Cookie Policy
Forever Linked Academy — Cookie Policy
Version: 1.0 (draft for legal review)
Effective date: [Insert publication date — set on lawyer sign-off]
Last updated: 16 May 2026
Status: DRAFT — not legally binding until reviewed by counsel and published at foreverlinkedacademy.com/cookies
About this draft. This is a standalone Cookie Policy that supplements §13 of the Privacy Policy. It exists so that we can satisfy the granular disclosure requirements of the UK Privacy and Electronic Communications Regulations 2003 ("PECR"), the EU ePrivacy framework, and the cookie-related provisions of various US state privacy laws, without making the main Privacy Policy unreadable.
1. What this policy is and who it is from
This Cookie Policy is given by Oskr Pty Ltd (ABN 77 667 176 516), trading as Forever Linked Permanent Jewellery, in respect of the Forever Linked Academy ("FLA") platform at app.foreverlinkedacademy.com and any related marketing pages we operate.
This policy explains what cookies and similar technologies we use, what each is for, how long it lasts, and how you can control it. It applies in addition to our Privacy Policy — the Privacy Policy is the authoritative description of how we handle personal information; this policy gives you the technical detail behind §13 of that document.
2. What is a cookie?
A "cookie" is a small text file that a website stores on your browser when you visit. Cookies let the site remember information about you (so you do not have to log in on every page), measure how the site is used, and — on some sites — track you across the wider web for advertising.
In addition to cookies, this policy covers similar technologies — local storage, session storage, service workers, pixel tags, and server-side fingerprints — that have a similar effect to cookies. When we say "cookies" in this policy, we mean all of these unless we say otherwise.
3. The cookies we use
We group cookies into four categories. The names and durations below are accurate at the date of this policy; specific names may change as the underlying providers update their products.
3.1 Strictly necessary cookies
These cookies are required for FLA to work. You cannot opt out of them and continue to use FLA. Under PECR, the EU ePrivacy framework, and equivalent laws, these cookies do not require your consent.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
__session | Clerk | Authenticated session — keeps you logged in as you move between pages | Session, or 7 days with "remember me" |
__client_uat | Clerk | Authentication state synchronisation across browser tabs | 1 year |
__cf_bm | Clerk / Vercel | Bot management and abuse prevention | 30 minutes |
next-auth.csrf-token or equivalent | FLA / Next.js | Cross-site request forgery protection for sensitive actions | Session |
fla-cookie-consent | FLA | Records your cookie preferences so we do not ask again | 12 months |
3.2 Functional cookies
These cookies remember choices you have made to give you a better experience. They do not identify you to third parties. You can clear them at any time from your browser.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
fla-theme | FLA | Remembers your light/dark/system preference | 12 months |
fla-sidebar-state | FLA | Remembers whether the sidebar is collapsed | 12 months |
fla-video-prefs | FLA / Mux | Remembers playback rate and captions setting | 12 months |
fla-onboarding-state | FLA | Tracks your position in the onboarding wizard | 30 days |
3.3 Analytics cookies
These cookies help us understand how the platform is used so we can improve it. They are set only after you accept analytics cookies in our cookie banner if you are in the United Kingdom, the European Union, or another jurisdiction with a prior-consent requirement.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
ph_*_distinct_id | PostHog | Pseudonymous identifier used to attribute events to a single visitor across pages | 1 year |
ph_*_session_id | PostHog | Groups events into a session | 30 minutes (rolling) |
ph_opt_in / ph_opt_out | PostHog | Records your analytics opt-in or opt-out preference | 1 year |
We have configured PostHog to disable identifiable session recordings on pages that contain identity-verification flows or assessment submissions.
3.4 Advertising and cross-site tracking cookies
We do not use advertising or cross-site tracking cookies. We do not run third-party advertising on FLA. We do not allow third-party advertisers to set cookies through our pages.
If this position changes in the future, we will:
- update this policy to disclose the new cookie, its purpose, and its duration
- expose the cookie in our cookie banner as a non-essential category
- not set the cookie until you have given consent (in jurisdictions that require it)
4. Cookies set by third parties on pages where you actively engage their services
Some pages of FLA embed services operated by third parties. When you actively use those services, the third party may set its own cookies. We do not control those cookies; their use is governed by the third party's own cookie notice.
| Page area | Third party | When their cookies are set |
|---|---|---|
| Checkout | Stripe | When you reach the Stripe checkout page — Stripe sets cookies for fraud detection and to remember your card details if you choose to save them |
| Video playback | Mux | When you start playing a video — Mux sets cookies for playback continuity and quality of service |
| Identity verification | Persona / ConnectID | When you start verification — Persona/ConnectID sets cookies for the verification flow |
| Wholesale store SSO | Shopify Plus | When you click through to the wholesale store — Shopify sets its own session cookies on wholesale.foreverlinkedacademy.com |
Links to each provider's cookie notice are maintained at foreverlinkedacademy.com/cookies/processors.
5. How you control cookies
5.1 Through our cookie banner
If you visit FLA from the United Kingdom, the European Union, or another jurisdiction with a prior-consent requirement, you will see a cookie banner the first time you visit. The banner lets you:
- accept all non-essential cookies
- reject all non-essential cookies
- choose which categories of non-essential cookies you accept
You can change your choice at any time by clicking the "Cookie settings" link in the site footer.
5.2 Through your browser
All major browsers let you block or delete cookies. The way you do this depends on your browser — see the help section of your browser for current instructions. Blocking strictly necessary cookies will stop FLA from working.
5.3 Through your operating system or browser settings
We honour the Global Privacy Control (GPC) browser signal. If your browser sends GPC, we treat it as an opt-out of analytics cookies and, in US jurisdictions where it applies, as an opt-out of "sale" or "sharing" of personal information (even though we do not sell or share — see the Privacy Policy §16).
We do not rely on the legacy "Do Not Track" header on its own, because it has no agreed standard meaning.
6. Per-jurisdiction position
6.1 Australia
Cookies that handle personal information are governed by the Privacy Act 1988 and the Australian Privacy Principles. We disclose our cookie practices in this policy and in §13 of the Privacy Policy. We do not require consent for cookies under Australian law; you can manage your preferences through the cookie banner or your browser.
6.2 United Kingdom
PECR Regulation 6 requires us to obtain your consent before setting non-essential cookies. We do this through the cookie banner. Strictly necessary cookies (§3.1) are exempt from this consent requirement.
6.3 European Union and European Economic Area
Article 5(3) of the ePrivacy Directive, as implemented in your member state, requires prior consent for non-essential cookies. Our cookie banner is configured to obtain that consent.
6.4 United States
We honour the Global Privacy Control signal for US users. In California, Colorado, Connecticut, and other states with applicable laws, sending GPC operates as a valid opt-out of any "sale" or "sharing" of personal information and of targeted advertising — see the Privacy Policy §16.3 and §16.4 for the full position.
7. Changes to this policy
We may update this Cookie Policy from time to time. We will update the "Last updated" date at the top of this page. We will not add a new category of non-essential cookie without giving you the opportunity to consent or decline it through the cookie banner.
The current version of this policy is always published at foreverlinkedacademy.com/cookies.
8. Contact
Oskr Pty Ltd trading as Forever Linked Permanent Jewellery (ABN 77 667 176 516) Email: support@foreverlinkedacademy.com Postal: Level 1/11 Halifax Street, Adelaide SA 5000, Australia
Document control
- Drafted: 16 May 2026
- Status: First draft for review by Australian privacy counsel
- Items requiring confirmation before publication: final cookie names and durations once the cookie banner is wired; final list of third-party providers; presence and behaviour of GPC honour logic in the codebase