Cookie Policy

Steleo Publishing Limited

Effective Date: 1st February 2025

Last Updated: 25/04/2026

Document Version: 1.0

Regulatory Framework: This Cookie Policy is drafted in accordance with the Privacy and Electronic Communications Regulations 2003 (as amended) ("PECR"), the UK General Data Protection Regulation, and the Data Protection Act 2018.

1. Introduction and Legal Basis

This Cookie Policy ("Policy") sets out the manner in which Steleo Publishing Limited ("Steleo," "we," "us," or "our") employs cookies and similar technologies in connection with the BundleCreator.co service ("Service").

1.1 Company Information:

• Steleo Publishing Limited, a company incorporated in England and Wales (Company Number: 11891029)
• Registered Address: 167-169 Great Portland Street, London W1W 5PF
• Contact: privacy@bundlecreator.co
• ICO Registration: [To be confirmed upon registration]

1.2 Regulatory Compliance: This Policy ensures compliance with Regulation 6 of PECR, which requires that we:

• Provide clear and comprehensive information about cookies
• Obtain informed consent before storing or accessing non-essential cookies
• Provide users with the ability to refuse or withdraw consent
• Maintain records demonstrating compliance with consent requirements

2. What Are Cookies?

2.1 Technical Definition: Cookies are small text files containing strings of alphanumeric characters that are stored on your device (computer, tablet, or mobile telephone) when you visit a website. These files enable the website to recognise your device and remember certain information about your interaction with the site.

2.2 Cookie Categories: Cookies may be classified according to their:

• Duration: Session cookies (deleted when browser closes) or Persistent cookies (remain until expiry date or manual deletion)
• Origin: First-party cookies (set by BundleCreator.co) or Third-party cookies (set by external services)
• Purpose: Strictly necessary, functional, performance, or targeting cookies

2.3 Similar Technologies: This Policy also applies to similar technologies including:

• Local Storage and Session Storage (HTML5 storage mechanisms)
• IndexedDB (structured data storage in the browser)
• Web beacons and pixel tags (where applicable)

3. Cookies We Use

3.1 Strictly Necessary Cookies (No Consent Required):

These cookies are essential for the operation of our Service and are deployed pursuant to the "strictly necessary" exception under Regulation 6(4) of PECR. These cookies cannot be disabled without materially impairing Service functionality.

3.2 Local Storage (Browser-Based Storage):

BundleCreator.co employs browser local storage and IndexedDB for application functionality. This storage:

• Stores application state and user preferences locally on your device
• Maintains session information during editing
• Preserves user interface settings and preferences
• Is classified as strictly necessary for application functionality

3.3 Cookies We Do NOT Use:

• Advertising Cookies: We do not employ any advertising or marketing cookies
• Analytics Cookies: We do not use Google Analytics, Facebook Pixel, or similar tracking technologies
• Social Media Cookies: We do not embed social media tracking pixels
• Behavioural Targeting: We do not profile user behaviour for commercial purposes
• Cross-Site Tracking: We do not participate in advertising networks or data sharing consortiums

4. Third-Party Services and Their Cookies

4.1 Authentication Service:

We employ enterprise-grade OAuth 2.0 authentication services. Our authentication provider may set cookies necessary for secure authentication, session management, and security protection. These cookies are classified as strictly necessary under PECR.

• Provider: OAuth 2.0 authentication service (US-based, GDPR compliant)
• Purpose: Authentication, session management, security
• Legal Basis: Strictly necessary for service provision
• Data Transfer: Standard Contractual Clauses (SCCs) for UK-US transfers
• SOC 2 Type II Certified: Our authentication provider maintains comprehensive security and privacy certifications

4.2 Content Delivery Network (Vercel/AWS):

Our Service is delivered via Vercel's content delivery network and may employ cookies for:

• Load balancing and performance optimisation
• DDoS protection and security
• Geographic routing

These cookies are classified as strictly necessary for service delivery and security.

4.3 Payment Processing:

When you make a payment, our payment processing service (PCI DSS Level 1 certified) may set cookies necessary for:

• Fraud detection and prevention
• Secure payment processing
• PCI DSS compliance

These cookies are classified as strictly necessary for payment security and fraud prevention.

