Legal

Cookie Policy

How Ombris uses cookies and similar technologies on the Ombris website (ombris.com) and web application (app.ombris.com), what we collect, why we collect it, and how you can control it.

EffectiveApril 15, 2026Last updatedApril 28, 2026Version1.1

01Introduction

This Cookie Policy (“Policy”) explains how OMBRIS Cyber Security LLC (“Ombris,” “we,” “us,” or “our”) uses cookies and similar technologies on the Ombris marketing website at ombris.com and on the Ombris web application at app.ombris.com (together, the “Sites”).

This Policy should be read together with our Privacy Policy, which covers the broader set of personal data practices at Ombris, and our Terms and Conditions. If there is a conflict between documents on the specific topic of cookies and similar technologies, this Policy prevails.

We have written this Policy to meet the requirements of the EU General Data Protection Regulation (GDPR), the EU ePrivacy Directive as implemented by member states, the Turkish Personal Data Protection Law (KVKK), and equivalent frameworks in other jurisdictions where the Sites are accessed. Where local law is stricter than this Policy, the local law applies.

02What are cookies?

A cookie is a small text file that a website places on your device (computer, phone, or tablet) when you visit it. Cookies are widely used to make websites work, to remember preferences, and to help operators understand how their sites are used. This Policy also covers similar technologies such as localStorage, sessionStorage, and pixel tags, which serve the same purpose as cookies even though they are technically different.

2.1 Session vs persistent cookies

Session cookies exist only while your browser is open and are erased when you close it. Persistent cookies stay on your device for a defined period (from a few minutes to several years) or until you delete them manually.

2.2 First-party vs third-party cookies

First-party cookies are set directly by the Site you are visiting (e.g. ombris.com). Third-party cookies are set by a different domain that the Site loads content or scripts from (e.g. a measurement provider). Third-party cookies are subject to the privacy policies of those third parties in addition to this Policy.

03How Ombris uses cookies

We use cookies and similar technologies for the following purposes:

Strictly necessary operations. To keep you signed in, to maintain the security of your session, to remember your language and interface choices, and to route requests correctly across our infrastructure.
Consent signaling. To remember whether you have accepted or declined optional cookies so that we do not ask you again on every page.
Measurement and improvement. Only when you have opted in, to understand how visitors arrive at and move through our Sites in aggregate so we can improve navigation, performance, and content.

We do not use cookies for advertising, retargeting, cross-site tracking, or profiling. Ombris does not sell or rent personal data collected through cookies.

04Categories of cookies we use

The table below lists the cookies and local storage items used on the Sites, grouped by purpose. Items marked as Strictly necessary cannot be switched off because the Site would not function without them. Items marked as Optional are set only after you opt in through our cookie banner.

4.1 Strictly necessary

Name	Purpose	Duration	Provider
`ombris-cookie-consent`	Stores whether you have accepted or declined optional cookies so the banner is not shown again in this browser.	Persistent (until you clear your browser storage)	Ombris (first-party, localStorage)
`ombris-session`	Authenticates your session on the web application and protects against cross-site request forgery.	Session (expires when you sign out or close the browser)	Ombris (first-party, HTTP cookie)
`ombris-csrf`	Security token used to validate form submissions on the web application.	Session	Ombris (first-party, HTTP cookie)
`ombris-locale`	Remembers your preferred language so the interface loads in the same language on your next visit.	One year	Ombris (first-party, HTTP cookie)

4.2 Optional (analytics)

We activate analytics cookies only after you select Accept in our cookie banner. If you select Decline or do not respond, no analytics cookies are set and no analytics scripts are loaded.

Name	Purpose	Duration	Provider
`_ga`	Distinguishes unique users by assigning a randomly generated identifier. Used by Google Analytics to report aggregate visitor statistics.	Two years	Google LLC (third-party)
`_ga_<container-id>`	Persists session state for Google Analytics 4 property measurement.	Two years	Google LLC (third-party)
`_gid`	Distinguishes unique users over a short window to help measure day-over-day traffic.	24 hours	Google LLC (third-party)

Note on the analytics table. The optional cookies above are listed because Ombris plans to enable Google Analytics on the Sites. Until that integration goes live, no analytics cookies are set, even if you select Accept. This Policy will be updated with a revised effective date when analytics becomes active.

4.3 Functional — error monitoring and session replay (web app only)

The authenticated web application at app.ombris.com uses Sentry’s SDK to detect application errors and to replay the DOM mutations that led to them. Sentry does not set HTTP cookies; instead it uses browser sessionStorage andindexedDB to maintain replay continuity for the active tab and to buffer error reports until they can be transmitted. These storage items are functional and are used solely for application stability, support, and security purposes. They are not used on the marketing website (ombris.com).

Storage key (prefix)	Purpose	Duration	Provider
`sentryReplaySession`	Maintains the identifier and buffer of the current session replay so events can be correlated with errors that occur later in the same tab.	Session (cleared when the tab is closed)	Functional Software, Inc. (Sentry SDK, sessionStorage)
`sentryReplayEvents` (indexedDB)	Temporary buffer of replay events pending transmission to Sentry, used so that data captured immediately before a network outage is not lost.	Until successfully transmitted, then deleted	Functional Software, Inc. (Sentry SDK, indexedDB)

Built-in safeguards. All form input fields (including passwords, payment fields, and free-text inputs) are masked at the point of capture and never reach Sentry in clear form. API response bodies are not recorded. Sentry processes data in the European Union (Frankfurt, Germany). For full detail, see Section 2.6 of the Privacy Policy.

