COOKIE POLICY
Cookie Policy
Last Updated: January 1, 2026
1. Introduction and Scope. This Cookie Policy explains how Way (“we,” “us,” or “our”) uses cookies and similar tracking technologies on our public website and, where applicable, within our authenticated services. This policy should be read alongside our Privacy Policy and other relevant policies.
2. What Are Cookies. Cookies are small text files stored on your device when you visit a website. They enable the website or service to remember your actions and preferences over time, improving functionality, security, and user experience.
3. Types of Cookies We Use
3.1 Strictly Necessary Cookies. These cookies are essential for our website and services to function properly and cannot be disabled. They include:
- Authentication cookies to recognize you when you log in
- Security cookies to prevent fraudulent or unauthorized activity
- Session management cookies to maintain session state
3.2 Performance and Analytics Cookies. We use analytics tools to understand how visitors interact with our website and how customers use our services. These cookies are used only with consent where required by applicable law. Examples include:
- PostHog, which provides product and usage analytics
- Intercom, which supports customer communication and engagement
These cookies help us:
- Measure traffic and usage patterns
- Identify and diagnose technical issues
- Improve platform performance and usability
- Understand feature adoption
In authenticated service contexts, certain analytics may be processed based on contractual necessity or our legitimate interests in improving and securing our services.
3.3 Functional Cookies. These cookies enhance functionality and personalization, such as:
- Language preferences
- User interface customization
- Feature and configuration preferences
3.4 Communication and Support Technologies. Certain communication features within our services, such as customer support chat functionality provided by Intercom, may rely on cookies or similar technologies to operate effectively.
4. Third-Party Cookies. Depending on context and usage, third-party services integrated with our website or services may set their own cookies. These may include:
- Auth0 (authentication services)
- Cloud service providers such as Google Cloud Platform
- Other service providers supporting analytics, security, or communications
Some services listed above may apply only to authenticated services or internal workflows and may not set cookies on our public website. These third parties process data in accordance with their own privacy policies, which we encourage you to review.
5. Cookie Duration. We use both:
- Session cookies, which are deleted when you close your browser
- Persistent cookies, which remain on your device for a defined period or until deleted
Cookie retention periods vary depending on their purpose and category. Many cookies we use expire within 12 months, though certain authentication or security-related cookies may persist longer where necessary.
6. Your Cookie Choices
6.1 Browser Controls. You can control cookies through your browser settings, including the ability to:
- Block all cookies
- Block third-party cookies
- Delete existing cookies
- Receive notifications before cookies are set
Please note that disabling strictly necessary cookies may prevent access to certain features of our website or services.
6.2 Opt-Out Options. Where applicable, you may opt out of certain analytics or communications features through available settings, including:
- PostHog opt-out mechanisms
- Intercom privacy controls
6.3 Cookie Consent Banner. When you first visit our website from a jurisdiction where consent is required, you will see a cookie consent banner allowing you to:
- Accept all cookies
- Reject non-essential cookies
- Customize preferences by cookie category
Non-essential cookies are not set prior to consent where required by law. You may update your preferences at any time through the cookie settings link available in our website footer.
7. Data Protection and Security. Cookie data is processed in accordance with applicable data protection laws, including the GDPR for European residents. We maintain appropriate technical and organizational measures to protect personal data, including:
- Encryption of sensitive data where appropriate
- Access controls and authentication mechanisms
- Regular security assessments
- Secure data transmission protocols
Our information security program aligns with recognized frameworks such as ISO 27001 and SOC 2.
8. International Data Transfers. As we use global cloud infrastructure and third-party service providers, cookie data may be transferred to and processed in countries outside your jurisdiction. Where required, we implement appropriate safeguards, including:
- Standard Contractual Clauses
- Data Processing Agreements with service providers
9. Changes to This Policy. We may update this Cookie Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through appropriate means, such as notices on our website or updates to the “Last Updated” date at the top of this policy.
10. Contact Us. If you have questions about our use of cookies or this policy, please contact us via email at legal@way.co. For GDPR-related inquiries or to exercise your data subject rights, please refer to our Privacy Policy.
11. Legal Basis for Processing (GDPR). Where the GDPR applies, our legal bases for processing cookie-related data include:
- Consent, for non-essential cookies such as performance and analytics cookies
- Legitimate interests, including fraud prevention, security, and service improvement
- Contractual necessity, where cookies are required to provide our services
- Legal obligation, where processing is required by applicable law
You may withdraw your consent for non-essential cookies at any time through your cookie preferences.