• Certifications: PCI DSS Level 1, SOC 2 Type II, ISO 27001

5. Your Rights and Controls

5.1 Browser Controls: Most web browsers allow you to control cookies through browser settings. You may:

• Block all cookies
• Block third-party cookies only
• Delete cookies after each browsing session
• Set browser to prompt before accepting cookies

5.2 Managing Browser Cookies:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions

5.3 Local Storage Management: To clear local storage and IndexedDB:

• Chrome: Developer Tools (F12) → Application → Clear storage
• Firefox: Developer Tools (F12) → Storage → Clear All
• Safari: Develop menu → Empty Caches

5.4 Your GDPR Rights: Under UK GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Limit processing of your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact: privacy@bundlecreator.co

6. International Data Transfers

6.1 Third-Party Processors: Certain third-party services (authentication, payment processing) are based in the United States. We ensure compliance with UK GDPR requirements for international transfers through:

• Standard Contractual Clauses (SCCs) approved by the ICO
• Supplementary measures including encryption and access controls
• Transfer Impact Assessments (TIAs) evaluating risks
• Contractual commitments regarding data protection

6.2 Data Protection Architecture: Your document content is protected with AES-256 encryption at rest via cloud database infrastructure and TLS 1.3 encryption during transmission. Third-party services are carefully selected and bound by contractual data protection obligations.

7. Legal Professional Privilege

7.1 Privilege Protection: BundleCreator.co is designed specifically to preserve legal professional privilege. Our strictly necessary cookies and local storage:

• Enable secure transmission of documents with AES-256 encryption at rest and TLS 1.3 in transit
• Support role-based access controls to restrict document access
• Maintain the confidentiality required for privileged communications through comprehensive security measures
• Comply with SRA Principles and BSB Core Duties regarding confidentiality

7.2 Professional Responsibility: Legal professionals using BundleCreator.co remain responsible for:

• Maintaining appropriate device security
• Using strong passwords and authentication
• Complying with professional conduct rules
• Assessing risks to client confidentiality

For comprehensive information, see our Legal Professional Privilege Statement.

8. Changes to This Policy

8.1 Notification of Changes: We may update this Cookie Policy to reflect:

• Changes in our cookie usage
• Changes in applicable law
• Changes to third-party services
• Technological developments

8.2 Material Changes: If we make material changes to this Policy, we will:

• Update the "Last Updated" date at the top of this document
• Notify you via email (if you have an active account)
• Display a prominent notice on the Service
• Obtain fresh consent if required by law

8.3 Review Obligation: We recommend reviewing this Policy periodically to stay informed about our cookie practices.

9. Contact and Complaints

9.1 Contact Information: For questions or concerns regarding this Cookie Policy, please contact:

• Email: privacy@bundlecreator.co
• Post: Data Protection Officer, Steleo Publishing Limited, 167-169 Great Portland Street, London W1W 5PF

9.2 Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• ICO Website: https://ico.org.uk
• ICO Helpline: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

9.3 Resolution Process: We are committed to resolving complaints promptly and fairly. Upon receiving your complaint, we will:

• Acknowledge receipt within 48 hours (excluding weekends)
• Investigate thoroughly and respond within 30 days
• Provide a detailed explanation of our findings and any remedial action
• Inform you of your right to escalate to the ICO if dissatisfied

10. Technical Specifications

10.1 Cookie Lifespan:

• Session Cookies: Deleted when browser closes
• Authentication Cookies: Maximum 30 days (configurable)
• Security Cookies: Session-based or until logout

10.2 Storage Mechanisms:

• Cookies: HTTP-only, Secure flag, SameSite attribute
• Local Storage: Session data and preferences, origin-restricted
• IndexedDB: Application state and preferences, origin-restricted

10.3 Security Measures:

• All cookies transmitted over HTTPS with Secure flag
• HTTP-only flag prevents JavaScript access to sensitive cookies
• SameSite attribute prevents CSRF attacks
• Content Security Policy (CSP) restricts third-party access