Skip to main content
Join our exclusive AI security workshopRequest a spot
EnigmaLabsEnigma Labs

Cookie Policy

Effective Date · May 19, 2026

Cookie Policy

Plain Language Summary

In short: We use cookies sparingly and transparently. This policy explains what cookies are, which ones we use, and how you can control them.

As a cybersecurity company, we take privacy seriously — including our own website practices. We use a minimal set of cookies, do not run any analytics on this site, and do not use any advertising or tracking cookies.

This policy is issued by Enigma Labs Technology Limited, a company incorporated in the Dubai International Financial Centre ("DIFC") under DIFC Licence No. CL13349. Our processing of personal data through cookies and similar technologies is governed by the DIFC Data Protection Law, DIFC Law No. 5 of 2020 (the "DP Law"), as amended by the DIFC Laws Amendment Law, DIFC Law No. 2 of 2022, and the DIFC Data Protection Regulations (Consolidated Version No. 2, in force on 1 September 2023) (the "DP Regulations").

Cookie CategoryConsent RequiredMaximum Duration
Essential cookiesNo (always active)Session – 1 year
Functional cookiesYes9 months
Analytics cookiesWe don't use anyN/A
Marketing cookiesWe don't use anyN/A

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of any page, or by adjusting your browser settings.

1. What Are Cookies?

Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the website owners.

Types of Cookies

TypeDescription
Session CookiesTemporary cookies that are deleted when you close your browser. They enable website features during your visit.
Persistent CookiesRemain on your device for a set period or until you delete them. They remember your preferences for future visits.
First-Party CookiesSet by the website you are visiting (in this case, enigmalab.io).
Third-Party CookiesSet by external services embedded on our website (such as Intercom).

Similar Technologies

In addition to cookies, we may use other similar technologies:

  • Local Storage — Stores data in your browser with no expiration date
  • Session Storage — Stores data only for the duration of your browser session
  • Web Beacons/Pixels — Small invisible images used to track page views or email opens

Cookies, pixels and similar tracking technologies that involve the processing of personal data are also addressed by Regulation 9 of the DP Regulations (Collection and Use of Personal Data in Digital Communications and Services), which sets specific requirements for notice, default settings and consent.

2. How We Use Cookies

Enigma Labs Technology Limited uses cookies to:

  1. Ensure website functionality — Enable core features like region routing, security, and consent management
  2. Remember your preferences — Store language settings and consent choices
  3. Provide live chat support — Enable our Intercom chat functionality when you consent to Functional cookies

Our Privacy-First Approach

We believe in data minimisation and privacy by design, consistent with the principles set out in the DP Law and Regulation 9.2 of the DP Regulations (default settings limited to the minimum personal data necessary). Our cookie usage reflects this commitment:

FeatureOur Approach
AnalyticsNone deployed — we do not run any analytics on this site
AdvertisingNone — we don't use any advertising cookies
TrackingNone — no cross-site tracking or profiling
Data SharingNone — we don't sell or share data with advertisers

3. Types of Cookies We Use

Cookie Categories Summary

CategoryConsent RequiredMaximum DurationDescription
Strictly NecessaryNo1 yearEssential for the website to function. Cannot be disabled.
FunctionalYes9 monthsEnable enhanced features and personalisation.

3.1 Strictly Necessary Cookies

These cookies are essential for the website and platform to function. They cannot be disabled in our cookie consent tool. These cookies do not store any personally identifiable information. We rely on these cookies on the basis that their use is necessary for the performance of the service you have requested when visiting our website, in accordance with the lawful processing conditions of the DP Law.

Cookie NameProviderPurposeDurationType
geoDecisionEnigma Labs Technology LimitedStores the signed regional routing decision (region, scoring metadata, preferred legal language, issued-at timestamp) used to deliver the correct regional entity content; signed with HMAC24 hoursHTTP (Secure, HttpOnly)
regionEnigma Labs Technology LimitedRecords the visitor's resolved region so subsequent requests do not need to re-resolve1 yearHTTP
userCountryEnigma Labs Technology LimitedRecords the visitor's ISO-3166 country code derived from request headers24 hoursHTTP
preferredLegalLanguageEnigma Labs Technology LimitedRecords the visitor's chosen legal-document language; set only on legal-document paths in the EU region30 daysHTTP
c15tEnigma Labs Technology Limited (via c15t)Records cookie-consent preferences and the disclosure shown at the time of those choices; mirrored in browser local storage. Set only after you make a consent decision via the banner or settings dialog.365 daysHTTP (SameSite=Lax, Secure on HTTPS, host-only)

