Sentora Cookie Policy
Effective Date: May 29, 2026
Last Updated: May 29, 2026
Applies to: sentora.com, defirisk.sentora.com, vaults.sentora.com
1. Introduction
Sentora ('Sentora', 'we', 'us' or 'our') operates three websites: the main website at https://sentora.com, the DeFi Risk Radar application at https://defirisk.sentora.com, and the Sentora Smart Vaults at https://vaults.sentora.com (together, the 'Sites').
This Cookie Policy explains what cookies and similar tracking technologies are, how and why we use them on our Sites, what choices you have regarding their use, and your rights under applicable privacy laws. It covers the EU General Data Protection Regulation ('GDPR'), the UK General Data Protection Regulation ('UK GDPR') together with the Privacy and Electronic Communications Regulations 2003 ('PECR'), and applicable US state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act ('CCPA/CPRA').
This Cookie Policy should be read alongside our Privacy Policy, which provides further detail on how we process your personal data. Where the two sites have separate Privacy Policies, this Cookie Policy applies to both unless stated otherwise.
2. What Are Cookies and Similar Technologies
Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your device and store certain information about your preferences or past actions. In addition to cookies, we may use the following similar technologies:
Local storage and session storage: browser-side data stores used for functionality and performance
Pixel tags and web beacons: invisible images embedded in pages or emails that track user behaviour
JavaScript SDKs: scripts loaded by third parties (such as analytics providers) to collect usage data
For the purposes of EU and UK law, cookies and similar technologies that process personal data fall within the scope of both PECR (which requires prior consent for non-essential cookies) and GDPR (which governs the subsequent processing of any personal data collected). For general information about cookies and how they work, visit www.allaboutcookies.org.
3. How We Use Cookies on Our Sites
We use cookies and similar technologies across sentora.com and defirisk.sentora.com for the purposes described in this section. We also collect personal data through four additional mechanisms on sentora.com that are not cookie-based but are described here for completeness:
3.1 Newsletter Signup Form
The 'Stay Updated: Join Our Newsletter' form on sentora.com collects your email address and, optionally, your name. This data is collected for the purpose of sending you crypto analysis, news and updates about Sentora's research and platform. We will only send you marketing emails if you have given us your specific, informed and freely given consent by ticking the opt-in box on the signup form. You may withdraw your consent and unsubscribe at any time by clicking the unsubscribe link in any email we send, or by contacting us at legal@sentora.com. The legal basis for processing this data is consent under GDPR Article 6(1)(a).
3.2 Contact Form
The contact form at sentora.com/contact collects your name, email address, company name and message. This data is used solely to respond to your enquiry. We do not use contact form data for marketing purposes without your separate consent. The legal basis for processing this data is our legitimate interest in responding to business enquiries under GDPR Article 6(1)(f), or where you are making a request that leads to a pre-contractual relationship, Article 6(1)(b). We retain contact form data for no longer than 24 months unless a longer period is required by law or by the nature of an ongoing business relationship.
3.3 Cookieless Analytics (Plausible)
Sentora.com uses Plausible Analytics, a privacy-focused web analytics tool that does not set any cookies or use similar persistent tracking technologies. Plausible collects aggregated, non-personally-identifiable usage data including page views, referral sources, browser and device type, and approximate geographic location derived from the visitor's IP address at the time of each page view. The IP address is used solely for this geolocation lookup and is not stored or logged. No visitors are tracked across sessions or sites. All data is processed in aggregate form only. For further information, see plausible.io/privacy.
3.4 Server-Side Visitor Analytics (AudienceScan)
Sentora.com uses AudienceScan, a cookieless analytics platform provided by SD Marketing Ltd. (audiencescan.io). AudienceScan does not set any cookies or use localStorage; visitors are identified via a server-side anonymised hash. The platform collects page views, session behaviour, device and browser information, geographic data derived from IP address, UTM and referral attribution, outbound click tracking, and detects browser wallet extensions and connected wallet addresses when a visitor connects their wallet.
Because AudienceScan does not place cookies or store data on your device, it does not require consent under PECR Regulation 6. The legal basis for this processing is Legitimate Interests under GDPR Article 6(1)(f), as the data collected supports our understanding of website usage patterns and visitor engagement. Visitor event data is stored and processed in Google BigQuery (us-central1, Iowa, United States). An Article 28-compliant Data Processing Agreement is in place with SD Marketing Ltd. under the AudienceScan service terms. For further information, see audiencescan.io/sdterms.
