Cookie Policy

Platform: eGrants (egrants.com.ua)

Last Updated: November 17, 2025

1. WHAT ARE COOKIES

1.1 Definition

Cookies are small text files that our website stores in your browser. They help the site "remember" information about your visit.

Simple example: When you choose the Ukrainian language — we remember this through a cookie. Next time, the site will automatically open in Ukrainian.

1.2 Why We Need Them

Cookies help us:

Recognize you on repeat visits
Remember your settings (language, preferences)
Protect your account from hacking
Save your session, so you don't have to log in with every click

1.3 Types of Cookies by Duration

Session cookies:

Temporary files that are automatically deleted after closing the browser
Used for basic site functionality

Persistent cookies:

Stored on your device for a certain period of time
Help remember your settings between visits

2. COOKIES WE USE

2.1 Necessary Cookies — Without Them the Site Doesn't Work

These cookies are mandatory for the Platform to function. Without them, you won't be able to log into your account.

2.1.1 Site Access Protection (site_access)

What it does: Remembers that you've already entered the site access password (for staging environment)

How long it lives: 7 days

Technical details: site_access, httpOnly (XSS protection), secure (HTTPS only), sameSite: lax (CSRF protection)

Your privacy: Stored only in your browser, contains only "authenticated" status

2.1.2 Your Session (next-auth.session-token)

What it does: Remembers that you're logged in, so you don't have to enter your password with every click

How long it lives: Up to 30 days from last activity

Auto-logout: If you're inactive for 30 minutes — the system logs out automatically. Maximum one session = 24 hours.

Technical details: next-auth.session-token (or __Secure-next-auth.session-token in production), httpOnly, secure, sameSite: lax

Your privacy: Encrypted JWT token — no one except our server can read it

2.1.3 Hack Protection (CSRF token)

What it does: Verifies that requests are actually sent by you, not a malicious site

How long it lives: Until browser closes (session cookie)

Technical details: next-auth.csrf-token, token for CSRF (Cross-Site Request Forgery) attack protection

Your privacy: Unique technical token, contains no personal information

2.2 Functional Cookies — For Convenience

These cookies make using the site more convenient. They can be disabled, but you'll lose convenience.

2.2.1 Language Choice (locale)

What it does: Remembers your preferred interface language (Ukrainian or English)

How long it lives: 1 year

What happens if you disable it: The site will constantly open in the default language

Technical details: locale, stores language code ("uk" or "en"), httpOnly: false (accessible to JavaScript), secure, sameSite: lax

Your privacy: Just a language code, no personal data

2.3 Analytical Cookies — Statistics to Improve Service

Status: We use Google Analytics to understand how to improve the platform

2.3.1 Google Analytics

What it does: Helps us understand how users use the platform — which pages are popular, how much time they spend, where they come from

Technical details: Google Analytics sets cookies (_ga, _gid, _gat) to collect anonymous statistics

Your privacy:

We DO NOT collect personal data (names, emails, passwords)
IP addresses are anonymized (last digits hidden)
Data is used only to improve the platform
You can disable tracking through browser settings or by installing Google Analytics Opt-out Browser Add-on

Google Analytics Cookies:

_ga — main cookie for identifying unique visitors (duration: 2 years)
_gid — identifies unique visitors (duration: 24 hours)
_gat — limits request rate (duration: 1 minute)

2.3.2 Own Analytics (without cookies)

We also track content popularity on the server side, without cookies:

Views of funding programs
Views of organization profiles
Blog article views
Resource popularity

How it works: 2-3 second delay after opening the page (excludes bots and accidental clicks)

Your privacy: Counters are NOT linked to your personal data. We only see numbers like "100 views", but DON'T know who specifically viewed

2.4 Marketing and Advertising Cookies

Status: We DO NOT use marketing or advertising cookies. At all. Ever.

The eGrants platform does not have:

Facebook/Instagram tracking pixels
Google Ads (advertising network)
Remarketing
Advertising networks
Tracking for advertising

Why? Because this is a government platform, not an advertising business. Your privacy is more important to us than advertising.

3. LOCAL STORAGE — YOUR PERSONAL NOTEPAD

3.1 What Is It

Local storage is like a personal notepad in your browser. This data:

Is stored ONLY on your computer
Is NEVER automatically transmitted to the server
Is accessible only to you

3.2 What We Store There

3.2.1 Your Preferred Language (preferred-language)

What's stored: Language code ("uk" or "en")

Why: To remember your language choice between visits

Duration: Indefinitely (until cleared by user)

Note: Has higher priority than locale cookie

3.2.2 Interface Settings

What's stored: Your personal settings (menu state, preferences, etc.)

Who sees it: Only you. This data never leaves your browser.

3.2.3 Form Drafts

What's stored: Text you've entered in a form but haven't submitted yet

Why: If you accidentally close the tab — your work won't be lost

Deletion: Automatically erased after successful form submission

4. LEGAL BASIS — IS THIS LEGAL?

4.1 Necessary Cookies — Consent Not Required

Legal basis: Performance of contract (Art. 6(1)(b) GDPR)

In simple terms: These cookies are necessary for the site to work at all. It's like a key to a door — you can't enter without it. User consent is not required by law.