Why these are necessary:

  • geoDecision — Stores the signed routing decision needed to deliver the correct regional version of the site. The cookie is signed (HMAC) and HttpOnly + Secure. Without it the regional content (legal entity, contact details, applicable policies) cannot be reliably served.
  • region — Records the resolved region so each subsequent request does not have to re-evaluate geo signals.
  • userCountry — Records the visitor's country code for region-aware content (currency-of-context metadata, regulatory references).
  • preferredLegalLanguage — Records the visitor's chosen legal-document language so subsequent visits to legal pages render in the correct language. Set only on EU legal-document paths.
  • c15t — Required to record your cookie consent choices and the disclosure shown at the time. Without it we cannot honour refusal of non-essential cookies on subsequent page loads. The same data is also mirrored in your browser's local storage so consent is preserved if cookies are cleared but storage is retained.

3.2 Functional Cookies

These cookies and similar browser-storage technologies enable enhanced functionality and personalisation. They are loaded via our consent management platform (c15t), which only loads the underlying provider's script after you have granted Functional consent. You can withdraw consent at any time via the Cookie Settings link in the footer, in which case the cookies and storage are cleared.

NameProviderPurposeDurationType
intercom-id-*IntercomIdentifies user for live chat supportNo expiry (until cleared)First-party cookie; also mirrored to browser local storage
intercom-session-*IntercomMaintains live chat session state1 weekHTTP cookie
intercom-device-id-*IntercomIdentifies device for chat continuity (rolling refresh)~9 months (270 days)HTTP cookie

What these enable:

  • Live chat functionality — Seamless support experience with conversation history. Intercom is loaded only after you have given Functional consent, and is shut down (and its cookies / storage cleared) when you withdraw consent.

4. Cookies We Do NOT Use

Unlike many websites, we do NOT use any advertising or marketing cookies. Specifically, we do not:

What We Don't DoWhy It Matters
Run retargeting campaignsNo ads following you around the web
Use Google AdsNo Google tracking pixels
Use Facebook PixelNo Meta/Facebook tracking
Use LinkedIn Insight TagNo professional profile tracking
Share data with advertising networksYour data stays with us
Build advertising profilesNo behavioural profiling
Sell visitor dataYour information is never sold

Our commitment: As a cybersecurity company, we believe in practising what we preach. Your privacy is not for sale.

5. Cookie Consent

5.1 How We Obtain Consent

Enigma Labs Technology Limited uses c15t, a consent management platform that records each visitor's cookie-consent choices and the disclosure shown at the time those choices were made. c15t blocks non-essential cookies until you have given consent and re-prompts you when material changes are made to our cookie use.

When you first visit our website:

  1. A cookie banner appears at the bottom of the screen
  2. You can choose to accept all cookies, reject non-essential cookies, or customise your preferences
  3. Non-essential cookies are blocked until you give consent
  4. Your preferences are stored in the c15t cookie for 365 days (mirrored in browser local storage)

Our consent mechanism is designed to meet the requirements set out in Regulation 9.3 of the DP Regulations for the collection of consent in digital communications and services:

Requirement (Reg. 9.2 / 9.3)Our Implementation
Clear affirmative act of consent✅ Explicit click on "Accept", "Reject" or category toggles
Unticked selection boxes / no pre-ticked boxes✅ All non-essential categories unticked by default
Silence or inactivity not treated as consent✅ No consent assumed without an explicit action
Clear, plain-language description of purposes✅ Each category is described in plain language
Equal prominence for refusal and acceptance✅ "Reject" presented with equal prominence to "Accept"
Default settings limited to minimum personal data✅ Only strictly necessary cookies set before consent
Link to privacy notice and rights information✅ Banner links to this policy and our Privacy Policy
Reliable, straightforward means to withdraw consent✅ "Cookie Settings" link persistently available in footer

5.2 Your Consent Choices

When you see our cookie banner, you have three options:

OptionWhat Happens
Accept AllAll cookie categories are enabled (Necessary + Functional)
Reject Non-EssentialOnly Strictly Necessary cookies are enabled
CustomizeYou choose which categories to enable individually

