Cookie Policy
How Deribook uses cookies and similar technologies — including what cookies we set, why we use them, and how you can control them.
Table of Contents
Operator & Scope
This Cookie Policy (“Policy”) applies to the website and web application available at deribook.com (the “Platform”), operated by:
The Platform provides derivatives analytics services for traders. This Policy explains what cookies and similar tracking technologies we use, why we use them, and how you can control them. It should be read together with our Privacy Policy and Terms of Service.
Legal Basis for Cookie Use
Our use of cookies is governed by:
- The Swiss Federal Act on Data Protection (FADP) and the revised Federal Act on Data Protection (revFADP), effective 1 September 2023, together with the implementing ordinance (DPO).
- The EU General Data Protection Regulation (GDPR) (Regulation 2016/679), applicable where we process personal data of individuals in the European Economic Area (EEA).
- The ePrivacy Directive (Directive 2002/58/EC), as transposed into the national laws of EU/EEA Member States, which requires prior informed consent before storing or accessing information on a user's terminal equipment, except where strictly necessary.
- The Swiss Telecommunications Act (TCA), which contains provisions relating to the use of cookies and similar technologies.
In practice: Strictly necessary cookies are placed without your consent because they are essential for the Platform to function. All other cookies (analytics, marketing, functional) are only activated after you have given your explicit, informed, and freely given consent via our cookie banner.
Third-Party Providers
Some cookies are set by third-party services that appear on our pages. We do not control these third-party cookies. The following providers may set cookies through our Platform, subject to your consent:
| Provider | Category | Privacy Policy |
|---|---|---|
| Google (Firebase, Analytics, Ads) | Necessary / Analytics / Marketing | View |
| Sentry | Analytics | View |
| Hotjar | Analytics | View |
| Meta (Facebook) | Marketing | View |
| Marketing | View | |
| TikTok | Marketing | View |
Third-party cookies are governed by the respective provider's own privacy and cookie policies. We encourage you to review them. We only load third-party scripts after you have given explicit consent for the relevant cookie category.
How We Collect & Manage Consent
When you first visit the Platform, a cookie consent banner is displayed at the bottom of the page. The banner offers three equally accessible options:
- Accept All — enables all cookie categories (necessary, analytics, marketing, functional).
- Reject All — enables only necessary cookies and blocks all optional categories.
- Customize — opens a detailed preferences modal where you can toggle individual categories on or off.
No non-essential cookies or scripts are loaded until you make a choice. Until you interact with the banner, only strictly necessary cookies are active.
Active Script Blocking
We implement active script blocking technology that prevents third-party analytics, marketing, and functional scripts from loading in your browser until consent is granted. This is enforced through DOM observation and script element interception, ensuring that no tracking occurs without your permission — even if a script attempts to load programmatically.
Your consent choice is stored in a browser cookie (deribook_cookie_consent) for quick access and, if you are logged in, synchronised to our Firestore database as the authoritative source of truth.
Manage Your Cookie Preferences
You can change your cookie preferences at any time using the controls below, through your account settings, or by clicking the cookie preferences icon in the website footer. Changes take effect immediately.
When you withdraw consent for a category, all cookies belonging to that category are automatically and immediately deleted from your browser. Any third-party scripts associated with that category are blocked from executing.
Cookie Preferences
Consent Audit Trail
For authenticated users, every consent action (acceptance, rejection, customisation, or withdrawal) is recorded as an immutable audit entry in our Firestore database. Each record captures:
- The categories that were consented to or rejected
- The method used (e.g., banner accept, banner reject, modal customise, settings update, withdraw)
- A server-generated timestamp
- A hashed IP address (SHA-256 with monthly rotating salt for temporal unlinkability) and a truncated user agent string (max 500 characters)
- The page URL (with query parameters stripped for privacy)
You can view your complete consent history in your Account Settings. These records are maintained for compliance and accountability purposes under GDPR Art. 7(1) and cannot be altered after creation.
Consent Validity & Renewal
Your cookie consent preferences are valid for 365 days from the date you gave or last updated your consent. After this period, you will be prompted to confirm your preferences again.
