Cookie Policy

Effective Date: 19 June 2026Version: 1.3.6

This Cookie Policy explains how RevvTik uses cookies and similar technologies when you visit our websites and use our services. It should be read together with our Privacy Policy, which describes how we process personal data more broadly.

What are cookies and similar technologies?

Cookies are small text files placed on your device when you visit a website. Similar technologies - such as session identifiers and preference records - serve comparable functions. Together, they help our services operate securely, remember your sign-in state, and maintain your experience across visits.

Under the ePrivacy Directive and UK PECR, certain strictly necessary technologies may be used without consent because they are required to provide a service you request. Other categories require your consent before they are activated, in line with GDPR transparency and choice requirements.

1. Strictly necessary technologies (no consent required)

These technologies are essential to deliver the RevvTik service you request. They support authentication, session continuity, security, and core functionality. We rely on the strictly necessary exemption under applicable ePrivacy rules and do not use them for analytics, advertising, or profiling.

CategoryProviderPurposeDurationLegal basis
Access session cookie (rt_at)RevvTikHttpOnly cookie carrying a short-lived signed access token (JSON Web Token, JWT) so your browser can call the RevvTik API while you are signed inFifteen (15) minutes; renewed automatically while your session is activeStrictly necessary
Refresh session cookie (rt_rt)RevvTikHttpOnly cookie carrying an opaque rotating refresh token used to obtain a new access token without re-entering your password; stored only as a hash on our serversUp to seven (7) days of inactivity, or until you sign out — whichever occurs firstStrictly necessary
Security technologiesRevvTikProtect the service and your account from unauthorised access, abuse, and fraudulent activitySession-based or short-lived, as required for security validationStrictly necessary
Preference technologiesRevvTikRemember choices you make in the interface - such as layout or display settings - so the service works consistently for youUntil you sign out, clear your browser data, or change your preferencesStrictly necessary / functional

The specific technologies used may evolve as we improve the service. Any material change to categories, purposes, or retention will be reflected in an updated version of this policy before deployment.

Customer workspace sign-in uses a server-side session model. After successful authentication (email and password and/or Google OAuth, where enabled), RevvTik issues a short-lived signed access token (JSON Web Token, JWT) in an HttpOnly cookie named `rt_at` (fifteen (15) minutes) and a rotating opaque refresh token in a separate HttpOnly cookie named `rt_rt` (up to seven (7) days of inactivity, or until you sign out). Refresh tokens are stored only as cryptographic hashes in our database; if a revoked refresh token is reused, the session is ended for security. JWT access tokens are sent automatically by your browser on API requests and are not stored in `localStorage` or `sessionStorage`. For UI convenience, a minimal user profile (such as display name and role) may be cached locally without session secrets.

A minimal user profile (for example display name and role) may be stored in browser localStorage for interface convenience. That cache does not contain JWT access or refresh tokens.

2. Analytics and marketing (consent required)

We do not currently deploy non-essential analytics or marketing cookies, pixels, or similar tracking technologies on the production RevvTik application.

If we introduce such technologies in the future, we will deploy a consent management platform (CMP), obtain opt-in consent before any non-essential technology is activated, and update this policy and our cookie inventory before those technologies go live. Where we adopt measurement approaches that minimise personal data and avoid identifying cookies, we will describe them here and align our approach with data protection by design (Art. 25 GDPR).

3. Managing your preferences

When a consent management platform is enabled, you may use Cookie settings in the site footer or the consent banner to accept or reject non-essential categories. You may withdraw or change your choices at any time. Non-essential categories will default to rejected until you provide consent; Accept and Reject controls will be presented with equal prominence, in line with GDPR and ePrivacy expectations.

To end an active session today, use Sign out in the application. You may also remove site data through your browser settings. Clearing strictly necessary technologies may require you to sign in again.

4. International users

RevvTik is established in the United Kingdom. If you access our services from the EU, EEA, or other jurisdictions, this policy applies alongside our Privacy Policy. Where local law grants additional rights regarding cookies or similar technologies, we honour those rights to the extent required.

5. Updates to this policy

We review this Cookie Policy periodically and update it when our use of cookies or similar technologies changes. Material updates are reflected in the version number below. We encourage you to review this page when we notify you of significant changes.


Contract entity & contact

RevvTik Ltd
128 City Road
London EC1V 2NX
United Kingdom

Support and Legal Contact: support@revvtik.com

Related policies: Privacy Policy · Terms of Service