5.3 Withdrawing Consent

You can change your cookie preferences at any time:

  1. Via our website: Click the "Cookie Settings" link in the footer of any page
  2. Via browser settings: Clear cookies and browser storage for enigmalab.io — including the c15t consent-state cookie (c15t) and its mirrored local-storage entry
  3. Contact us: Email hello@enigmalab.io

When you withdraw consent:

  • Non-essential cookies are immediately deleted
  • Associated data processing stops
  • Your preference is recorded for 365 days
  • Withdrawal of consent does not affect the lawfulness of any processing carried out on the basis of consent before its withdrawal

5.4 Consent Expiration and Renewal

Your cookie consent preferences are stored for 365 days. After this period:

  • The cookie consent banner will reappear on your next visit
  • You will be asked to confirm or update your preferences
  • This ensures your consent remains current and informed

We may also re-display the consent banner if:

  • We add new cookie categories
  • We add new third-party services
  • There are material changes to how we use cookies

6. Managing Cookies

6.1 Using Our Cookie Settings

The easiest way to manage cookies on our website is through our built-in cookie settings:

  1. Click "Cookie Settings" in the footer of any page
  2. Toggle individual cookie categories on or off
  3. Click "Save Preferences"

Your choices take effect immediately.

6.2 Browser Settings

You can also control cookies through your browser settings. Here's how to manage cookies in popular browsers:

BrowserSettings PathInstructions Link
Google ChromeSettings → Privacy and security → Cookies and other site dataChrome Help
Mozilla FirefoxSettings → Privacy & Security → Cookies and Site DataFirefox Help
Apple SafariPreferences → Privacy → Cookies and website dataSafari Help
Microsoft EdgeSettings → Cookies and site permissions → Manage and delete cookiesEdge Help

Browser-level options include:

  • Block all cookies
  • Block third-party cookies only
  • Clear cookies when you close the browser
  • Create exceptions for specific websites
  • View and delete existing cookies

Note: Blocking all cookies may prevent some features of our website from functioning properly.

6.3 Mobile Devices

On mobile devices, you can manage cookies through:

DevicePath
iOS (Safari)Settings → Safari → Block All Cookies / Prevent Cross-Site Tracking
Android (Chrome)Chrome → Settings → Site settings → Cookies

6.4 Third-Party Opt-Outs

For cookies set by third-party services, you can also use their dedicated opt-out mechanisms:

ServiceOpt-Out Method
IntercomIntercom Privacy Portal or disable functional cookies in our settings

7. Third-Party Services

We use a limited number of third-party services that may set cookies. Here's detailed information about each:

ServicePurposePrivacy PolicyOpt-Out
IntercomLive chat supportIntercom PrivacyDisable functional cookies

7.1 Intercom (Live Chat)

Purpose: Provides live chat functionality for customer support

Data collected:

  • Anonymous user ID for chat continuity
  • Chat conversation history
  • Device identifier for session management

Role: Intercom acts as our processor in respect of the chat conversation data and user-identifier data we collect through its chat service (where we determine the purposes and means of processing). Intercom may additionally act as an independent controller in respect of certain platform telemetry and product analytics it generates in the operation of the chat service itself. The role allocation between Enigma and Intercom is governed by Intercom's data processing agreement and product terms, as in force from time to time.

Data location: Intercom processes data in the United States. The United States is not currently on the Commissioner of Data Protection's list of jurisdictions assessed as providing an adequate level of protection (see Appendix 3 of the DP Regulations). Transfers of personal data from Enigma Labs Technology Limited (DIFC) to Intercom (United States) are therefore made under appropriate contractual safeguards under the appropriate-safeguards regime of the DP Law and Regulation 5 of the DP Regulations, including the Standard Contractual Clauses approved and published by the Commissioner.

Data retention: Device identifier (intercom-device-id-*): ~9 months (270 days) — first-party cookie. Session identifier (intercom-session-*): 1 week — first-party cookie. User identifier (intercom-id-*): first-party cookie with no expiry (until cleared by the user); also mirrored to browser local storage.

How to opt out: Disable "Functional Cookies" in our cookie settings or contact Intercom through their Privacy Portal

8. Do Not Track

What are Do Not Track (DNT) and Global Privacy Control (GPC)?

