This Cookie Policy explains how Philipp Hansmann, trading as ARFA ("ARFA", "we", "us"), uses cookies and similar tracking technologies on our websites www.arfa.eu and www.arfa-studio.eu, and within our TerraSweep mobile application. It tells you what these technologies are, what they do, on what legal basis we may set them, and how you can accept, refuse or change your choices at any time. This Cookie Policy is part of, and should be read together with, our Privacy Policy.
The controller for the cookies and trackers described here is:
Philipp Hansmann, sole proprietor trading as ARFA
Rue Nothomb 75, 1040 Etterbeek, Belgium
KBO/BCE: 1036.008.104 — VAT: BE 1036.008.104
Email: legal@arfa-studio.eu
Some cookies and SDKs are set or read by third parties acting as our processors or as separate/joint controllers. They are listed by name in sections 6 and 7.
Cookies are small text files placed on your device by the websites you visit. They allow a website to recognise your device, remember preferences, measure how the site is used, and — when consented to — serve personalised advertising. Cookies can be:
We treat as "similar technologies" anything that stores information on your terminal equipment or reads information from it, including in particular:
sessionStorage entries set by JavaScript;The Belgian Cookie Law (Article 129 of the Act of 13 June 2005 on electronic communications) and Article 5(3) of the ePrivacy Directive treat all of these technologies under the same regime: consent is required before they can read from or write to your device, unless an exemption applies (see section 4).
This Cookie Policy applies to:
It does not cover third-party websites or stores you may reach by clicking a link (such as the Apple App Store or Google Play). Those operators publish their own cookie and tracker information.
Storing information on, or reading information from, a user's device is governed by Article 5(3) of the ePrivacy Directive (2002/58/EC, as amended), transposed in Belgium by Article 129 of the Act of 13 June 2005 on electronic communications. Two regimes coexist:
You can withdraw your consent at any time and the withdrawal must be as easy as giving consent. See section 8.
Our Consent Management Platform (CMP) groups all cookies and trackers into five categories. The default state on first visit, for users in the EEA/UK/Switzerland, is that everything except "Strictly necessary" is off.
| Category | What it does | Default state |
|---|---|---|
| Strictly necessary | Required to operate the site/App: session, security, load-balancing, storing your consent choices. | Always active (exempt from consent under Article 129) |
| Analytics | Helps us understand usage: page views, screens, events, retention. Sources: Google Analytics 4 on the web, Firebase Analytics in the App. | Off — requires consent |
| Crash & performance | Captures crashes and errors so we can stabilise the service: Sentry on the web, Firebase Crashlytics in the App. | Off — requires consent for the parts that are not strictly necessary |
| Advertising | Lets us serve and measure ads, including the "Recharge Boost" rewarded ads: Google AdSense on the web, Google AdMob (mediated by AppLovin MAX) in the App. | Off — requires consent |
| Marketing & retargeting | Measures the performance of our campaigns and re-engages visitors: Meta Pixel, TikTok Pixel, LinkedIn Insight Tag. | Off — requires consent |
The cookies actually placed on a given page can vary depending on the features rendered and on the consent choices already in your browser. The list below is exhaustive of what may be set; the live, scan-based inventory is shown to you inside the consent banner before you accept anything.
| Name | Provider | Purpose | Type | Retention |
|---|---|---|---|---|
arfa_session | arfa.eu / arfa-studio.eu | Maintains your session (sign-in state, basket of preferences). | First-party | Session |
arfa_csrf | arfa.eu / arfa-studio.eu | CSRF protection on forms and authenticated actions. | First-party | Session |
arfa_consent | arfa.eu / arfa-studio.eu | Stores your CMP consent choices so we do not re-prompt you on every page. | First-party | 6 months |
__cf_bm, cf_clearance | Cloudflare | Bot management, load-balancing and basic security; set only if Cloudflare fronts the site. | Third-party | 30 minutes / 1 year |
| Name | Provider | Purpose | Type | Retention |
|---|---|---|---|---|
_ga | Google Analytics 4 (Google Ireland Ltd / Google LLC) | Distinguishes users for aggregated audience analytics. | Third-party | 2 years |
_ga_<container-id> | Google Analytics 4 | Stores session state for GA4. | Third-party | 2 years |
_gid | Google Analytics | Distinguishes users (24h aggregate). | Third-party | 24 hours |
| Name / signal | Provider | Purpose | Type | Retention |
|---|---|---|---|---|
sentry-* identifiers in localStorage | Sentry (Functional Software, Inc.) | Correlates a sequence of errors to one browser session for debugging. | Third-party | Up to 90 days |
| Name | Provider | Purpose | Type | Retention |
|---|---|---|---|---|
IDE | Google DoubleClick (Google Ireland Ltd / Google LLC) | Serves and measures ads through Google AdSense; supports frequency capping and conversion measurement. | Third-party | 13 months |
_gcl_au | Google AdSense / Conversion Linker | Attributes ad clicks to conversions. | Third-party | 90 days |
test_cookie | Checks whether your browser supports cookies before serving ads. | Third-party | 15 minutes |
| Name | Provider | Purpose | Type | Retention |
|---|---|---|---|---|
_fbp | Meta Platforms Ireland Ltd | Meta Pixel — identifies the browser for ad delivery and measurement; joint-controller arrangement under Art. 26 GDPR. | Third-party | 90 days |
_ttp | TikTok Technology Ltd | TikTok Pixel — identifies the browser for ad measurement and retargeting. | Third-party | 13 months |
li_sugr, bcookie, lidc, AnalyticsSyncHistory | LinkedIn Ireland Unlimited Company | LinkedIn Insight Tag — campaign measurement, B2B retargeting. | Third-party | 1 day to 1 year |
The App does not use HTTP cookies in the traditional sense, but it does store and read identifiers on your device through SDKs. The same EU/Belgian consent rules apply.