05Third-party services

5.1 Google Analytics

When you opt in, we use Google Analytics 4 (provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to understand how the Sites are used in aggregate. Ombris configures Google Analytics to:

Anonymize IP addresses at the point of collection, so no full IP address is stored or shared with Google.
Disable advertising features, including remarketing audiences, Google Signals, and cross-device tracking.
Disable data sharing with other Google services beyond what is strictly needed to operate the analytics property.
Limit data retention to the minimum period allowed by Google Analytics (currently 14 months).

Google processes data under its own terms and policies. You can review them at policies.google.com/privacy. Google offers a browser add-on to opt out of Google Analytics measurement on every site, available at tools.google.com/dlpage/gaoptout.

5.2 Functional Software, Inc. (Sentry)

On the authenticated web application only, we use Sentry (provided by Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA) to detect application errors and to reproduce the user flow that led to them. Sentry is configured by Ombris to:

Process data in the European Union (Frankfurt, Germany — ingest.de.sentry.io), so personal data is not routinely transferred outside the EU by Sentry.
Mask all form input fields at capture time (passwords, free-text inputs, and payment fields are never transmitted in clear form).
Exclude API response bodies from network instrumentation.
Retain data for at most ninety (90) days, after which it is automatically deleted.
Operate only in production and staging environments; the SDK is disabled in development.

Sentry processes data under its own terms and policies. You can review them at sentry.io/privacy and sentry.io/legal/dpa. For Ombris’s full disclosure of data captured by Sentry, including session replay handling, see Section 2.6 of the Privacy Policy.

5.3 What we do not use

We do not use advertising networks, social media tracking pixels (Meta, LinkedIn, X, TikTok, and similar), behavioral analytics or heatmap tools, or cross-site advertising identifiers. The session replay technology described in Section 5.2 is used solely for error diagnosis and product stability, not for advertising, profiling, or behavioral analytics. If that ever changes, we will update this Policy and ask for fresh consent before any new tracking or advertising technology loads.

06Managing your preferences

6.1 Through our cookie banner

When you visit the Sites for the first time, a cookie banner appears at the bottom of the page with two choices:

Accept. All cookies listed in this Policy, including optional analytics cookies, are enabled.
Decline. Only strictly necessary cookies are used. No analytics cookies are set and no analytics scripts load.

Your choice is stored locally in your browser under the key ombris-cookie-consent. The banner will not re-appear in the same browser until you clear that value.

6.2 Changing your choice later

You can change your decision at any time by clearing site data for the Sites in your browser settings. The banner will re-appear on your next visit and you can select a different option. If you have questions about this process or cannot clear your storage, contact privacy@ombris.com and we will help.

6.3 Through your browser

Most browsers allow you to block, delete, or be notified about cookies through their settings. Blocking strictly necessary cookies will prevent parts of the Sites from working (for example, you will not be able to stay signed in to the web application). Instructions for the major browsers:

07Do Not Track and Global Privacy Control

Some browsers transmit a “Do Not Track” (DNT) signal or a “Global Privacy Control” (GPC) signal to indicate that the visitor does not want to be tracked across sites.

Because we do not engage in cross-site tracking in the first place, DNT has no practical effect on the Sites. GPC, when detected, is treated as equivalent to an explicit “Decline” in our cookie banner and overrides any previously stored Accept choice for the duration that the signal is transmitted.

08International data transfers

Optional analytics cookies may result in personal data being transferred to, stored in, or processed in countries outside the European Economic Area or Turkey, including the United States. Such transfers are carried out under the safeguards described in our Privacy Policy and in our Data Processing Policy, which include Standard Contractual Clauses and the provider's adherence to applicable transfer frameworks.

The Sentry session replay and error monitoring technology described in Sections 4.3 and 5.2 is configured to send data to a Sentry data center located in the European Union (Frankfurt, Germany), so it does not, in normal operation, result in transfers of personal data outside the EU. Functional Software, Inc. is incorporated in the United States, and where access by US-based personnel to limited data (for example, support cases) is necessary, such access is governed by Standard Contractual Clauses and Sentry’s published Data Processing Addendum.

09Children and cookies

The Sites are not directed at children under 16 and we do not knowingly collect personal data from children through cookies. If you believe a child has provided personal data to us through the Sites, please contact privacy@ombris.com and we will investigate and, where appropriate, delete the data.

10Changes to this policy

We may update this Cookie Policy to reflect changes in our practices, in the cookies used on the Sites, or in applicable law. When we make a material change, we will update the Last updated date at the top of this page and, where the change is significant (for example, the addition of a new analytics or measurement provider), we will show the cookie banner again so you can review the update before we resume any optional processing.

Non-material changes (such as clarifications or typo fixes) will be reflected by updating the Last updated date alone.

11Contact information

If you have questions about this Cookie Policy or about cookies on the Sites, please contact us:

Controller

OMBRIS Cyber Security LLC

Privacy contact

privacy@ombris.com

General contact

info@ombris.com