4.2 Functional Cookies — Legitimate Interests

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) or Consent (Art. 6(1)(a) GDPR)

In simple terms: These cookies make the site more convenient (remember language). The benefit to you (convenience) outweighs the intrusion into privacy (storing language code).

4.3 What Legislation We Comply With

Our Cookie Policy is created in accordance with:

GDPR (General Data Protection Regulation) — EU Regulation 2016/679
ePrivacy Directive — Directive 2002/58/EC (as amended by 2009/136/EC)
Ukrainian Law "On Personal Data Protection" — № 2297-VI

5. HOW TO MANAGE COOKIES IN YOUR BROWSER

5.1 Instructions for Different Browsers

You have full control over cookies. Here's how to view and delete them:

5.1.1 Google Chrome

Click the three dots (⋮) in the top right corner
Settings → Privacy and security → Cookies
See all site data
Find egrants.com.ua and delete

Blocking cookies: Settings → Cookies → Block all (not recommended — site won't work)

5.1.2 Mozilla Firefox

Menu (☰) → Settings → Privacy & Security
Cookies and Site Data → Manage Data
Find our site and delete

5.1.3 Safari (Mac/iPhone)

On Mac:

Safari → Preferences → Privacy
Manage Website Data → find and delete

On iPhone/iPad:

Settings → Safari → Clear History and Website Data

5.1.4 Microsoft Edge

Settings (⋮) → Privacy, search, and services
Cookies and site permissions → See all cookies
Find our site and delete

5.2 What Happens If You Disable Cookies

5.2.1 Disabled ALL Cookies

Platform won't work:

You won't be able to log into your account
Session is not saved — you log out with every click
Password site protection doesn't work
Security system is disabled

Verdict: Necessary cookies must be enabled

5.2.2 Disabled Only Functional Cookies

Loss of convenience, but works:

Language resets to Ukrainian every time
Settings are not saved
Basic functions work normally

Verdict: Can work, but inconvenient

5.3 "Do Not Track" Mode

If your browser has "Do Not Track" enabled — we respect it:

We don't track your behavior for analytics
Necessary cookies still work (otherwise the site breaks)

How to enable "Do Not Track":

Chrome/Edge: Settings → Privacy → Do Not Track
Firefox: Settings → Privacy → Send "Do Not Track"
Safari: Preferences → Privacy → Prevent tracking

6. SECURITY AND PRIVACY

6.1 How We Protect Your Cookies

We take the security of your data seriously:

HTTPS Encryption: All cookies are transmitted over a secure connection
Secure Flag: Browser doesn't transmit cookies over insecure HTTP (HTTPS only)
JWT Encryption: Session tokens are encrypted — impossible to forge
HttpOnly: Critical cookies are inaccessible via JavaScript — protection from hacking
Auto-logout: If you're inactive for 30 minutes — the system logs out automatically
Auto-cleanup: Old sessions are automatically deleted from the server

Technical details for specialists: httpOnly protection from XSS attacks, SameSite: 'lax' protection from CSRF attacks, cookies are not sent with requests from third-party sites

6.2 What We DON'T Store in Cookies

Cookies don't contain:

Your password
Phone numbers
Email addresses
Financial information
Organization personal data

Why? Because cookies are just a "key" to your session. All real data is stored on a secure server.

6.3 How Long Cookies Are Stored

Cookie	Purpose	Lifetime
Password Protection	Access to staging site	7 days
Your Session	Authentication	Up to 30 days (or 30 min. inactivity)
Hack Protection	Security (CSRF)	Until browser closes
Interface Language	Convenience	1 year
Google Analytics (_ga)	Visit analytics	2 years
Google Analytics (_gid)	Visit analytics	24 hours
Google Analytics (_gat)	Request throttling	1 minute

7. THIRD-PARTY COOKIES

7.1 Which Third-Party Cookies We Use

Third-party cookies are cookies from other companies that we've integrated into the platform.

Google Analytics:

Used for analytics and platform improvement
Collects anonymous statistics about visits
IP addresses are anonymized
Data is NOT used for advertising

What we DON'T use:

Social media trackers (Facebook Pixel, Instagram)
Advertising networks (Google Ads)
Remarketing and tracking for advertising

7.2 Links to Other Sites

Attention: When you follow a link to another site (for example, an organization's website), we DO NOT control their cookies.

Recommendation: Check the Cookie Policy of other sites before using them.

8. YOUR RIGHTS

8.1 Right to Know

You have the right to know:

Which cookies we use (section 2)
Why they're needed (each cookie has an explanation)
How long they live (see table in section 6.3)
Who has access (only our server)

This Cookie Policy gives you all information transparently and honestly.

8.2 Right to Refuse

You have the right to:

Disable functional cookies (you'll lose convenience)
Delete all cookies at any time
Configure browser to block cookies

But: Necessary cookies cannot be disabled — without them the site simply doesn't work.

