The whole policy in five bullets.
- We use first-party cookies only. No third-party advertising or cross-site tracking.
- Strictly necessary cookies (auth, session, CSRF) run by default — they’re required for the site to work.
- Functional cookies (timezone, theme, region preference) run by default and only store low-risk personalisation state.
- Analytics cookies are consent-gated where required (EU/UK/EEA/CH); they sample aggregate behaviour and contain no personally identifying data.
- Marketing cookies on citesvue.com are limited to consent-gated visit measurement. We do not use ad-tech retargeting.
Small text files, similar tech, same purpose.
A cookie is a small text file a site stores in your browser. We also use closely related technologies — local storage, session storage, and pixels (1×1 transparent images) — for the same purposes described here. Throughout this page, “cookies” means cookies and these similar technologies.
Cookies are either first-party (set by Citesvue) or third-party (set by another domain loaded by the page). They are session cookies (deleted when the browser closes) or persistent cookies (stay until the expiry date or until you delete them).
The full list, by category.
cv_ are ours.Three categories. The first two run by default.
1. Strictly necessary
Required for the application to function. Cannot be disabled — without them, the app cannot authenticate you or protect your session. These are exempt from consent requirements under GDPR (Recital 32 / ePrivacy Article 5(3) “strictly necessary” exemption).
| Cookie | Set by | Purpose | Expiry |
|---|---|---|---|
| cv_session | Citesvue | Authentication & session integrity | Session |
| cv_csrf | Citesvue | Cross-site request forgery protection | Session |
| cv_ws | Citesvue | Routes the request to the correct workspace tenancy | Session |
2. Functional
Remember low-risk personalisation choices so you don’t have to set them on every visit. None of these contain identifiers that can profile you across sites.
| Cookie | Set by | Purpose | Expiry |
|---|---|---|---|
| cv_pref_tz | Citesvue | Remembers your timezone preference | 12 months |
| cv_pref_theme | Citesvue | Remembers light/dark display preference | 12 months |
| cv_pref_region | Citesvue | Remembers data-residency region selection (EU / US / Global) | 12 months |
| cv_recent_ws | Citesvue | Last-active workspace, for fast switching | 12 months |
3. Analytics (first-party, privacy-respecting)
Aggregate product analytics — what features are used, where errors happen, how the application performs in the field. We use a first-party identifier that is not joined with any third-party graph and is not used for cross-site tracking. In jurisdictions where consent is required, these are off by default until you opt in via the in-product or banner control.
| Cookie | Set by | Purpose | Expiry |
|---|---|---|---|
| cv_anon_id | Citesvue | Aggregate, privacy-respecting product analytics — first-party only, no cross-site tracking | 13 months |
| cv_perf | Citesvue | Anonymous performance & error sampling for the Service | 6 months |
Consent-gated visit measurement only.
The marketing site (citesvue.com pages outside the authenticated app) uses two consent-gated first-party cookies. Where required, both are off until you accept analytics in the consent banner. We do not load Google Ads, Meta Pixel, LinkedIn Insight, TikTok Pixel, or any other ad-network tracker on this site.
| Cookie | Set by | Purpose | Expiry |
|---|---|---|---|
| cv_mkt_consent | Citesvue | Records the choice made in the consent banner | 6 months |
| cv_visit | Citesvue | First-party visit counting & navigation analytics on citesvue.com (consent-gated where required) | 13 months |
Where a vendor processes the data, the data stays first-party.
- Application observability. A first-party error- and performance-monitoring tool. Receives anonymised diagnostic samples; does not set its own cookies on your browser.
- Email & support tooling. Used after you contact us. Does not set marketing cookies on this site.
- Embedded video (where used). If a marketing page embeds a third-party video (e.g. a recorded webinar), the embed is loaded in privacy-enhanced mode wherever the provider supports it (e.g.
youtube-nocookie.com) and only after consent if required.
How to opt in, opt out, and change your mind.
- Consent banner. Visitors from EU/UK/EEA/CH (and other jurisdictions requiring consent) see a banner on first visit with three choices: accept all, reject all (non-essential), or customise. Strictly necessary cookies remain enabled regardless.
- Withdraw at any time. Use the “Cookie preferences” link in the footer to reopen the choice and change it. Your decision is recorded for 6 months, after which we ask again.
- Do Not Track / Global Privacy Control. We honour the GPC signal. Browsers sending
Sec-GPC: 1are treated as having opted out of consent-gated cookies. - In-product control. Inside the application, workspace owners can disable optional analytics for the entire workspace. Members can disable optional analytics for their own session.
Block, delete, or be told about cookies before they’re set.
Most browsers let you view, manage, or delete cookies for any site. The exact path depends on the browser — these are the typical entry points:
- Chrome / Edge: Settings → Privacy & security → Cookies and other site data.
- Firefox: Settings → Privacy & Security → Cookies and Site Data.
- Safari (macOS): Settings → Privacy.
- Safari (iOS): Settings → Safari → Privacy & Security.
When this list changes, this page changes.
We update this page when we add, remove, or change a cookie. Material changes (a new category, a new vendor) are also surfaced via the consent banner so you can review and re-consent. Past versions are available on request.
The single inbox.
Questions about this policy: privacy@citesvue.com. Or use the form at /contact?topic=privacy.