Cookie Policy

Last updated: 30 June 2026 · Effective date: 27 April 2026

At a glance

This policy explains what cookies are, which cookies we use on motleyexim.com, what they do, how long they last, who has access to them, and how you can manage or withdraw consent. It supplements our Privacy Policy and applies in addition to your rights under India's Digital Personal Data Protection Act 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), the ePrivacy Directive 2002/58/EC, the UK Privacy and Electronic Communications Regulations (PECR), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA).

1. What are cookies?

Cookies are small text files that a website places on your device. They store information so the site can remember your preferences and give you a faster, safer experience on subsequent visits. Similar technologies include local-storage entries, session-storage entries, pixels, and SDKs in mobile apps. Where we refer to "cookies" in this policy, we mean cookies and similar technologies, except where the difference matters.

Cookies are classified by who sets them, how long they last, and what they are used for:

2. Cookies we use

At present, only the strictly-necessary cookies below are actively set on motleyexim.com. The analytics rows (Google Analytics 4) are listed as forward-looking: they will only fire if and when GA4 is configured AND you accept the consent banner. The "do NOT use" list in section 2.1 reflects what we do not and will not deploy.

Cookie Type Purpose Duration Set by
cf_clearance, __cf_bm Strictly necessary Cloudflare DDoS / bot protection / WAF challenge state Session / up to 30 days Cloudflare
me_cookie_consent Strictly necessary Remembers your cookie consent choice (accept / reject / preferences) 6 months (tighter than CNIL's 13-month cap) motleyexim.com
me_form_token Strictly necessary Anti-CSRF token for inquiry forms; bot-detection timing Session motleyexim.com
_ga Analytics (consented only) — forward-looking Google Analytics 4 — distinguish unique users for aggregated traffic stats Up to 6 months (we cap well below the GA4 default 2 years) Google
_ga_<container> Analytics (consented only) — forward-looking GA4 session state; per-property identifier Up to 6 months Google
_gid Analytics (consented only) — forward-looking Distinguish users within a 24-hour window 24 hours Google

The cookies marked "consented only" are not set unless and until you click "Accept" on our cookie banner, set "Accept analytics" in preferences, or otherwise grant consent. Strictly-necessary cookies are set on every visit because the site cannot function without them.

2.1 Cookies we do NOT use

We do not set:

3. Strictly necessary cookies (no consent required)

Under Article 5(3) of the ePrivacy Directive, the proviso to ePrivacy implementing legislation in EU Member States, the UK PECR, and equivalent rules elsewhere, "strictly necessary" cookies are exempt from the consent requirement. We rely on this exemption only for cookies that are essential for delivering a service explicitly requested by you, such as security, load balancing, session-state, and remembering your consent choice itself. They cannot be disabled without breaking the site.

Bot protection (Google reCAPTCHA v3). When enabled, our contact forms use Google reCAPTCHA v3 to block automated abuse. reCAPTCHA sets a _GRECAPTCHA cookie (and similar tokens) and analyses interaction signals to score each submission. Because this is strictly necessary to protect the forms from spam and abuse — a security service you implicitly request by using the form — it is treated as a strictly-necessary measure and is not gated behind the analytics-consent banner. reCAPTCHA data is processed by Google LLC under Google's privacy policy; see also the reCAPTCHA terms. This is forward-looking: it applies only once reCAPTCHA is configured on the site.

4. Analytics cookies (consent required)

We use Google Analytics 4 to understand which pages are popular, how visitors find us, and where they drop off. Analytics cookies are NOT set unless you consent on our cookie banner.

5. Marketing & advertising cookies

We do not use marketing or advertising cookies. We do not run retargeting campaigns, conversion pixels, or third-party advertising trackers. Because of this, the "Accept" path on our cookie banner does not trigger any advertising-related processing.

6. Cross-jurisdiction summary

RegionStatutory basisOur default behaviour
EU / EEA ePrivacy Directive 2002/58/EC; GDPR Arts 6 & 7 Opt-in. No analytics fire before you click Accept. Reject is symmetric to Accept.
United Kingdom PECR; UK GDPR Opt-in. Same banner behaviour as EU.
India DPDP Act 2023 (in particular §6 consent requirements once in force) and IT Act 2000 Opt-in for analytics. We honour the DPDP §6(1)–(2) standard for consent (free, specific, informed, unconditional, unambiguous).
California (CCPA / CPRA) and other US states Cal. Civ. Code §1798; VCDPA, CPA, CTDPA, UCPA, TDPSA, etc. Opt-out + GPC honoured. We do not "sell" or "share" personal information for cross-context behavioural advertising.
Other jurisdictions Various (PIPL, APPI, PIPA, LGPD, PDPA, etc.) We apply the more protective of the local rule and the EU/India default.

7. Manage your preferences

You can also manage cookies via your browser settings:

8. Withdraw consent (DPDP §6 / GDPR Art 7)

You may withdraw consent at any time. The simplest way is to click "Reject Non-Essential Cookies" above; this clears analytics cookies, sets me_cookie_consent to rejected, and updates Google Consent Mode v2 to a fully denied state. Withdrawal of consent applies prospectively; processing already performed under valid consent remains lawful.

9. Global Privacy Control (GPC)

If your browser sends the Global Privacy Control signal (Sec-GPC: 1), we treat it as a valid opt-out under CCPA / CPRA and as a withdrawal of any prior cookie consent. We will not set analytics cookies on visits where GPC is enabled, and we will suppress the consent banner since the choice is already expressed by the signal.

10. Google Consent Mode v2 mapping

We send the following Google Consent Mode v2 signals to gtag in line with your banner choices. The default state is fully denied; signals are updated (granted or denied) only after you make a choice or after we detect a GPC signal.

Stateanalytics_storagead_storagead_user_dataad_personalization
Default (pre-consent)denieddenieddenieddenied
Accept allgranteddenied (we don't run ads)denieddenied
Accept analytics onlygranteddenieddenieddenied
Reject / GPC signaldenieddenieddenieddenied

11. Children

motleyexim.com is a B2B defence-procurement website and is not directed to anyone under 18. We do not knowingly set non-essential cookies on devices used by children. The protections of DPDP Act §9 and GDPR Art 8 apply.

12. Changes to this policy

We may update this Cookie Policy as our practices, sub-processors, or applicable law evolve. Material changes will be flagged at the top with an updated date. Material additions to the cookie inventory will trigger a re-prompt of the consent banner so you can review your preferences.

13. Grievance Officer and complaints

If you believe a cookie was set without proper consent, or if the consent banner is not behaving as described, please raise a grievance with our designated Grievance Officer Tejasvi Shedha (Business Development Executive) at evolve@motleyexim.com. We acknowledge within 24 hours and resolve within 15 days. Full process at /grievance-officer/. You may also lodge a complaint directly with the Data Protection Board of India (DPDP §18), your EU / UK supervisory authority, your state Attorney General (US), or the relevant authority in your jurisdiction.

14. Contact

Questions about cookies? Email info@motleyexim.com or read our Privacy Policy and Terms of Service.

Cookie-specific grievances: Tejasvi Shedha, Business Development Executive — evolve@motleyexim.com — full process at /grievance-officer/.