Do Not Track (DNT) and Global Privacy Control (GPC) are browser signals that communicate your preference not to be tracked. DNT is the older mechanism, sent as a request header; GPC is a newer specification with growing legal recognition. GPC is exposed both as a request header (Sec-GPC) and a JavaScript property (navigator.globalPrivacyControl).

Our response to these signals

AspectOur Approach
Global Privacy Control (GPC)Our consent management platform (c15t) recognises GPC and treats it as an automatic refusal of non-essential cookie categories where the underlying legal regime supports it
Do Not Track (DNT)We do not implement specific behaviour for the legacy DNT header. The same outcome (refuse non-essential cookies) is achievable via our cookie banner or settings dialog
Third-Party CookiesIntercom does not currently respect GPC or DNT in all cases; we therefore only load it after explicit Functional consent regardless of either signal
Essential CookiesStill required for website functionality regardless of GPC or DNT

Alternative options

If your browser doesn't expose GPC or you want additional control:

  1. Use our cookie consent banner or "Cookie Settings" link to reject non-essential cookies
  2. Install privacy-focused browser extensions (uBlock Origin, Privacy Badger)
  3. Use browser settings to block third-party cookies
  4. Use private / incognito browsing mode

9. Updates to This Policy

We may update this Cookie Policy from time to time to reflect:

  • Changes in the cookies we use
  • New third-party services
  • Changes in legal requirements (including changes to the DP Law, the DP Regulations or guidance issued by the Commissioner of Data Protection)
  • Improvements to our privacy practices

How We Notify You of Changes

Change TypeNotification Method
Minor updates (clarifications, typo fixes)Updated date in document header
Material changes (new cookie categories, new third parties)Cookie banner re-display + email to registered users
Version changesDocument version number incremented

Version History

VersionDateChanges
1.0January 22, 2026Initial release
2.0May 19, 2026Rewrite to align disclosures with the DIFC Data Protection Law, DIFC Law No. 5 of 2020 (as amended by DIFC Law No. 2 of 2022) and the DIFC Data Protection Regulations (Consolidated Version No. 2, in force 1 September 2023). Removed references to legal frameworks that do not apply to Enigma Labs Technology Limited as a DIFC-incorporated controller; added the Commissioner of Data Protection as the supervisory authority; clarified cross-border transfer mechanisms for Intercom (United States) and Plausible (European Union).
2.1May 19, 2026Walk-through refinements: expanded the strict-necessity reasoning for each cookie in §3.1; clarified Intercom's dual processor / independent-controller role in §7.1; restated DP Law citations descriptively in §7.1, §7.3 and §10 pending counsel verification of specific article numbers.
3.0May 19, 2026Engineering reconciliation: installed c15t as the consent management platform; gated Intercom behind explicit Functional consent; removed cookies and third-party services that were described in v2.x but not actually deployed (PHPSESSID/csrf_token/__Host-session/cc_cookie/locale/lang/plausible_ignore/X cookies, plus the entire Plausible and X share-button sections); added the c15t consent-state cookie to the strictly-necessary inventory; restated intercom-id-* as a first-party cookie with localStorage mirror (correcting v3.0's earlier classification as localStorage-only); reframed §8 around Global Privacy Control (GPC) alongside the legacy DNT signal; narrowed the Regulation 10 attribution to the human-intervention right; fixed the /terms URL to /tos.

Current version: 3.0 (Last updated: May 19, 2026)

We recommend reviewing this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

10. Your Rights

Where personal data is processed through cookies or similar technologies described in this policy, you have the rights set out in the DIFC Data Protection Law, DIFC Law No. 5 of 2020 (as amended). These rights include, subject to the conditions and limitations set out in the DP Law:

RightDescriptionHow to Exercise
Right to be informedKnow what cookies are used, for what purposes, and on what basisThis policy together with our Privacy Policy provides this information
Right of accessAccess any personal data we hold about youContact hello@enigmalab.io
Right to rectificationCorrect inaccurate personal dataContact hello@enigmalab.io
Right to erasureRequest deletion of personal data collected via cookiesClear cookies, withdraw consent, or contact us
Right to restriction of processingLimit how your personal data is usedAdjust cookie preferences or contact us
Right to data portabilityReceive certain personal data in a structured, commonly-used format, where applicableContact hello@enigmalab.io
Right to objectObject to certain types of processingReject non-essential cookies or contact us
Right to withdraw consentWithdraw consent at any time, without affecting prior lawful processingUse "Cookie Settings" in the footer, or clear the c15t cookie and its mirrored local-storage entry
Right to lodge a complaintComplain to the Commissioner of Data Protection (DIFC)See contact details in Section 11 below
Right to compensationSeek compensation for material or non-material damage caused by a contravention of the DP Law, through the DIFC CourtsSee the compensation regime of the DP Law and contact your legal advisor

