Cookie Policy
Last updated: 30 June 2026 · Effective date: 27 April 2026
At a glance
- No advertising, no retargeting, no fingerprinting. We do not run marketing cookies on motleyexim.com.
- Only strictly-necessary cookies are active by default — security (Cloudflare), session tokens, and your consent choice. Analytics cookies (Google Analytics 4) are listed as forward-looking and only fire if you accept the consent banner.
- First-party persistent cookies expire in 6 months (tighter than CNIL's 13-month maximum). _gid is 24 hours.
- You can withdraw consent at any time via the cookie banner re-opener, your browser settings, or the Global Privacy Control (GPC) signal — we honour GPC as an automatic opt-out.
- Grievance Officer for cookie issues: Tejasvi Shedha — evolve@motleyexim.com.
This policy explains what cookies are, which cookies we use on motleyexim.com, what they do, how long they last, who has access to them, and how you can manage or withdraw consent. It supplements our Privacy Policy and applies in addition to your rights under India's Digital Personal Data Protection Act 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), the ePrivacy Directive 2002/58/EC, the UK Privacy and Electronic Communications Regulations (PECR), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA).
1. What are cookies?
Cookies are small text files that a website places on your device. They store information so the site can remember your preferences and give you a faster, safer experience on subsequent visits. Similar technologies include local-storage entries, session-storage entries, pixels, and SDKs in mobile apps. Where we refer to "cookies" in this policy, we mean cookies and similar technologies, except where the difference matters.
Cookies are classified by who sets them, how long they last, and what they are used for:
- First-party cookies are set by motleyexim.com itself.
- Third-party cookies are set by another domain that loads content on this page (for example, Google for analytics).
- Session cookies are deleted when you close your browser.
- Persistent cookies stay on your device until they expire or you delete them. We cap persistent first-party cookies at six (6) months — tighter than CNIL's 13-month maximum.
2. Cookies we use
At present, only the strictly-necessary cookies below are actively set on motleyexim.com. The analytics rows (Google Analytics 4) are listed as forward-looking: they will only fire if and when GA4 is configured AND you accept the consent banner. The "do NOT use" list in section 2.1 reflects what we do not and will not deploy.
| Cookie | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
cf_clearance, __cf_bm |
Strictly necessary | Cloudflare DDoS / bot protection / WAF challenge state | Session / up to 30 days | Cloudflare |
me_cookie_consent |
Strictly necessary | Remembers your cookie consent choice (accept / reject / preferences) | 6 months (tighter than CNIL's 13-month cap) | motleyexim.com |
me_form_token |
Strictly necessary | Anti-CSRF token for inquiry forms; bot-detection timing | Session | motleyexim.com |
_ga |
Analytics (consented only) — forward-looking | Google Analytics 4 — distinguish unique users for aggregated traffic stats | Up to 6 months (we cap well below the GA4 default 2 years) | |
_ga_<container> |
Analytics (consented only) — forward-looking | GA4 session state; per-property identifier | Up to 6 months | |
_gid |
Analytics (consented only) — forward-looking | Distinguish users within a 24-hour window | 24 hours |
The cookies marked "consented only" are not set unless and until you click "Accept" on our cookie banner, set "Accept analytics" in preferences, or otherwise grant consent. Strictly-necessary cookies are set on every visit because the site cannot function without them.
2.1 Cookies we do NOT use
We do not set:
- Marketing or advertising cookies, retargeting pixels, or third-party advertising trackers.
- Conversion-attribution pixels for paid campaigns.
- Cross-site tracking cookies for behavioural advertising.
- Social-media sharing widgets that drop third-party cookies (any social links on this site are plain hyperlinks).
- Fingerprinting scripts or browser-fingerprinting libraries.
3. Strictly necessary cookies (no consent required)
Under Article 5(3) of the ePrivacy Directive, the proviso to ePrivacy implementing legislation in EU Member States, the UK PECR, and equivalent rules elsewhere, "strictly necessary" cookies are exempt from the consent requirement. We rely on this exemption only for cookies that are essential for delivering a service explicitly requested by you, such as security, load balancing, session-state, and remembering your consent choice itself. They cannot be disabled without breaking the site.
Bot protection (Google reCAPTCHA v3). When enabled, our contact forms use Google reCAPTCHA v3 to block automated abuse. reCAPTCHA sets a _GRECAPTCHA cookie (and similar tokens) and analyses interaction signals to score each submission. Because this is strictly necessary to protect the forms from spam and abuse — a security service you implicitly request by using the form — it is treated as a strictly-necessary measure and is not gated behind the analytics-consent banner. reCAPTCHA data is processed by Google LLC under Google's privacy policy; see also the reCAPTCHA terms. This is forward-looking: it applies only once reCAPTCHA is configured on the site.
