Manage Preferences
Effective Date: March 2, 2026
Last Updated: March 2, 2026
Entity: MariqueCalcus Ltd, trading as StayHawk (“Company,” “we,” “us,” or “our”)
1. Introduction
This Cookie and Tracking Policy (“Cookie Policy”) explains how StayHawk uses cookies, web beacons, pixels, and similar tracking technologies when you access our website and application (the “Service”). This Cookie Policy should be read in conjunction with our Privacy Policy.
2. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites function properly, improve user experience, and provide information to website operators. Cookies may be “session” cookies (deleted when you close your browser) or “persistent” cookies (remain on your device for a set period or until manually deleted).
3. Consent Architecture
3.1 Consent Model
StayHawk implements a strict opt-in consent model for all non-essential cookies and tracking technologies, in compliance with:
- EU ePrivacy Directive (Directive 2002/58/EC as amended)
- GDPR (for EU/EEA/UK users)
- CCPA/CPRA (for California residents)
3.2 Consent Mechanism
Upon your first visit to the Service, a cookie consent banner (“Consent Banner”) shall be displayed. The Consent Banner shall:
(a) Not use pre-checked boxes. No non-essential cookies shall be pre-selected;
(b) Provide granular choices. You may accept or reject each category of cookies independently;
(c) Provide equal prominence to “Accept All” and “Reject All” options;
(d) Not use dark patterns. The “Reject” option shall be equally accessible as the “Accept” option (same size, color prominence, and number of clicks);
(e) Block non-essential cookies until affirmative consent is given. No analytics, marketing, or preference cookies shall fire before consent;
(f) Be dismissible. Closing the banner without making a selection shall be treated as rejection of non-essential cookies.
3.3 Consent Storage
Your consent preferences shall be stored in a first-party cookie (stayhawk_consent) with the following properties:
| Property | Value |
|---|---|
| Type | First-party, persistent |
| Duration | 12 months |
| Content | JSON object recording per-category consent status and timestamp |
| Re-consent | Prompted after 12 months or upon material changes to this Cookie Policy |
3.4 Withdrawal of Consent
You may withdraw or modify your cookie consent at any time through the “Cookie Preferences” link available in the Service footer. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4. Categories of Cookies
4.1 Strictly Necessary Cookies (No Consent Required)
These cookies are essential for the Service to function and cannot be disabled. They do not require consent under applicable law.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
stayhawk_session | StayHawk | Session management, authentication state | Session |
stayhawk_consent | StayHawk | Stores your cookie consent preferences | 12 months |
stayhawk_csrf | StayHawk | Cross-site request forgery protection | Session |
| Paddle cookies | Paddle | Payment processing, fraud prevention | Varies |
| Kinde auth cookies | Kinde | Authentication, session management | Session |
Legal Basis: Strictly necessary for service delivery (no consent required under ePrivacy Directive Art. 5(3) exemption).
4.2 Functional/Preference Cookies (Consent Required)
These cookies enable enhanced functionality and personalization.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
stayhawk_theme | StayHawk | Stores UI theme preference (dark/light) | 12 months |
stayhawk_workspace | StayHawk | Remembers last active Workspace | 12 months |
stayhawk_locale | StayHawk | Stores language/locale preference | 12 months |
Legal Basis: Consent (opt-in). These cookies are blocked until you affirmatively consent to the “Preferences” category.
4.3 Analytics Cookies (Consent Required)
These cookies collect anonymized usage data to help us understand how Users interact with the Service.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Distinguishes unique users for Google Analytics 4 | 2 years | |
_ga_<container-id> | Maintains session state for Google Analytics 4 | 2 years |
Legal Basis: Consent (opt-in). These cookies are blocked until you affirmatively consent to the “Analytics” category.
Data Minimization Commitment: If analytics cookies are implemented, StayHawk commits to:
(a) Using privacy-focused analytics tools that do not perform cross-site tracking;
(b) Anonymizing IP addresses before storage;
(c) Not sharing analytics data with third parties for advertising purposes;
(d) Providing the option to opt out at any time.
4.4 Marketing/Advertising Cookies
StayHawk does not currently use marketing, advertising, or cross-site tracking cookies. If this changes in the future, this Cookie Policy shall be updated and re-consent shall be obtained.