If, at any point, our cookie usage is changed such that personal data is processed through autonomous or semi-autonomous systems falling within the scope of Regulation 10 of the DP Regulations, the additional rights set out in that Regulation — including the right to request human intervention — would apply. Broader rights of objection, contestation and explanation in respect of automated decisions would arise under the DP Law itself rather than Regulation 10. The cookies and processing described in this policy do not currently engage Regulation 10.

For more detailed information about your privacy rights and the lawful bases on which we process personal data, please refer to our Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Cookie Policy or our use of cookies, please contact us:

Contact MethodDetails
Privacy Emailhello@enigmalab.io
Data Protection Officerhello@enigmalab.io
Company AddressEnigma Labs Technology Limited, IH-00-01-01-OF-01, Level 1, Innovation One, Dubai International Financial Centre, Dubai, United Arab Emirates
Privacy Policyhttps://enigmalab.io/privacy
Terms of Servicehttps://enigmalab.io/tos

We aim to respond to all privacy-related inquiries within 30 days.

Supervisory Authority

If you are not satisfied with our handling of your request, or if you believe that our processing of your personal data contravenes the DP Law, you have the right to lodge a complaint with the Commissioner of Data Protection:

Contact MethodDetails
AuthorityCommissioner of Data Protection, Dubai International Financial Centre Authority
Emailcommissioner@dp.difc.ae
Postal AddressOffice of the Commissioner of Data Protection, Level 14, The Gate, PO Box 74777, Dubai, United Arab Emirates
Websitehttps://www.difc.ae/business/operating/data-protection

Document Information

FieldValue
Document TitleCookie Policy
CompanyEnigma Labs Technology Limited
DIFC License NumberCL13349
Legal EntityLimited Liability Company (DIFC)
Registered AddressIH-00-01-01-OF-01, Level 1, Innovation One, Dubai International Financial Centre, Dubai, United Arab Emirates
Country of IncorporationUnited Arab Emirates
Websitehttps://enigmalab.io
Cookie Policy URLhttps://enigmalab.io/cookies
Privacy Policy URLhttps://enigmalab.io/privacy
Terms of Service URLhttps://enigmalab.io/tos
Effective DateMay 19, 2026
Last UpdatedMay 19, 2026
Version3.0
Cookie Consent Toolc15t

Legal Framework

This Cookie Policy is governed by the laws of the Dubai International Financial Centre and is designed to give effect to the obligations of Enigma Labs Technology Limited under:

  • DIFC Data Protection Law, DIFC Law No. 5 of 2020 (the "DP Law") — the primary data-protection statute applicable to Enigma Labs Technology Limited as a DIFC-incorporated controller
  • DIFC Laws Amendment Law, DIFC Law No. 2 of 2022 — amendments to the DP Law (including the autonomous-systems framework operationalised in Regulation 10 of the DP Regulations)
  • DIFC Data Protection Regulations (Consolidated Version No. 2, in force on 1 September 2023) (the "DP Regulations") — and in particular:
    • Regulation 5 (Transfers Out of the DIFC) — including the Standard Contractual Clauses approved by the Commissioner
    • Regulation 9 (Collection and Use of Personal Data in Digital Communications and Services) — notice, default settings and consent requirements for cookies, pixels and similar technologies
    • Regulation 10 (Personal Data Processed Through Autonomous and Semi-Autonomous Systems) — disclosure framework for the human-intervention right where autonomous or semi-autonomous systems are involved; broader automated-decision rights live in the DP Law itself

The federal UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) does not apply to processing carried out by Enigma Labs Technology Limited as a DIFC-incorporated entity. The supervisory authority for this entity is the Commissioner of Data Protection (DIFC), not the UAE Data Office.

Related Documents

This Cookie Policy (version 3.0) was last updated on May 19, 2026. For the most current version, please visit https://enigmalab.io/cookies.

© 2026 Enigma Labs Technology Limited. All rights reserved.