4. Analytics cookies (consent required)
We use Google Analytics 4 to understand which pages are popular, how visitors find us, and where they drop off. Analytics cookies are NOT set unless you consent on our cookie banner.
- IP addresses are anonymised before processing (last octet truncated by Google).
- We have not enabled Google Signals or any cross-device features that would link your visit to a Google account.
- Data is processed by Google LLC under Google's privacy policy and the EU Standard Contractual Clauses.
- You can opt out independently via Google's opt-out browser add-on.
- We retain GA4 user-level data for the minimum 2-month retention permitted by GA4; aggregated reports are kept longer.
5. Marketing & advertising cookies
We do not use marketing or advertising cookies. We do not run retargeting campaigns, conversion pixels, or third-party advertising trackers. Because of this, the "Accept" path on our cookie banner does not trigger any advertising-related processing.
6. Cross-jurisdiction summary
| Region | Statutory basis | Our default behaviour |
|---|---|---|
| EU / EEA | ePrivacy Directive 2002/58/EC; GDPR Arts 6 & 7 | Opt-in. No analytics fire before you click Accept. Reject is symmetric to Accept. |
| United Kingdom | PECR; UK GDPR | Opt-in. Same banner behaviour as EU. |
| India | DPDP Act 2023 (in particular §6 consent requirements once in force) and IT Act 2000 | Opt-in for analytics. We honour the DPDP §6(1)–(2) standard for consent (free, specific, informed, unconditional, unambiguous). |
| California (CCPA / CPRA) and other US states | Cal. Civ. Code §1798; VCDPA, CPA, CTDPA, UCPA, TDPSA, etc. | Opt-out + GPC honoured. We do not "sell" or "share" personal information for cross-context behavioural advertising. |
| Other jurisdictions | Various (PIPL, APPI, PIPA, LGPD, PDPA, etc.) | We apply the more protective of the local rule and the EU/India default. |
7. Manage your preferences
You can also manage cookies via your browser settings:
8. Withdraw consent (DPDP §6 / GDPR Art 7)
You may withdraw consent at any time. The simplest way is to click "Reject Non-Essential Cookies" above; this clears analytics cookies, sets me_cookie_consent to rejected, and updates Google Consent Mode v2 to a fully denied state. Withdrawal of consent applies prospectively; processing already performed under valid consent remains lawful.
9. Global Privacy Control (GPC)
If your browser sends the Global Privacy Control signal (Sec-GPC: 1), we treat it as a valid opt-out under CCPA / CPRA and as a withdrawal of any prior cookie consent. We will not set analytics cookies on visits where GPC is enabled, and we will suppress the consent banner since the choice is already expressed by the signal.
10. Google Consent Mode v2 mapping
We send the following Google Consent Mode v2 signals to gtag in line with your banner choices. The default state is fully denied; signals are updated (granted or denied) only after you make a choice or after we detect a GPC signal.
| State | analytics_storage | ad_storage | ad_user_data | ad_personalization |
|---|---|---|---|---|
| Default (pre-consent) | denied | denied | denied | denied |
| Accept all | granted | denied (we don't run ads) | denied | denied |
| Accept analytics only | granted | denied | denied | denied |
| Reject / GPC signal | denied | denied | denied | denied |
11. Children
motleyexim.com is a B2B defence-procurement website and is not directed to anyone under 18. We do not knowingly set non-essential cookies on devices used by children. The protections of DPDP Act §9 and GDPR Art 8 apply.
12. Changes to this policy
We may update this Cookie Policy as our practices, sub-processors, or applicable law evolve. Material changes will be flagged at the top with an updated date. Material additions to the cookie inventory will trigger a re-prompt of the consent banner so you can review your preferences.
13. Grievance Officer and complaints
If you believe a cookie was set without proper consent, or if the consent banner is not behaving as described, please raise a grievance with our designated Grievance Officer Tejasvi Shedha (Business Development Executive) at evolve@motleyexim.com. We acknowledge within 24 hours and resolve within 15 days. Full process at /grievance-officer/. You may also lodge a complaint directly with the Data Protection Board of India (DPDP §18), your EU / UK supervisory authority, your state Attorney General (US), or the relevant authority in your jurisdiction.
14. Contact
Questions about cookies? Email info@motleyexim.com or read our Privacy Policy and Terms of Service.
Cookie-specific grievances: Tejasvi Shedha, Business Development Executive — evolve@motleyexim.com — full process at /grievance-officer/.