4. Categories of Cookies We Use
We classify cookies into four categories. Strictly Necessary cookies are always active and cannot be disabled. All other categories require your explicit consent before being placed on your device.
4.1 Strictly Necessary Cookies
These cookies are essential to enable you to navigate the Sites and use their features. Without them, services you have requested (such as remembering your cookie preferences) cannot be provided. Legal basis: Legitimate Interests under GDPR Article 6(1)(f). These cookies are exempt from the prior consent requirement under PECR Regulation 6(4) and are not subject to CCPA opt-out rights.
Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
__cf_bm | Cloudflare | Bot management and security: distinguishes human users from automated traffic | First-party | 1 hour |
_cfuvid | Cloudflare | Tracks users across sessions to support Cloudflare bot management and maintain session consistency | First-party | Session |
_framer_session | Framer | Maintains session state for the Framer-hosted website at sentora.com | First-party | Session |
framerCookiesConsentMode | Framer | Stores Framer-specific cookie consent mode settings for the Framer-hosted website at sentora.com | First-party | Persistent |
cookie_consent | Sentora | Stores your cookie consent preferences including your choices, policy version and consent timestamp | First-party | 12 months |
4.2 Analytics and Performance Cookies
These cookies collect information about how visitors use the Sites, such as which pages are visited most often, time spent on pages and any errors encountered. The data helps us improve how the Sites work. All data collected is pseudonymised or anonymised where possible. Legal basis: Consent under GDPR Article 6(1)(a). Under CCPA/CPRA: these may constitute a 'sharing' of personal information for cross-context behavioural advertising if linked to advertising identifiers. California residents have the right to opt out.
Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
framer_analytics | Framer | Tracks page views and interactions on Framer-hosted sites | Third-party | Session / 1 year |
_ga | Google Analytics | Distinguishes unique users by assigning a randomly generated client identifier | Third-party | 1 year 1 month 4 days |
_ga_* | Google Analytics | Stores and counts page views for this GA4 property | Third-party | 1 year 1 month 4 days |
_gid | Google Analytics | Distinguishes users; resets daily | Third-party | 24 hours |
_hjSessionUser_* | Hotjar | Identifies a unique user across sessions for session recording and heatmapping on defirisk.sentora.com | Third-party | 1 year |
_hjSession_* | Hotjar | Holds current session data including page views and actions captured in Hotjar recordings | Third-party | 1 hour |
_hjFirstSeen | Hotjar | Identifies whether this is the user’s first Hotjar-tracked session; used to determine recording eligibility | Third-party | Session |
hjActiveViewportIds | Hotjar | Stores active viewport identifiers for Hotjar session recording on defirisk.sentora.com | Third-party | Persistent |
hjViewportId | Hotjar | Identifies the current viewport for Hotjar session recording on defirisk.sentora.com | Third-party | Session |
Note: defirisk.sentora.com uses Google Tag Manager (container GTM-MTPK8SZ) and sentora.com uses Google Tag Manager (container GTM-W3B9W5HP) as tag management systems. These GTM containers may load additional analytics or marketing tags beyond those listed above. The complete tag inventories within each GTM container are managed within the respective GTM accounts and are subject to the same consent requirements as all other non-essential cookies.
4.3 Functional Cookies
Functional cookies allow the Sites to remember choices you make and provide enhanced features. Legal basis: Consent under GDPR Article 6(1)(a).
Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
cn-sv-id | Common Ninja | Stores a server-assigned visitor identifier for Common Ninja embedded widgets on sentora.com | Third-party | Persistent |
cn_uc__ | Common Ninja | Stores user configuration and preference state for Common Ninja embedded widgets | Third-party | Persistent |
cn-session-id | Common Ninja | Maintains session state for Common Ninja embedded widgets | Third-party | Session |
hs_* | HubSpot | Manages form submissions, lead capture and newsletter subscription state for HubSpot CRM integration | Third-party | Up to 2 years |
itb__sidebar_collapsed | Sentora | Remembers the user’s sidebar collapsed/expanded preference on defirisk.sentora.com | First-party | Persistent |
4.4 Marketing and Targeting Cookies
Marketing cookies track visitors across websites and enable relevant advertising and campaign measurement. Legal basis: Consent under GDPR Article 6(1)(a). Under CCPA/CPRA: these activities may constitute a 'sharing' or 'sale' of personal information. California residents have the right to opt out using the methods in Section 6.3 below.
Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_gcl_au | Google Ads | Stores and tracks conversions from Google Ads campaigns | Third-party | 3 months |
_gcl_aw, gclid | Google Ads | Stores Google click identifiers when users arrive via paid search campaigns, used for conversion tracking | Third-party | 3 months |
_gcl_ls | Google Ads | Stores Google Ads conversion linker data for cross-domain conversion measurement | Third-party | Persistent |
DV360 tags | Google Display & Video 360 | Third-party advertising tags deployed via Google Tag Manager for programmatic display and video ad serving, audience targeting and conversion tracking (tag IDs: 186396729, 303976739); shares data with Google's advertising infrastructure | Third-party | 13 months (EEA/UK) / 24 months (elsewhere) |
li_* | LinkedIn Insight Tag | Tracks conversions and enables LinkedIn retargeting for institutional outreach campaigns | Third-party | 6 months to 2 years |
__qca | Quantcast | Collects anonymous audience data to help understand user demographics and website usage patterns | Third-party | 1 year 26 days |
_qcses_* | Quantcast | Maintains Quantcast session state for audience measurement and analytics | Third-party | Persistent |
mc | Quantcast | Tracks users for audience measurement, performance reporting and advertising personalisation | Third-party | 1 year 1 month |
_reb2buid | RB2B | Assigns a persistent unique visitor identifier for B2B visitor identification and lead generation | Third-party | 1 year |
_reb2bsessionID | RB2B | Maintains session state for RB2B visitor identification during a browsing session | Third-party | 1 hour |
_reb2bloaded | RB2B | Indicates that the RB2B tracking script has loaded on the current page | Third-party | Less than 1 minute |
_reb2bgeo | RB2B | Stores geographic location data derived from the visitor’s IP address for RB2B lead enrichment | Third-party | 20 days |
utm_* (session storage) | Various | Campaign tracking parameters (utm_source, utm_medium, utm_campaign) stored temporarily when users arrive via tracked links or campaigns | First-party | Session |
_twpid | X (formerly Twitter) | Identifies visitors for X/Twitter advertising pixel tracking and conversion measurement | Third-party | 1 year 24 days |
guest_id | X (formerly Twitter) | Identifies and tracks website visitors; registers whether a user is signed in to the X platform and collects ad preference information | Third-party | 1 year 1 month 4 days |
guest_id_marketing | X (formerly Twitter) | Identifies and tracks website visitors for X/Twitter marketing attribution | Third-party | 1 year 1 month 4 days |
guest_id_ads | X (formerly Twitter) | Identifies and tracks website visitors for X/Twitter advertising targeting | Third-party | 1 year 1 month 4 days |
personalization_id | X (formerly Twitter) | Enables social media integration and sharing features; stores information about how users interact with the website for tracking and targeting | Third-party | 1 year 1 month 4 days |
muc_ads | X (formerly Twitter) | Collects user behaviour and interaction data to optimise advertising on the X platform | Third-party | 1 year 1 month 4 days |
4.5 Links to Third-Party Websites
Our Sites contain links to external websites including LinkedIn, X (formerly Twitter) and other third-party platforms. When you navigate to those sites, you leave the Sentora environment. Those sites operate under their own cookie policies and privacy notices, which we encourage you to review. We have no control over, and accept no responsibility for, the cookies or data practices of any third-party site.
5. Third-Party Providers and International Data Transfers
Some cookies described in Section 4 are set by third-party providers who process data under their own privacy policies. Several of these providers are based in the United States or other countries outside the UK and EEA, meaning that data is transferred internationally. The table below summarises our key third-party cookie providers and the safeguards in place for international transfers.