Additionally, we track a consent version number (currently v2.0.0). If we make material changes to the types of cookies we use or the purposes for which we use them, we will increment this version number, and you will be asked to re-consent even if your current consent has not expired.
We will never treat the absence of a response or the continued use of the Platform as consent.
Browser Cookie Settings
In addition to the controls we provide on the Platform, most web browsers allow you to manage cookies through their settings. You can typically find these options in your browser's “Privacy” or “Security” settings.
Please note that if you choose to block all cookies via your browser settings, certain features of the Platform may not function correctly, including authentication and session management.
For more information on how to manage cookies in your browser, visit aboutcookies.org or allaboutcookies.org.
International Data Transfers
Some of the third-party cookie providers listed in this Policy may process your data outside of Switzerland and the EEA, including in the United States.
Where data is transferred to countries that are not deemed to provide an adequate level of data protection by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission, we ensure that appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Swiss-specific data transfer clauses recognised by the FDPIC
- The EU-U.S. Data Privacy Framework, where the provider is a certified participant
Your Rights
Under the GDPR, revFADP, and applicable data protection laws, you have the following rights in relation to cookie data:
- Right to be informed — This Policy explains what cookies we use and why.
- Right to consent — Non-essential cookies require your explicit, informed, and freely given consent before activation.
- Right to withdraw consent — You can change or withdraw consent at any time via the cookie settings on this page, your account settings, or the cookie icon in the footer. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to erasure — When consent is withdrawn, all cookies associated with the revoked categories are automatically deleted from your browser.
- Right of access — If you have an account, your full consent history is available in your account settings.
- Right to lodge a complaint — You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if applicable, your local EU/EEA supervisory authority.
Swiss supervisory authority: Federal Data Protection and Information Commissioner (FDPIC),Feldeggweg 1, CH-3003 Bern, Switzerland — www.edoeb.admin.ch
Do Not Track Signals
Some browsers transmit a “Do Not Track” (DNT) signal. There is currently no uniform standard for how websites should interpret DNT signals. However, our approach is equivalent to honouring DNT: we do not load any non-essential cookies or tracking scripts until you affirmatively consent via our cookie banner, regardless of your browser's DNT setting.
US State Privacy Laws
Deribook respects the privacy rights granted by US state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA).
Do Not Sell or Share
SoftFin Tech SA does not sell your personal information as defined under the CCPA/CPRA. Our use of marketing cookies (when you consent) may constitute “sharing” of personal information for cross-context behavioural advertising under CCPA/CPRA. You can opt out of this sharing by rejecting marketing cookies via our cookie banner, adjusting your preferences in the cookie settings section, or enabling Global Privacy Control (GPC) in your browser.
Your Rights
Depending on your state of residence, you may have the following rights regarding your personal information:
- Right to Know / Access — request what personal data we have collected about you
- Right to Delete — request deletion of your personal data
- Right to Opt-Out of Sale/Sharing — opt out of the sale or sharing of your personal data for targeted advertising
- Right to Correct — request correction of inaccurate personal data
- Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights
To exercise any of these rights, contact us at privacy@deribook.com. We will respond within the timeframes required by applicable law (generally 45 days for CCPA/CPRA requests).
Global Privacy Control (GPC)
We honour the Global Privacy Control (GPC) signal. When your browser or an extension sends a GPC signal (navigator.globalPrivacyControl = true), we automatically treat it as a request to opt out of the sale or sharing of your personal information under applicable US state laws.
Specifically, when GPC is detected, marketing cookies and cross-context behavioural advertising scripts are blocked regardless of prior consent. This is equivalent to selecting “Reject All” for the marketing cookie category. Analytics and functional cookies are unaffected by GPC and remain governed by your consent choices.
Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:
- We will update the “Last Updated” date at the top of this Policy
- We will increment the consent version number, triggering a re-consent request for all users
- Where appropriate, we will notify you via email or a prominent notice on the Platform
We encourage you to review this Policy periodically.
Contact Us
If you have questions or concerns about this Cookie Policy, our use of cookies, or your data protection rights, please contact us:
Questions about this document?
Contact our legal team at legal@deribook.com