5. Other Tracking Technologies
5.1 Web Beacons / Pixels
StayHawk may use web beacons (also known as “tracking pixels” or “clear GIFs”) in transactional emails (e.g., booking alerts, deadline reminders) to determine whether emails have been opened and links clicked. This data is used solely for measuring email delivery effectiveness and is not used for advertising.
Opt-out: You may disable image loading in your email client to prevent web beacon tracking.
5.2 Local Storage
StayHawk may use browser local storage (localStorage) and session storage (sessionStorage) for application state management (e.g., caching dashboard preferences, temporary form data). Local storage data is not transmitted to our servers and is not used for tracking purposes.
5.3 Server-Side Analytics
StayHawk collects server-side analytics (API request logs, error rates, performance metrics) through AWS CloudWatch. These logs contain IP addresses and request metadata. This data is used exclusively for system reliability and debugging and is retained for ninety (90) days.
6. Third-Party Cookies
6.1 Paddle
Paddle may place cookies for payment processing and fraud prevention. These are classified as strictly necessary for payment functionality. Paddle’s cookie usage is governed by Paddle’s Privacy Policy.
6.2 Kinde
Our authentication provider (Kinde) may place cookies for session management and authentication. These are classified as strictly necessary. Kinde’s cookie usage is governed by Kinde’s Privacy Policy.
6.3 No Third-Party Advertising
StayHawk does not permit third-party advertising networks to place cookies on the Service. We do not participate in real-time bidding (RTB), behavioral advertising, or data broker networks.
7. Consent Flow — Implementation Requirements
7.1 Technical Architecture
The consent mechanism shall be implemented as follows:
- User visits site.
- Check: is
stayhawk_consentcookie present and valid? - If yes — apply stored preferences, load permitted cookies only.
- If no — display the Consent Banner.
- User selects preferences (or closes the banner, which equals “reject all”).
- Store preferences in
stayhawk_consentcookie. - Load only consented cookie categories.
- Log consent record (timestamp, categories, version).
7.2 Consent Records
StayHawk shall maintain auditable consent records including:
(a) Timestamp of consent;
(b) Categories consented to;
(c) Version of the Cookie Policy at the time of consent;
(d) Method of consent (banner interaction type);
(e) User identifier (if authenticated) or anonymized session identifier.
Records shall be retained for the duration required by applicable law (minimum three years for GDPR compliance evidence).
7.3 Tag Management
All non-essential tracking scripts shall be managed through a consent-aware tag management system. No tag classified as “Analytics” or “Marketing” shall fire before valid consent is recorded.
8. Managing Cookies
8.1 Through StayHawk
Access “Cookie Preferences” in the Service footer at any time to review and modify your consent preferences.
8.2 Through Your Browser
Most browsers allow you to control cookies through their settings. Common options include:
- Block all cookies: May prevent the Service from functioning properly
- Block third-party cookies: Recommended for general privacy
- Delete existing cookies: Removes stored cookies; consent banner will reappear
- Private/Incognito browsing: Session cookies only, deleted when window closes
Browser-specific instructions:
- Chrome: chrome://settings/cookies
- Firefox: about:preferences#privacy
- Safari: Preferences > Privacy
- Edge: edge://settings/privacy
8.3 Do Not Track (DNT)
StayHawk does not currently respond to Do Not Track browser signals. We rely on our consent mechanism as the primary method for managing tracking preferences. We shall reevaluate this position if a uniform DNT standard is adopted.
9. Global Privacy Control (GPC)
StayHawk shall honor Global Privacy Control (GPC) signals where required by applicable law (including CCPA/CPRA). When a GPC signal is detected:
(a) Non-essential cookies shall be treated as rejected;
(b) The consent banner shall still be displayed for transparency;
(c) The GPC signal shall be logged as an opt-out preference.
10. Cookie Policy Updates
We may update this Cookie Policy from time to time. Material changes shall be communicated through:
(a) A notice on the Service;
(b) Resetting the consent banner if new cookie categories are introduced;
(c) Email notification for material changes affecting data processing.
If new cookie categories are added or existing cookies are used for materially different purposes, re-consent shall be obtained before such cookies are activated.
11. Contact
For questions about this Cookie Policy:
MariqueCalcus Ltd (trading as StayHawk)
London, United Kingdom
Email: privacy@stayhawk.app
This Cookie and Tracking Policy was last reviewed on March 2, 2026.