cookies (such as analytics cookies) may be loaded via Google Tag Manager. You can manage your cookie preferences at any time through your browser settings (see section 6 below).
Strictly necessary cookies do not require consent, as they are essential to the functioning of the service you have requested. These cannot be disabled without impairing core functionality.
6. How to Manage and Disable Cookies
Most web browsers allow you to control cookies through their settings. You can typically find these options in your browser's "Settings," "Preferences," or "Privacy" menu. You can:
- View and delete existing cookies.
- Block all cookies or only third-party cookies.
- Set your browser to notify you when a cookie is being set.
- Clear local storage and session storage data.
Below are links to cookie management instructions for common browsers:
To opt out of Google Analytics tracking across all websites, you can install the Google Analytics Opt-out Browser Add-on.
7. Impact of Disabling Cookies
If you choose to disable or block certain cookies, please be aware of the following potential impacts:
- Strictly necessary cookies: Blocking these will prevent you from signing in to the Developer Portal and completing OAuth authentication. Core service functionality will be unavailable.
- Functional cookies: Blocking these means your theme preference (light or dark mode) will not be remembered across visits or across VistaLink subdomains. You will see the default time-of-day-based theme instead.
- Analytics cookies: Blocking these has no impact on your ability to use our services. You will simply not be included in our aggregated analytics data.
- Third-party cookies (Stripe): Blocking Stripe cookies may prevent you from completing payments on the Developer Portal.
- Third-party cookies (Cloudflare Turnstile): Blocking Turnstile cookies may prevent you from submitting contact or enquiry forms, as the bot-detection verification may fail.
8. Your Rights Under Data Protection Law
Under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR), you have the right to:
- Be informed about the cookies we use and their purposes (this policy).
- Withdraw your consent to non-essential cookies at any time by adjusting your browser settings.
- Request access to, correction of, or deletion of any personal data we hold about you.
- Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed.
For more details on your data protection rights, please refer to our Privacy Policy.
9. Scope of This Policy
This Cookie Policy applies to all VistaLink products and services, including:
- vistalink.com and all associated subdomains
- The Parley consumer application (web, iOS, and Android)
- The VistaLink Hotel Extranet (extranet.vistalink.com)
- The VistaLink Developer API and developer portal
- Any other VistaLink product or service that references this policy
Third-party websites linked from our services are not covered by this policy. We encourage you to review the cookie policies of any external websites you visit.
10. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes to our services, or for other operational, legal, or regulatory reasons. We encourage you to review this policy periodically. The "Effective" date at the top indicates when the policy was last revised. Material changes will be highlighted on our website.
11. Contact Us
If you have any questions about our use of cookies or this Cookie Policy, please contact us at:
VistaLink Technologies Ltd
Email: [email protected]