This Cookie Policy should be read together with our Privacy Policy, which explains how we process personal data and your rights in more detail. In the event of any inconsistency between this Cookie Policy and the Privacy Policy, the Privacy Policy shall prevail with respect to the processing of personal data.

1. Who We Are

Baaza FZ LLC is a company duly incorporated in the United Arab Emirates and acts as the Data Controller for the purposes of the UAE Personal Data Protection Law (PDPL), the EU General Data Protection Regulation (GDPR), and the UK GDPR, in respect of any personal data processed through cookies and similar technologies deployed on the Site and App.
As Data Controller, Baaza determines the purposes and means of processing personal data collected via cookies, including decisions relating to cookie deployment, consent management, retention, and disclosure.
For any questions, requests, or complaints relating to this Cookie Policy or Baaza's use of cookies, you may contact us at: support@usebaaza.com

2. What Are Cookies?

Cookies are small text files that are stored on your device (such as a computer, smartphone, or tablet) when you access a website or mobile application. Cookies enable systems to recognise your device, maintain session continuity, remember user preferences, and collect technical or usage information relating to interactions with the Site or App.
In addition to browser cookies, we may use similar technologies, including software development kits (SDKs), pixels, tags, and local storage technologies. For the purposes of this Cookie Policy, all such technologies are collectively referred to as “cookies”, unless otherwise stated.

3. Why We Use Cookies

Baaza uses cookies solely for specific, explicit, and legitimate purposes, in accordance with the principles of lawfulness, purpose limitation, and data minimisation under applicable data-protection laws.
Cookies may be used to:
  • Ensure core functionality of the Site and App, including page navigation, system stability, and access to secure areas;
  • Maintain security and prevent fraud, including detecting abusive activity, protecting user accounts, and enforcing platform integrity;
  • Enable account access and session management, including authentication and continuity of user sessions;
  • Remember user preferences and consent choices, including language settings and cookie-consent status;
  • Analyse usage and performance, in order to understand how the Site and App are used, diagnose technical issues, and improve features and services;
  • Analyse usage and performance, in order to understand how the Site and the App are used and improve features and services.
Cookies are not used to collect excessive, irrelevant, or unnecessary personal data. Deployment of cookies is proportionate, technically justified, and limited to what is required to achieve the stated purposes.
Baaza does not use cookies to carry out undisclosed profiling, covert tracking, or processing incompatible with the purposes described in this Cookie Policy or our Privacy Policy.

4. Legal Basis for Cookies

Baaza processes cookies and similar technologies in accordance with applicable data-protection laws, including the UAE PDPL, the EU GDPR, and the UK GDPR. The legal basis for such processing depends on the category of cookie involved.
Strictly necessary (essential) cookies are processed on the basis of contractual necessity and/or Baaza's legitimate interests, where such cookies are required to:
  • operate the Site and App,
  • provide services expressly requested by the user, or
  • ensure security, integrity, and proper functioning of the platform.
These cookies cannot be disabled through the cookie-consent mechanism, as the services cannot be delivered without them.
Non-essential cookies, including functional, analytics, performance, and advertising cookies, are processed solely on the basis of the user's consent, where required by applicable law. Such cookies are not deployed unless and until valid consent has been obtained through the Site or App.
Consent is freely given, specific, informed, and unambiguous, and may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal. Upon withdrawal, Baaza will cease using the relevant non-essential cookies.

5. Cookie Consent and Management

When you first access the Site or App, Baaza presents a cookie consent banner requesting your preferences in respect of non-essential cookies.
Through the consent mechanism, you may:
  • Accept all non-essential cookies,
  • Reject non-essential cookies, or
  • Manage cookie preferences on a granular basis, where applicable.
Your consent decision is recorded, timestamped, and stored in a functional cookie or equivalent mechanism for accountability and compliance purposes.
Where required by applicable law, non-essential cookies are deployed only after valid consent has been obtained. If you subsequently withdraw or modify your consent, Baaza will promptly cease using the relevant non-essential cookies and apply your updated preferences.
In addition to the cookie banner, you may control or delete cookies at any time through your browser or device settings. Please note that disabling or blocking certain cookies, particularly essential cookies, may impair the functionality, performance, or availability of the Site or App.
Baaza does not condition access to core services on consent to non-essential cookies, except where such cookies are strictly required to deliver a specific feature requested by the user.