Provider | Country | Data Processed | Transfer Mechanism | Privacy Policy |
|---|---|---|---|---|
AudienceScan (SD Marketing Ltd.) | United Kingdom (data stored in USA: Google BigQuery, us-central1) | Page views, session behaviour, device/browser info, geographic data, UTM/referral attribution, outbound clicks, wallet extension and address data (processed via server-side anonymised hash) | SCCs / UK Addendum / EU–US DPF + UK Extension (via sub-processor) | audiencescan.io/privacy (service terms: audiencescan.io/sdterms) |
Cloudflare Inc. | USA | IP address, request metadata, bot signals | EU–US DPF / UK Extension to DPF / SCCs / UK Addendum | cloudflare.com/privacypolicy |
Common Ninja Ltd. | Israel | Widget interaction data, session state, visitor identifiers | EU/UK Adequacy / SCCs / UK Addendum | commoninja.com/privacy |
Framer B.V. | Netherlands (EU) | Session data, page views, site interactions | SCCs (data hosted on AWS US) | framer.com/legal/privacy-statement |
Google LLC | USA | IP address, browsing behaviour, device identifiers, fonts CDN requests, ad interaction data (via DV360) | EU–US DPF / UK Extension to DPF / SCCs / UK Addendum | policies.google.com/privacy |
Hotjar Ltd. | Malta (EU) / Ireland (EU) servers | Session recordings, mouse movements, click and scroll data, device data, IP address | SCCs (EU) / SCCs (UK) | hotjar.com/legal/policies/privacy |
HubSpot Inc. | USA | Form submission data, email addresses, CRM lead data | EU–US DPF / UK Extension to DPF / SCCs / UK Addendum | legal.hubspot.com/privacy-policy |
LinkedIn Corporation | USA | Professional profile data, IP address, browsing behaviour | EU–US DPF / UK Extension to DPF / SCCs / UK Addendum | linkedin.com/legal/privacy-policy |
Quantcast International Ltd. | Ireland (EU) | IP address, browsing behaviour, audience demographics | SCCs / UK Addendum | quantcast.com/privacy |
RB2B Inc. | USA | IP address, geographic data, visitor identification data | Consent (no formal safeguards cited) | rb2b.com/privacy-policy |
X Corp. (formerly Twitter) | USA | IP address, browsing behaviour, ad preferences, social interaction data | EU–US DPF / UK Extension to DPF / SCCs / UK Addendum | x.com/en/privacy |
Transfers to the United States and other third countries are safeguarded by one or more of the following mechanisms: EU Standard Contractual Clauses (SCCs) under Commission Decision 2021/914; the UK International Data Transfer Addendum (IDTA) to the EU SCCs; or participation in the EU-US Data Privacy Framework (DPF) or its UK Extension; or, where applicable, an EU/UK adequacy decision.
6. Your Cookie Choices and Controls
6.1 Cookie Consent Banner
When you first visit either of our Sites, a cookie consent banner will appear. You can choose from three options:
Accept All: enables all cookie categories including Analytics, Functional and Marketing cookies
Reject All: disables all non-essential cookies; only Strictly Necessary cookies will be set
Manage Preferences: opens a panel where you can individually toggle each category on or off
Non-essential cookies are placed only after you have given explicit, informed, freely given and unambiguous consent. Refusing consent does not affect your ability to use either Site. You may change your preferences at any time by clicking the Cookie Settings link in the footer of either Site.
6.2 Browser Controls
You can also control or delete cookies through your browser settings. Most browsers allow you to block, delete or be notified about cookies. Note that blocking all cookies may affect Site functionality. Guidance for major browsers is available at:
Chrome: chrome://settings/cookies
Firefox: about:preferences#privacy
Safari: Preferences, then Privacy, then Manage Website Data
Edge: edge://settings/cookies
6.3 Third-Party Opt-Out Links
Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
Google Ads personalisation: https://adssettings.google.com
LinkedIn ad opt-out: https://www.linkedin.com/psettings/guest-controls
Hotjar opt-out: https://www.hotjar.com/legal/compliance/opt-out
HubSpot cookie preferences: https://legal.hubspot.com/privacy-policy
Digital Advertising Alliance (US): https://optout.aboutads.info
Network Advertising Initiative: https://optout.networkadvertising.org
Your Online Choices (UK and EU): https://www.youronlinechoices.com
6.4 Do Not Track Signals
Some browsers transmit Do Not Track (DNT) signals. As there is no universally agreed standard for how websites should respond to these signals, our Sites do not currently alter their behaviour in response to them. We recommend using our consent banner or the opt-out links above to manage your preferences.
7. Your Rights Under EU GDPR and UK GDPR
Where cookies or similar technologies process your personal data, you have the following rights under the EU GDPR (Articles 15 to 22) and UK GDPR:
Right of Access: request a copy of the personal data we hold about you
Right to Rectification: request correction of inaccurate or incomplete personal data
Right to Erasure: request deletion of your personal data where there is no compelling reason for its continued processing
Right to Restriction of Processing: request that we restrict how we use your data in certain circumstances
Right to Data Portability: receive your personal data in a structured, machine-readable format
Right to Object: object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. You can do this via our Cookie Settings panel in the footer.