| Identifier / file | Source | Purpose | Retention |
|---|---|---|---|
| Auth tokens in iOS Keychain / Android Keystore | TerraSweep app | Keeps you signed in securely. | Until sign-out |
| Local consent record | TerraSweep app | Stores your in-App consent choices so we do not re-prompt you every launch. | Up to 6 months |
| Identifier / SDK | Source | Purpose | Retention |
|---|---|---|---|
| Firebase Installation ID (FID) / Instance ID | Google Firebase | Pseudonymous device identifier used by Firebase Analytics to count installs, retention and events. | Up to 14 months (default GA4 retention) |
| Identifier / SDK | Source | Purpose | Retention |
|---|---|---|---|
| Firebase Crashlytics installation ID | Google Firebase | Groups stack traces from the same install for triage. | Up to 90 days |
| Sentry release / session identifiers | Sentry | Correlates a sequence of errors from the same App session. | Up to 90 days |
| Identifier / SDK | Source | Purpose | Retention |
|---|---|---|---|
| IDFA (iOS) / Google Advertising ID — GAID (Android) | Apple / Google | Cross-app advertising identifier. On iOS, only readable after you grant App Tracking Transparency permission. On Android, only used if you consent through our in-App banner. | Until you reset the identifier or revoke permission |
| Google AdMob ad-request identifiers | Google AdMob | Delivers and measures in-App ads, including the "Recharge Boost" rewarded ads. | Session-level + Google retention policy |
| AppLovin MAX identifiers | AppLovin Corporation | Ad mediation: selects which ad network fills a given ad slot. | Per AppLovin retention policy |
iOS App Tracking Transparency. On iOS, Apple requires us to present a separate system prompt before any "tracking" identifier can be used across apps. If you tap "Ask App Not to Track", AdMob and AppLovin will not receive the IDFA — only contextual, non-personalised ads can be served, and the Recharge Boost reward still works.
When you first open arfa.eu, arfa-studio.eu or the TerraSweep App, our Consent Management Platform shows you a banner with three actions of equal visual weight, in line with the European Data Protection Board and Belgian DPA guidelines:
Your choices are stored in the arfa_consent cookie (web) or in App storage (mobile) for up to 6 months, after which you will be asked again. You can change or withdraw your consent at any time:
Where applicable, our CMP transmits your choices to advertising partners through the IAB Transparency & Consent Framework (TCF v2.2) and to Google partners through Google Additional Consent Mode v2.
Most modern browsers let you view, block or delete cookies directly from the browser settings. The exact menu varies, but the support pages of the main browsers are:
If you block essential cookies, parts of the site or App may stop working — for example, sign-in, account features or the consent record itself.
Beyond our CMP, you can use the following industry tools to opt out of personalised advertising more broadly:
We may update this Cookie Policy from time to time to reflect changes in the cookies or SDKs we use, in the providers behind them, or in applicable law. The current version always carries the "Last updated" date at the top of this page. If the changes are material, we will inform you through the consent banner the next time you visit the site or open the App.
If you have questions about this Cookie Policy, write to legal@arfa-studio.eu.
You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données), Rue de la Presse 35 / Drukpersstraat 35, 1000 Brussels — dataprotectionauthority.be — or with the supervisory authority of your habitual residence.