6. Categories of Cookies Used

For transparency and compliance purposes, Baaza categorises all cookies deployed on the Site and App into the following groups: (i) Strictly Necessary (Essential), (ii) Functional, (iii) Analytics and Performance, and (iv) Third-Party Service Cookies.
Each category is described below together with representative cookie names, purposes, and applicable retention characteristics.
6.1 Strictly Necessary Cookies
Strictly necessary cookies are essential for the operation, security, and accessibility of the Site and App. These cookies are deployed automatically upon access to the Site or App as they are technically required to deliver secure platform functionality.
These cookies cannot be disabled through the cookie-consent mechanism, as the Site and App would not function properly without them.
Cookie Name
Purpose
Retention
better-auth.session
Maintains authenticated user session and secure login continuity
Session-based or until deleted
__Secure-better-auth.session
Secure session handling over HTTPS connections
Session-based or until deleted
__Host-better-auth.session
Host-restricted secure authentication session cookie
Session-based or until deleted
better-auth.csrf
Protects against Cross-Site Request Forgery (CSRF) attacks
Session-based
6.2 Functional Cookies
Functional cookies enable enhanced functionality and user interaction features, such as customer support chat services. These cookies are not strictly required for core platform operation and, where required by law, are deployed only after valid user consent.
Cookie Name
Purpose
Retention
crisp-client/*
Enables live chat functionality, maintains support session state, and manages real-time communication infrastructure
As defined by Crisp configuration
crisp-client/session
Maintains active chat session between user and support
Session-based or provider-defined
crisp-client/socket
Enables real-time communication with support servers
Session-based
crisp-client/domain-detect
Detects domain for proper routing of chat services
Persistent (provider-defined duration)
6.3 Analytics and Performance Cookies
Analytics and performance cookies collect information about how users interact with the Site and App in order to improve platform performance, feature development, user experience, and product decisions.
Where required by applicable law, these cookies are deployed only after valid user consent has been obtained.
Cookie Name
Purpose
Retention
ph_<project_id>_posthog
Tracks user interactions, feature usage, and product engagement metrics
Persistent (until changed or deleted)
ph_<project_id>_posthog_cross_domain
Enables cross-domain tracking where applicable
Persistent (until changed or deleted)
ph_phc_*
Stores feature flag and experiment configuration data
Persistent (until changed or deleted)
ph_optout
Records user opt-out preference from analytics tracking
Persistent (until changed or deleted)

7. Third-Party Cookies

Certain cookies and similar technologies used on the Site and App are provided by third-party service providers that support Baaza's authentication infrastructure, analytics, and customer-support operations.
These providers may include:
  • Better Auth (authentication infrastructure)
  • Crisp (customer support and live chat services)
  • PostHog (analytics and performance monitoring)
Depending on the service model and applicable data-protection laws, such providers may act either as:
  • Data Processors, processing personal data strictly on Baaza's documented instructions; or
  • Independent Data Controllers, where they determine their own purposes and means of processing in relation to their services.
Where a provider acts as a data processor, Baaza enters into contractual arrangements requiring the provider to:
  • Process data only for agreed purposes;
  • Implement appropriate technical and organisational safeguards;
  • Maintain confidentiality; and
  • Comply with applicable data-protection laws.
Where a provider acts as an independent controller, its processing of personal data is governed by its own privacy and cookie policies, and users are encouraged to review those policies directly.
Additional infrastructure providers (such as hosting providers, content delivery networks (CDNs), fraud-prevention tools, or security services) may deploy technical cookies strictly necessary for infrastructure and security purposes.
Non-essential third-party cookies are deployed only after valid user consent has been obtained, where required by law.

8. Cookie Retention

Cookies are retained only for the period strictly necessary to achieve the purposes for which they are deployed, in accordance with the principles of storage limitation and data minimisation under applicable data-protection laws.
Retention periods vary depending on the type of cookie, its function, and the configuration of the relevant service provider. Cookies may be either:
  • Session-based cookies, which expire automatically when the browser session ends; or
  • Persistent cookies, which remain stored on the user's device until their predefined expiration date or until manually deleted.
Where cookies are provided by third-party service providers, retention periods are determined by the technical configuration of those providers and are subject to periodic review by Baaza.
Users may delete cookies at any time through their browser or device settings, subject to the limitations described in this Cookie Policy.

9. International Data Transfers

Where the use of cookies involves the transfer of personal data to third-party providers located outside your country of residence, including transfers outside the United Arab Emirates, the European Economic Area, or the United Kingdom, Baaza ensures that such transfers are conducted in compliance with applicable data-protection laws.
Appropriate safeguards are implemented where required, including the use of Standard Contractual Clauses, recognised transfer mechanisms, or other lawful measures permitted under the UAE PDPL, EU GDPR, and UK GDPR, as applicable.
Further information on Baaza's approach to international data transfers, including the safeguards relied upon, is available in our Privacy Policy, which forms an integral part of this Cookie Policy.

10. Updates to This Cookie Policy

Baaza may update this Cookie Policy from time to time to reflect legal, regulatory, technical, or operational changes, including changes to the cookies used or the manner in which consent is obtained or managed.
Any updates will become effective upon publication on the Site or App. Where required by applicable law, Baaza will provide additional notice or seek renewed consent through the cookie-consent mechanism.
Users are expected to review this Cookie Policy periodically to remain informed of how cookies are used.

11. Contact

For any questions, requests, or concerns relating to this Cookie Policy, the use of cookies, or your consent preferences, please contact: support@usebaaza.com