COOKIE POLICY
Version 1.0 — Effective: 25 August 2025
| Merchant of Record (Controller for cookies set by us) | THE REAL DEAL PROVIDERS LTD |
| Company Number | 16108011 (England & Wales) |
| Registered Office | Dept 6152, 43 Owston Road, Carcroft, Doncaster, United Kingdom, DN6 8DA |
| Website | https://visual-foundry.com |
| Contact | info@visual-foundry.com |
Cookies are small text files placed on your device when you visit a website. We also use similar technologies such as local storage, SDK storage, pixels, tags, and device identifiers (collectively, “cookies”).
Cookies enable core functionality (e.g., session management, security), help us understand how the Site is used, and support features such as remembering preferences and measuring campaign performance.
We comply with the UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR. We obtain your consent before setting non‑essential cookies. Strictly necessary cookies do not require consent.
You can manage your preferences at any time via our cookie banner or settings (“Cookie Preferences”). Your selection will be stored and respected on subsequent visits from the same browser.
If you delete or block cookies, some features of the Site may not function properly.
We use cookies for the following purposes:
| Category | Purpose | Examples | Is Consent Required? | Typical Retention |
| Essential | Session continuity, CSRF protection, load balancing | session_id, csrf_token, route | No | Session / up to 12 months |
| Performance/Analytics | Usage metrics, diagnostics | _ga, _gid, _clck | Yes | Up to 26 months |
| Functional/Preferences | Remember choices, currency | currency_pref, locale, theme | Yes | 6–24 months |
| Advertising/Marketing | Attribution, ad reach/frequency | _gcl_au, fbp | Yes | 3–24 months |
| Security/Fraud | Bot detection, risk scoring | cf_chl_*, turnstile_* | Yes (unless strictly necessary) | Up to 12 months |
This is a representative list; the live inventory may vary by release. See Annex A for the current inventory.
| Name | Purpose | Duration | Category |
| vf_session | Maintain logged‑in session and route requests | Session | Essential |
| vf_csrf | CSRF protection for forms and API calls | Session | Essential |
| vf_cookie_consent | Store your cookie preferences | 12 months | Essential |
| vf_currency | Remember currency selection (USD/EUR/AUD/CAD) | 12 months | Functional/Preferences |
| vf_ui_prefs | Remember UI settings such as theme/language | 12 months | Functional/Preferences |
We may use third‑party services (e.g., analytics, CDN, anti‑fraud, marketing). Where these providers place cookies, they act as independent controllers or processors. Non‑essential third‑party cookies are used only with your consent.
| Provider | Service/Purpose | Cookie Examples | Category | Link / Controls |
| Analytics provider (e.g., Google Analytics) | Usage analytics and diagnostics | _ga, _gid, _gat | Performance/Analytics | Disable in Cookie Preferences; provider’s opt‑out tools may also apply |
| Anti‑fraud (e.g., Cloudflare Turnstile/ReCAPTCHA) | Bot detection and security | cf_chl_*, _grecaptcha | Security/Fraud | Controls via Cookie Preferences (where non‑essential) |
| Marketing/Attribution | Measure campaigns, ad attribution | _gcl_au, _fbp | Advertising/Marketing | Disable in Cookie Preferences |
| CDN/Media | Performance and content delivery | CDN cache IDs | Essential/Performance | Managed by us; essential where strictly required |
Note: The specific vendors and cookies in use may change over time. We will update Annex A periodically to reflect the current inventory.
• Use the Cookie Preferences control in the banner or footer to accept/reject categories at any time.
• You can also set your browser to block cookies or to alert you when cookies are being set. If you block cookies, parts of the Site may not function properly.
• Preferences are browser‑ and device‑specific. Deleting cookies will remove your stored choices.
• We do not currently respond to Do Not Track (DNT) signals. If we support additional browser‑level signals (e.g., GPC) in future, we will update this Policy.
Where cookies result in transfers of personal data outside the UK, we implement appropriate safeguards (e.g., the UK IDTA or UK Addendum to the SCCs) and vendor due diligence.
The Site is intended for users aged 18+. We do not knowingly set cookies to profile children.
We may update this Policy from time to time, for example to reflect changes in law, technology, or our use of cookies. We will post the updated version with a new effective date.
Questions about this Policy or our cookie practices: info@visual-foundry.com
This annex should be refreshed whenever tags or vendors change. It lists the live cookies observed in production environments.
| Name | Provider | Purpose | Category | Duration | Is Consent Required? |
| vf_session | visual-foundry.com | Maintain logged‑in session | Essential | Session | No |
| vf_cookie_consent | visual-foundry.com | Store cookie choices | Essential | 12 months | No |
| _ga | Analytics provider | Usage analytics | Performance/Analytics | 13 months (typical) | Yes |
| _gcl_au | Marketing provider | Ad attribution | Advertising/Marketing | 3 months (typical) | Yes |
| cf_chl_* | Anti‑fraud provider | Bot detection | Security/Fraud | Up to 12 months | Depends (often Yes) |
Our Consent Management Platform (CMP) stores: (a) timestamp and version of the banner; (b) user selections by category; (c) device/browser identifiers; and (d) country inference where applicable. We retain consent logs for up to 24 months for audit and compliance.
• All non‑essential tags must be routed through the CMP and fire only after consent.
• Use server‑side tagging where feasible to minimise client‑side identifiers.
• Maintain a changelog for any new third‑party tags (owner, purpose, data fields, country of processing, DPA status).
• Before adding a vendor, complete a DPIA (if required) and ensure transfer safeguards for any non‑UK processing.