To exercise any of these rights, contact us at: legal@sentora.com
You also have the right to lodge a complaint with a supervisory authority:
EU: Your local EU data protection authority. If Sentora has appointed an EU lead supervisory authority, details will be provided here: [EU Lead Supervisory Authority - to be confirmed]
UK: The Information Commissioner's Office (ICO): www.ico.org.uk or 0303 123 1113
8. California Residents: CCPA and CPRA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information.
8.1 Personal Information Collected via Cookies
Through cookies and similar technologies on our Sites, we may collect the following categories of personal information as defined by the CCPA: Identifiers such as IP address, cookie IDs and device identifiers; Internet or electronic network activity information including browsing history on our Sites and interactions with content; Geolocation data as approximate location derived from IP address; Inferences drawn from browsing behaviour to create a profile reflecting interests or preferences.
8.2 Sale and Sharing of Personal Information
We do not sell personal information for monetary consideration. However, certain disclosures of personal information to third-party advertising and analytics providers (including LinkedIn Insight Tag, Google Ads, Google Display & Video 360, X (formerly Twitter), Quantcast and RB2B) may constitute a 'sharing' of personal information for cross-context behavioural advertising purposes under the CPRA. California residents have the right to opt out of such sharing by:
Clicking Reject All or disabling the Marketing category in our Cookie Settings banner on either Site
Using the Do Not Sell or Share My Personal Information link in the footer of sentora.com
Emailing us at legal@sentora.com with the subject line: CCPA Opt-Out Request
8.3 Additional CCPA and CPRA Rights
Right to Know: request details of the personal information collected, the sources, purposes and third parties with whom it is shared
Right to Delete: request deletion of personal information we have collected from you, subject to certain exceptions
Right to Correct: request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: direct us to limit use of sensitive personal information where applicable
Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA or CPRA rights
To submit a CCPA or CPRA request, email legal@sentora.com or write to us at the address below. We will respond within 45 days, extendable by a further 45 days where reasonably necessary. We may need to verify your identity before processing your request. You may designate an authorised agent to submit requests on your behalf, subject to verification requirements.
9. Residents of Other US States
In addition to California, a number of other US states have enacted comprehensive consumer privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA) and others. If you are a resident of any of these states, you may have rights similar to those described in Section 8, including rights to access, delete, correct and opt out of certain processing of your personal data.
To exercise any applicable rights, please contact us at legal@sentora.com with your state of residence and the nature of your request. We will respond in accordance with the law applicable in your state.
10. United Kingdom: Additional Information
The UK GDPR and Data Protection Act 2018 apply to our processing of UK residents' personal data. The Privacy and Electronic Communications Regulations 2003 (PECR) also apply to our use of cookies and similar technologies in relation to UK users.
Under PECR, we must obtain informed consent before setting non-essential cookies on your device. Our cookie consent banner satisfies this requirement by providing clear information and a genuine choice before any non-essential cookies are placed. The banner is designed in line with ICO guidance: non-essential categories default to off, and Reject All is presented with equal prominence to Accept All.
The UK supervisory authority is the Information Commissioner's Office (ICO). Contact: www.ico.org.uk or 0303 123 1113.
11. Cookie Retention Periods
Individual cookie durations are set out in the tables in Section 4. As a general principle: session cookies are deleted when you close your browser; persistent cookies are stored for the period shown in the relevant table, or until you delete them via your browser settings or our Cookie Settings panel. If we update this Cookie Policy in a material way, including by adding a new cookie category, naming a new third-party processor, or changing the stated purpose of an existing cookie, we will seek fresh consent.
12. Updates to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, law, our business operations or for any other reason. The Last Updated date at the top of this document will always reflect the most recent version. Where changes are material (as defined in Section 11), we will notify you via a prominent notice on our Sites and, seek fresh consent via the banner.
13. Contact Us
If you have questions or concerns about this Cookie Policy or how we handle your data, please contact us:
Email: legal@sentora.com
Post: Sentora Limited, Floor 4, Banco Popular Building, Road Town, Tortola, VG1110, British Virgin Islands