Cookie & Consent Notice

1. Purpose and scope

This notice explains what cookies and similar technologies (collectively, "cookies") the Yielde marketing website and client portal at yielde.dev (the "Site") use, why we use them, how long they last, and how you can manage your choices. It is published in support of our openness obligation under POPIA (sections 17–18).

This notice covers only cookies set on the Yielde Site. It does not cover:

• cookies or tracking set within a Yielde customer's own deployed automation tenant or on a customer's own website — those are governed by that customer's privacy and cookie notices, as the customer is the responsible party for its end-users' and leads' personal information and Yielde acts only as its operator under POPIA section 21; and
• personal information processed through the Yielde platform on a customer's behalf, which is governed by the Privacy Policy and the Data Processing Agreement between the customer (responsible party) and Yielde (operator).

2. What a cookie is

A cookie is a small text file that a website places in your browser. We also use equivalent browser-storage technologies — localStorage and sessionStorage— for similar purposes (for example, remembering your light/dark theme). For brevity, this notice uses "cookies" to mean cookies and these similar technologies.

Some cookies are first-party (associated with yielde.dev itself) and some are third-party (set or read by a service provider whose code runs on the Site — for us, Supabase, Vercel, and Sentry). Cookies may be session cookies (deleted when you close your browser) or persistent cookies (kept until they expire or you delete them). Where a cookie stores or gives access to information that identifies you, that information is personal information under POPIA and is handled in accordance with our Privacy Policy.

3. Our consent posture under POPIA and ECTA

South Africa has no standalone "cookie law". Cookie use is governed by the general framework of POPIA and the electronic-communications rules in ECTA. Our posture is:

• Strictly necessary cookies are set without prior consent. These are essential to deliver a service you have actively requested — for example, signing in to the client portal and keeping your session secure. We rely on the lawful-processing grounds in POPIA section 11(1) other than consent — principally that the processing is necessary for the performance of a contract (section 11(1)(b)) and for our legitimate interest in operating a secure, functioning Site (section 11(1)(f)).
• Analytics, performance, and error-monitoring are used only in aggregated, anonymised form to help us spot and fix problems. They do not set advertising or cross-site tracking cookies, and we do not use them to build a profile of you. You can opt out of all non-essential cookies through your browser settings (see section 7).
• Electronic consent is valid. Under ECTA section 13, an electronic indication of agreement is not without legal force merely because it is in electronic form.

4. Cookies and similar technologies we use

4.1 Strictly necessary

Required for the Site and client portal to function and to keep your account secure; they cannot be switched off while you are signed in.

• Supabase Auth session cookies — authenticate you to the client portal and maintain your signed-in session (a short-lived access token and a longer-lived refresh token), so you do not re-authenticate on every request. Set by Supabase; first-party to your session.
• Platform and security cookies, if any, set by our hosting (Vercel) and DNS (Cloudflare) for routing, request integrity, and bot management.

4.2 Preferences

• yielde-theme (stored in localStorage) — remembers your light/dark theme choice across visits. It is a non-identifying UI preference and persists until you clear site data on yielde.dev.

4.3 Analytics and performance

• Vercel Analytics and Vercel Speed Insights — collect aggregated, anonymised usage and Web Vitals data to help us spot regressions. They do not set advertising or cross-site tracking cookies.

4.4 Error monitoring

• Sentry — records anonymised stack traces when something breaks, to help us fix it. These traces are configured to exclude personal information.

4.5 Marketing and advertising

We do not set marketing or advertising cookies, and we do not sell personal information. If this ever changes, this notice will be updated and your consent obtained before any such cookie is set.

5. Cookies and cross-border transfers (POPIA section 72)

Several providers whose cookies or identifiers run on the Site are hosted outside South Africa — Vercel (analytics, speed insights, hosting) and Sentry (error monitoring) operate US/global infrastructure, and Supabase's hosting region is to be confirmed. Where a cookie causes your personal information to be transferred to a recipient in a foreign country, that transfer is subject to POPIA section 72. There is currently no South African adequacy list and no Regulator-published standard contractual clauses, so we self-assess and document the adequacy of each cross-border recipient and rely on each provider's data-processing terms. Our full cross-border data flows and sub-processors are described in our Privacy Policy and sub-processor register.

6. Retention

We keep cookie-derived personal information only for as long as necessary for the purpose for which it was set, consistent with the retention principle in POPIA section 14. Session cookies expire when your session ends; persistent cookies last until they expire or you delete them. Analytics and error-monitoring data are retained per the relevant provider's retention settings.

7. How to manage, change, or withdraw your cookie choices

• In your browser. You can block or delete cookies through your browser settings. Most browsers let you refuse all cookies, accept only first-party cookies, or delete existing cookies (Chrome, Firefox, Safari, Edge, and others). Clearing site data on yielde.dev removes the yielde-theme preference and forces a fresh sign-in.
• Strictly necessary cookies. Because the cookies in section 4.1 are essential to sign-in and security, blocking or deleting them will prevent you from staying signed in to your Yielde workspace.
• Broader POPIA rights.To exercise data-subject rights (access, correction, deletion, objection — POPIA sections 23–25) over personal information we hold as a responsible party, contact us (section 10). For personal information we process as an operator on a customer's behalf, contact the relevant customer; we will assist them in responding.

8. Children

The Site and client portal are intended for businesses and their authorised representatives, not for children. We do not knowingly set non-essential cookies that target children.

9. Relationship to the Privacy Policy

This notice is part of our broader privacy framework. For full detail on what personal information we process, the lawful bases we rely on, our sub-processors, cross-border transfers, retention, security safeguards, breach-notification practice, and your data-subject rights, please read our Privacy Policy. If there is any conflict between the two on the specific subject of cookies, this notice governs; on all other matters, the Privacy Policy governs.

10. Changes to this notice

We may update this notice from time to time to reflect changes in the cookies we use or in law. The effective date at the top will change accordingly.

11. Contact

Questions about cookies on this site, or requests relating to your personal information, can be directed to privacy@yielde.dev. You also have the right to lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.