Cookie Policy

Cookie Policy

24 June 2026

1. What Is This Policy About

This Cookie Policy applies to all visitors of our Software, website, social media pages, and other digital platforms operated by yure.ai d.o.o. ("we", "us", "our"). It explains the types of cookies we use, the personal data we collect through them, the legal basis for each type of processing, how long we retain that data, and your rights in connection with it. For more details on how we collect, process, share, and protect your personal data generally, please refer to our Privacy Policy.

2. What Are Cookies

Cookies are small text files stored on the browser or hard drive of your computer, smartphone, or any other device you use to access our Software. A cookie typically contains the name of the website it came from, its "lifetime" (i.e., how long it will remain on your device), and a value - usually a randomly generated unique number.

Session cookies are temporary and are deleted as soon as you close your browser. Persistent cookies remain on your device for a predetermined period specified in the cookie, or until manually deleted.

3. Why Do We Use Cookies

We use cookies for the following purposes:

  • to store information about your activities on the Software and customise it to your preferences;
  • to recognize your device when you revisit our Software;
  • to manage secure authentication sessions;
  • to gather anonymised and aggregated statistics that help us understand how users navigate our Software;
  • to continuously improve our Software based on users' interests.

4. Categories of Cookies We Use and Their Legal Basis

Based on their function, the cookies we use are classified into one of the following categories:

4.1 Strictly Necessary Cookies

These cookies are essential for the Software to function. Without them, services you have requested cannot be provided. They enable navigation, secure authentication (including CSRF protection and session management), and third-party login integrations.

Legal basis: Article 6(1)(b) GDPR - processing necessary for the performance of a contract to which the data subject is party (provision of the Software service). No consent is required for strictly necessary cookies, as their use is a condition of providing the requested service.

Retention: Session only - deleted when you close your browser, except for persistent authentication tokens which expire after 1 year. Personal data collected through strictly necessary cookies is retained for no longer than 12 months.

4.2 Performance Cookies

These cookies collect data on how you interact with our Software - for example, which pages you visit most frequently and whether you encounter error messages. They do not collect personally identifiable information in isolation.

Legal basis: Article 6(1)(f) GDPR - legitimate interests of yure.ai d.o.o. in understanding how the Software is used in order to improve its stability and user experience. We have assessed that this interest is not overridden by your fundamental rights and freedoms, given the anonymised nature of the data collected.

Retention: Session duration only.

4.3 Functionality Cookies

These cookies enable us to remember your preferences and customise the Software experience during your visit.

Legal basis: Article 6(1)(f) GDPR - legitimate interests in providing a personalised and consistent user experience.

Retention: Duration of your session, unless a persistent preference is explicitly saved by you.

4.4 Analytics Cookies

These cookies help us understand how visitors interact with our Software by collecting and reporting usage data through our analytics service provider.

Legal basis: Article 6(1)(a) GDPR - your consent, obtained through our cookie consent banner before the cookie is set. You may withdraw your consent at any time (see Section 8 below).

Retention: Analytics cookies persist for 1 year on your device. Aggregated analytics data is retained by us for a period of 24 months from collection, after which it is deleted or anonymised.

5. Cookie Table

Cookie NameCategoryPurposeTypeDuration
host-nextauth.csrf-tokenStrictly NecessaryCSRF protection token for secure authenticationNecessarySession
secure-nextauth.callbackurlStrictly NecessarySecures authentication redirect URLsNecessarySession
secure-nextauth.sessiontokenStrictly NecessaryManages secure authentication sessionNecessary1 year
ph_phc_*AnalyticsAnalytics tracking - usage patterns, page views, feature interactionAnalytics1 year
google-authsessionStrictly NecessaryAuthentication session management for third-party loginNecessarySession

Please note that cookie names may change over time as our technology evolves. We will update this table accordingly.

6. Third-Party Service Providers and International Transfers

6.1 Use of Third-Party Service Providers

We use third-party service providers to support certain technical functions of our Software, including secure authentication and product analytics. These providers process personal data on our behalf as data processors, under data processing agreements that impose appropriate data protection obligations.

6.2 Transfers to Third Countries

Some of our service providers are based in the United States of America, which is a country outside the European Economic Area. Personal data collected through cookies and processed by these providers is therefore transferred to the United States (a third country).

We have implemented the following safeguards for all such transfers:

  • EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module 2) - incorporated into our data processing agreements with each relevant provider; and/or
  • EU-U.S. Data Privacy Framework (DPF) - where the provider is certified under the DPF.

You may request information about our specific third-party providers and the applicable transfer safeguards by contacting us at info@yure.ai.

7. Data Retention

Data CategoryRetention Period
Authentication session data (strictly necessary cookies)Duration of your session; max. 12 months for persistent session tokens
Analytics data24 months from collection, then deleted or anonymised

8. Your Rights

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR) in relation to personal data collected through cookies:

Right of access - You may request confirmation of whether we process your personal data and obtain a copy of that data.

Right to erasure ("right to be forgotten") - You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing.

Right to restriction of processing - You may request that we restrict processing of your personal data in certain circumstances.

Right to data portability - Where processing is based on consent or a contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

Right to object - You have the right to object at any time to processing of your personal data based on legitimate interests (performance and functionality cookies).

Right to withdraw consent - Where processing is based on your consent (analytics cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may withdraw consent by:

  • adjusting your cookie preferences using the "Customise my preferences" option in our cookie banner;
  • adjusting your browser settings (see Section 9 below); or
  • contacting us at info@yure.ai.

Right to lodge a complaint - You have the right to lodge a complaint with a supervisory authority. In the Republic of Croatia, the competent authority is the Agencija za zaštitu osobnih podataka (AZOP), Ulica Metela Ožegovića 16, 10000 Zagreb, azop@azop.hr.

To exercise any of the above rights, please contact us at info@yure.ai. We will respond within 30 days of receipt of your request.

9. How to Change Cookie Preferences or Block Cookies

Most browsers offer the option to block or limit the use of cookies through their settings. You may accept, reject, or delete cookies at any time by adjusting your browser settings.

For browser-specific instructions, please refer to:

• Google Chrome

• Safari

• Microsoft Edge

• Mozilla Firefox

Please be aware that blocking or deleting certain cookies - in particular strictly necessary cookies - may prevent you from accessing certain areas of our Software or may cause some features to function incorrectly.

10. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our use of cookies, applicable law, or our third-party service providers. Any changes will be posted on this page with an updated "last modified" date. We encourage you to review this page regularly. Where changes are material, we will notify you through a prominent notice on our Software or, where technically feasible, via email.

11. Contact Us

If you have any questions about our use of cookies or wish to exercise your rights, please contact us:

yure.ai d.o.o.

Ulica Radoslava Lopašića 8, Zagreb

Email: info@yure.ai