Cookie Policy
Last updated: 2026-05-16
1. Wetin Cookies Be
Cookies na small text files wey a website dey store inside your browser. Dem dey allow the site to remember who you be between page loads (e.g. say you don login), keep your language preference, and measure aggregated usage so we fit improve the product. We dey use them sparingly and dey explain every one of them below.
2. Essential Cookies (always on)
These cookies dey required for CrossPay to work. We cannot deliver the service without them and your browser cannot meaningfully reject them. The `refresh_token` cookie dey keep you signed in (HttpOnly, Secure, SameSite=Strict, path=/api/auth, 7-day expiry) and the `cp_session` sentinel cookie dey let our server-rendered pages know say you get an active session without exposing the underlying token (Secure, SameSite=Lax, path=/, 7-day expiry). The `NEXT_LOCALE` cookie dey remember the language wey you pick.
3. Analytics Cookies (opt-in)
If you accept the cookie banner, we use Sentry (error monitoring, US) and similar in-house instrumentation to count page views, measure feature usage, and catch crashes. These cookies no dey identify you personally. We NO dey enable analytics until you click Accept on the banner, and you fit withdraw consent at any time using the choice stored in `crosspay_cookie_consent` (localStorage).
4. Functional Storage
Some preferences dey stored in your browser's localStorage rather than as cookies — the cookie-consent choice, theme preference, and in-flight wizard data (so you fit refresh the Send-money flow without losing your place). This data dey live only in your browser and dem never send am to a third party.
5. Third-Party Cookies
We NO dey use third-party advertising cookies. We never sell your browsing data. When you open the Crisp live-chat widget on the marketing pages, Crisp (EU) dey set its own session cookies on its domain, subject to its own privacy policy. When you navigate via Cloudflare (CDN, US), Cloudflare fit set bot-management cookies. Both are functional and not used for cross-site tracking.
6. How to Control Cookies
You dey control analytics cookies via the consent banner wey dey appear on first visit. You fit re-open the banner from the Cookie Policy footer link. You fit also block or delete cookies from your browser settings — Chrome, Firefox, Safari, Edge and Brave all expose per-site controls. Note say if you block the essential `refresh_token` and `cp_session` cookies, e go log you out and CrossPay no go work.
7. Contact
Cookie question, opt-out help, and access requests: contact our Data Protection Officer for privacy@crosspay.me. We dey respond within 30 days, as the Nigeria Data Protection Act (NDPA) and the GDPR / UK GDPR require.