Legal · Cookies

Cookies Policy

This policy explains the cookies and similar technologies Yezda uses on yezda.co.uk and in the customer portal, the lawful basis for each, and how you can control them. It complements our Privacy Policy and is written to comply with PECR and the UK GDPR.

LAST UPDATED · 25 April 2026JURISDICTION · ENGLAND & WALESEN-GB

1. What cookies are

Cookies are small text files placed on your device when you visit a site. We also use closely-related technologies — local storage, session storage, and pixel tags — which we collectively refer to as "cookies" in this policy.

2. How we use cookies

We use cookies to keep you signed in, remember preferences, secure your session, measure how the site is used, and improve performance. We do not use cookies for cross-site behavioural advertising, and we do not sell cookie data.

3. Categories we set

  • Strictly necessary — required for the site to work (auth, CSRF, load balancing). No consent required under PECR reg. 6(4).
  • Functional — remember your choices (language, theme, dismissed banners). Set only with your consent.
  • Performance / analytics — first-party analytics so we can improve the site. Set only with your consent.
  • Security — bot detection and abuse prevention on the public verification page. Set under legitimate-interests / strictly necessary.

4. Cookies we use

NamePurposeCategoryExpiry
yz_sessionAuthenticated sessionStrictly necessarySession
yz_csrfCross-site request forgery tokenStrictly necessarySession
yz_lbLoad-balancer affinityStrictly necessary1 hour
yz_consentStores your cookie choicesStrictly necessary12 months
yz_pref_densityRemembers UI density choiceFunctional12 months
yz_pref_themeRemembers light/dark choiceFunctional12 months
_plausibleAnonymous, cookieless analytics ping (no ID stored)Performancen/a
yz_verify_rlRate-limit token on the public verify pageSecurity15 minutes

5. Third-party cookies

Yezda's marketing site does not embed advertising, social, or behavioural-tracking SDKs. The customer portal uses no third-party cookies. The candidate mobile app uses Firebase Cloud Messaging tokens for push delivery — these are device tokens, not browser cookies, and are described in the Privacy Policy.

On your first visit, you are asked to accept or reject non-essential cookies via our cookie banner. You can change your choice at any time using the "Cookie preferences" link in the footer. You can also block or delete cookies in your browser:

Blocking strictly-necessary cookies will prevent the customer portal from working.

7. Do Not Track

We honour Global Privacy Control (GPC) signals: a GPC=1 header is treated as an opt-out from non-essential cookies for that visitor.

8. Changes

If we add or change cookies, this page will be updated and the "Last updated" date revised. Material additions in non-essential categories will trigger a renewed consent prompt.

9. Contact

Questions: dpo@yezda.co.uk.