Cookie Policy
Last updated: 2026-05-16
1. What Cookies Are
Cookies are small text files a website stores in your browser. They let the site remember who you are between page loads (e.g. that you're logged in), keep your language preference, and measure aggregated usage so we can improve the product. We use them sparingly and explain every one of them below.
2. Essential Cookies (always on)
These cookies are required for CrossPay to work. We cannot ship the service without them and your browser cannot meaningfully reject them. The `refresh_token` cookie keeps you signed in (HttpOnly, Secure, SameSite=Strict, path=/api/auth, 7-day expiry) and the `cp_session` sentinel cookie lets our server-rendered pages know you have an active session without exposing the underlying token (Secure, SameSite=Lax, path=/, 7-day expiry). The `NEXT_LOCALE` cookie remembers the language you picked.
3. Analytics Cookies (opt-in)
If you accept the cookie banner, we use Sentry (error monitoring, US) and similar in-house instrumentation to count page views, measure feature usage, and catch crashes. These cookies do not identify you personally. We do NOT enable analytics until you click Accept on the banner, and you can withdraw consent at any time using the choice stored in `crosspay_cookie_consent` (localStorage).
4. Functional Storage
Some preferences are stored in your browser's localStorage rather than as cookies — the cookie-consent choice, theme preference, and in-flight wizard data (so you can refresh the Send-money flow without losing your place). This data lives only in your browser and is never sent to a third party.
5. Third-Party Cookies
We do NOT use third-party advertising cookies. We never sell your browsing data. When you open the Crisp live-chat widget on the marketing pages, Crisp (EU) sets its own session cookies on its domain, subject to its own privacy policy. When you navigate via Cloudflare (CDN, US), Cloudflare may set bot-management cookies. Both are functional and not used for cross-site tracking.
6. How to Control Cookies
You control analytics cookies via the consent banner that appears on first visit. You can re-open the banner from the Cookie Policy footer link. You can also block or delete cookies from your browser settings — Chrome, Firefox, Safari, Edge and Brave all expose per-site controls. Note that blocking the essential `refresh_token` and `cp_session` cookies will log you out and prevent CrossPay from working.
7. Contact
Cookie questions, opt-out help, and access requests: contact our Data Protection Officer at privacy@crosspay.me. We respond within 30 days, as required by the Nigeria Data Protection Act (NDPA) and the GDPR / UK GDPR.