8.3 Right to Delete

You can delete cookies like this:

Manually: Through browser settings (section 5.1)
On logout: Click "Logout" button — session closes
Automatically: Configure browser to clear cookies on close

8.4 Right to Complain

If you believe we're violating your rights, write to us: info@egrants.com.ua

9. COOKIES AND CHILDREN

9.1 Age Restrictions

The eGrants Platform is intended for:

Users aged 16 and over (under GDPR)
Users aged 14 and over with parental/guardian consent (under Ukrainian law)

9.2 Note to Parents

We do not knowingly collect cookies or data from children under 16 without parental consent.

If your child uses our site:

You can check cookies in their browser (section 5.1)
You can delete all cookies
You can block cookies through settings

Contact us if a minor created an account without parental consent: info@egrants.com.ua

10. COOKIE POLICY UPDATES

10.1 When We Update the Policy

This Cookie Policy may change if:

We add new features (and new cookies)
Legislation changes
We improve security
We add new platform capabilities

10.2 How We'll Notify You

For important changes:

We'll send an email (if you're registered)
We'll show a notification on the site
We'll update the date at the top of this page

10.3 Previous Versions

Want to see what changed? Previous versions of the Cookie Policy are available upon request: info@egrants.com.ua

11. TECHNICAL DETAILS

11.1 Table of All Cookies

Cookie Name	Type	Duration	Purpose	HttpOnly	Secure	SameSite
`site_access`	Necessary	7 days	Password access protection	Yes	Yes (prod)	lax
`next-auth.session-token`	Necessary	30 days	User authentication	Yes	Yes (prod)	lax
`next-auth.csrf-token`	Necessary	Session	CSRF protection	No	Yes (prod)	lax
`locale`	Functional	1 year	Language settings	No	Yes (prod)	lax
`_ga`	Analytical (Google Analytics)	2 years	Identifying unique visitors	No	No	-
`_gid`	Analytical (Google Analytics)	24 hours	Identifying unique visitors	No	No	-
`_gat`	Analytical (Google Analytics)	1 minute	Request rate throttling	No	No	-

11.2 Local Storage Keys

Key	Purpose	Duration
`preferred-language`	User's chosen language	Indefinitely
UI settings	Personal interface settings	Indefinitely
Temporary form data	Auto-save entered data	Until form submission

12. FREQUENTLY ASKED QUESTIONS (FAQ)

Q1: Can I use the site without cookies?

A: No. Without cookies it's impossible to log into your account. It's like a lock without a key — the door simply won't open.

Q2: Do you sell my data from cookies?

A: NO. NEVER. IN NO WAY. We're a government platform, not a commercial company. Your data stays only with us.

Q3: Do you track me on other sites?

A: No. Our cookies work ONLY on egrants.com.ua. What you do on other sites is not our business.

Q4: What happens if I delete all cookies?

A: You'll be logged out + all settings will be reset (language, etc.). On next login you'll have to configure everything again.

Q5: Can I selectively delete cookies?

A: Yes. In browser settings you can view a list of all cookies and delete specific ones. However, deleting the session cookie will log you out.

Q6: How long are my cookies stored?

A: It depends on the cookie type:

site_access: 7 days
Session tokens: 30 days (or 30 min. inactivity)
locale: 1 year
CSRF token: until browser closes
Google Analytics _ga: 2 years
Google Analytics _gid: 24 hours
Google Analytics _gat: 1 minute

Q7: Do you use Google Analytics or Facebook Pixel?

A: Yes, we use Google Analytics for analytics (how to improve the platform). IP addresses are anonymized, data is NOT used for advertising. Facebook Pixel — we DON'T use.

Q8: How long is my session stored?

A: Up to 30 days if you're active. But: if inactive for 30 minutes → auto-logout (security!). Maximum one session = 24 hours.

Q9: Are cookies secure on your site?

A: Yes! All cookies are transmitted over secure HTTPS, encrypted JWT tokens, HttpOnly, Secure, SameSite protection. No one else can see them.

Q10: How do I change cookie settings?

A: Through your browser (section 5.1). We didn't make a separate settings panel because we use minimal cookies — only necessary for operation.

13. CONTACTS

13.1 Questions About Cookies

Something unclear? Write to us:

Email: info@egrants.com.ua

Address: Ukraine, 01033, Kyiv, Korolenkivska St., 3, office 703

We respond: Within 2 business days

14. USEFUL LINKS

14.1 Learn More About Cookies

AboutCookies.org — what are cookies
AllAboutCookies.org — how to manage cookies

14.2 Data Protection and Privacy

GDPR.eu — information about data protection in the EU

14.3 Our Other Documents

15. CONSENT TO USE COOKIES

By using the eGrants platform, you confirm that:

☑ You have read and understood this Cookie Policy

☑ You know which cookies we use and why

☑ You agree to the use of necessary cookies (otherwise the site doesn't work)

☑ You understand your rights and can change settings at any time

☑ You can delete cookies through your browser (section 5)

Document Version: 1.5