Trade Fair Wala
Register

Cookie policy

This document inventories first-party stamina cookies powering sessions, antifraud meshes, ticketing seat holds, multilingual toggles; third-party CDNs; optional remarketing sinks; ephemeral device IDs bridging mobile apps ↔ progressive web ticketing; Consent receipts mirrored into organizer dashboards for audit.

Policy digest · Quarterly review cycle

Laptop spreadsheet open on a café table

Consent surfaces & versioning

Layer A captures strictly necessary cryptography handshakes referencing payment iframes, seat map vector tiles, kiosk firmware upgrades. Layer B exposes analytics with IP truncation toggles honoring DNT successors. Layer C activates modeled remarketing cohorts gated behind granular copy referencing each partner’s DPA link. Consent proofs store hashed receipts with rotating salts for 400 days aligning with CPRA bookkeeping.

First-party stalwarts & TTL rationale

  • tf_session_core: rotates every 45 minutes idle/8 hours sliding; anchors CSRF defenses for dashboard mutations.
  • tf_ticket_halo: TTL 20 minutes aligning with ephemeral seat locks; invalidated on successful checkout webhook.
  • tf_locale_guard: persists 180 days respecting accessibility audit recommendations for multilingual visitors.
  • tf_device_guardian: fingerprints trusted kiosks; scrubbed nightly unless pinned by venue IT.

Third-party choreography

Maps SDKs lazily load only after gestures to reduce beacon noise. Fraud vendors receive clipped headers; IP full addresses never exit EU regions without SCC riders. Affiliate pixels demand signed contracts referencing organizer payouts. Sandbox iframes for payment processors inherit partitioned storage per CHIPS directives.

Local storage & service worker caches

PWAs stash offline agendas, laminated exhibitor SKU QR packs, multilingual glossaries capped at 3MB eviction LRU. Clearing site data nukes dormant caches older than six months automatically on next launch handshake.

Hardened browser fallbacks & enterprise policies

When cookies disabled, degraded flows keep essential ticket issuance via device-bound ephemeral tokens prompting fresh MFA. MDM-deployed kiosk profiles may whitelist telemetry endpoints subject to SOC2 change tickets.

Contact & preference refresh

Users may re-trigger consent dialogs from footer links, ticketing settings, kiosk welcome screens managed by concierge staff. Organizer admins can purge historical consent artifacts when legally compelled after jurisdictional rulings.