Legal
Cookies Policy
Cookies Policy
Last updated: 23 June 2026
This Cookies Policy explains how Private Hedge Limited uses cookies and similar technologies on privatehedge.co and on our platform at app.privatehedge.co. It should be read alongside our Privacy Policy, which explains how we handle personal data more generally.
In short
- Strictly necessary cookies are always on — the site cannot work without them.
- At launch we use only strictly necessary and preference cookies — no analytics or marketing cookies, and so no consent banner yet. Analytics and marketing technologies (and the consent banner) are introduced in a later phase; when they are, they run only if you consent, and you can change your mind at any time.
- We do not use your portfolio data, or any cookie, to advertise to you based on your holdings.
1. What cookies are
A cookie is a small text file placed on your device when you visit a website. Similar technologies — such as pixels, local storage and software development kits — work in comparable ways. Cookies can be set by us (first-party) or by a provider we use (third-party), and they can last only for your visit (session) or for a set period (persistent). We refer to all of these as "cookies" in this policy.
2. How we ask for your consent
At launch we set only strictly necessary and preference cookies, so no consent banner is shown. When we introduce analytics or marketing cookies in a later phase, a consent banner — provided by Cookiebot (Usercentrics) — will let you accept, reject or choose which categories of non-essential cookies you allow, and those cookies will be set only after you opt in. Strictly necessary cookies are always set without consent because the service cannot function without them.
You can change or withdraw your choices at any time:
- on the website, through the cookie preferences link in the footer or the Cookie settings control; and
- in the platform, under Settings → Privacy.
We keep a record of your consent so we can demonstrate that it was properly given; that record is retained for up to five years, as described in our Privacy Policy.
3. The categories of cookies we use
Strictly necessary (always active). These make the site work — they keep you signed in, keep your session secure, balance load, protect against fraud and bots, and remember your consent choices. They do not require consent and cannot be switched off through our banner.
Preferences (always active or consent-based depending on use). These remember choices such as your display currency, language and theme, so the site behaves the way you expect.
Analytics (consent required — introduced in a later phase). These help us understand how the site and platform are used so we can improve them — for example which features are used and where people encounter problems. They are not used at launch; when introduced, they run only if you opt in.
Marketing (consent required). These would be used to measure and, in later phases, support our own promotional activity. They run only if you opt in. We do not use them to target you based on your portfolio or financial data, and where we use them we limit them to non-financial data.
4. The cookies we use
The table below describes the main cookies in each category, including those introduced in a later phase. Once our consent tool is live, the complete, always-current list will be generated automatically and shown in the Cookie settings panel, where each cookie's provider, purpose and duration are listed.
Strictly necessary
| Cookie / technology | Set by | Purpose | Duration |
|---|---|---|---|
| Session / authentication token | Private Hedge | Keeps you signed in and your session secure | Session / up to 7 days |
| CSRF / request-integrity token | Private Hedge | Protects against forged requests | Session |
CookieConsent (later phase) |
Cookiebot | Stores your cookie-consent choices, once the consent banner is introduced | Up to 1 year |
__cf_bm / load-balancing |
Cloudflare / Vercel | Bot filtering and performance | 30 minutes – a few hours |
Stripe session (__stripe_mid, __stripe_sid) |
Stripe | Fraud prevention during payment | Session – 1 year |
Preferences
| Cookie / technology | Set by | Purpose | Duration |
|---|---|---|---|
| Currency / language / theme preference | Private Hedge | Remembers display settings | Up to 1 year |
Analytics (consent required — introduced in a later phase)
| Cookie / technology | Set by | Purpose | Duration |
|---|---|---|---|
_ga, _ga_* |
Google Analytics 4 | Distinguishes users and measures site usage | Up to 13 months |
PostHog (ph_*) |
PostHog | Product analytics — feature usage and diagnostics | Up to 1 year |
Marketing (consent required)
| Cookie / technology | Set by | Purpose | Duration |
|---|---|---|---|
| Advertising / measurement cookies | Third-party platforms, where used | Measure our own promotional activity | Varies by provider |
Note: at launch we use only strictly necessary and preference cookies. Analytics and marketing cookies — and the Cookiebot consent banner — are introduced in a later phase; when they are, they will appear in the live Cookie settings panel and run only with your consent.
5. Third-party cookies
Where a cookie is set by a third party (at launch, Cloudflare or Stripe; Google or PostHog once analytics is introduced), that provider processes the related data under its own privacy policy. We list these providers and the safeguards that apply in our Privacy Policy. Setting any non-essential third-party cookie requires your consent.
Separately from cookies, our website fonts are self-hosted, so loading them does not transmit your data to any third party. Where we use an IP-based lookup (ipapi) to set your display currency, that feature transmits your IP address to the provider to perform the lookup but does not set advertising cookies; it is listed, with the safeguards that apply, in our Privacy Policy.
6. Managing cookies in your browser
In addition to our consent controls, you can manage or delete cookies through your browser settings. Most browsers let you block or remove cookies and warn you before one is set. If you block strictly necessary cookies, parts of the Service may stop working.
7. "Do Not Track" and Global Privacy Control
Because there is no common industry standard for "Do Not Track" browser signals, we do not currently respond to them. We do honour Global Privacy Control (GPC) signals as a valid opt-out where applicable, as described in our Privacy Policy.
8. Changes to this policy
We may update this policy as our use of cookies changes. When we do, we will update the "Last updated" date, and the live Cookie settings panel will always reflect the cookies actually in use.
9. Contact
Questions about this policy can be sent to:
Private Hedge Limited Flat 620 New Providence Wharf, 1 Fairmont Avenue, London E14 9PF, United Kingdom Registered in England and Wales, company number 17034376. ICO registration ZC174437. Privacy: dataprotection@privatehedge.co