Cookie Policy

1) What Are Cookies?

Cookies are small text files placed on your device by a website through your browser to remember specific information between sessions. They are widely used to make sites work efficiently, remember your preferences, or gather analytics data.

In addition to cookies, we may use other storage mechanisms such as browser localStorage and sessionStorage — built-in browser features that allow storing key/value data on your device.

Cookies are generally categorized as: session cookies (expire when the browser closes) and persistent cookies (remain for a set period). They are also categorized by source: first-party cookies (from the Platform itself) and third-party cookies (from external services).

2) Essential Cookies

These cookies are strictly necessary for the Platform to function and cannot be disabled without impacting core functionality. They include:

• rt_sess / rt_admin_sess — session login cookie for partner and admin respectively; contains an encrypted session identifier to securely identify your session between requests
• CSRF Token — a value embedded in form requests to protect your account from cross-site request forgery attacks
• Language Session — a session value that stores your language preference (ar/en) for the current browsing session

These cookies are not used for any marketing purposes. Session cookies are automatically deleted when you close your browser or when the session lifetime configured in the system settings expires.

3) Preference Storage

We use browser localStorage to save your personal interface preferences across sessions:

• rt_theme — your light/dark mode preference; read before any CSS loads to prevent visual flash on theme switch
• rt_login_fp — a fingerprint value generated from browser characteristics used by the login page for security purposes

This data is stored only on your device and is not sent to our servers except when needed for authentication or security purposes. You can clear it manually from your browser's developer tools.

4) Tracking & Analytics Values

To accurately count unique clicks and prevent fraud, we use technical values associated with referral click events:

• Device Fingerprint — a value derived from a combination of browser properties (User-Agent, screen resolution, timezone, CPU count) used to deduplicate clicks from the same device
• Nonce — a random token embedded in tracking requests to prevent replaying the same event multiple times
• HMAC Signature — a cryptographic signature verified to ensure the tracking request originates from a legitimate referral link
• Click Event ID — stored temporarily to verify that the same event is not registered twice

These values are used exclusively for operational and security purposes. No advertising profiles are built from them and they are not shared with external ad networks.

5) Third-Party Cookies & Resources

In limited cases, resources may be loaded from third parties that set their own cookies. Current cases include:

• Google Fonts (e.g. Cairo font for Arabic rendering) — connection data used for delivery purposes only
• Country flag images from flagcdn.com — embedded in country code selectors in forms and do not set cookies

We do not use any third-party advertising trackers or analytics networks (such as Google Analytics or Meta Pixel) on the core Platform pages. External resources are limited to technical delivery only.

6) Local Storage & Session Storage

localStorage differs from cookies in that it is not automatically sent with every HTTP request. It persists until manually cleared or cleared by code. We use it exclusively for interface preference data (light/dark theme) and lightweight security data (login fingerprint).

sessionStorage is automatically deleted when the browser window closes and is less persistent than localStorage. We may use it for temporary data within a single browsing session.

None of this data is sent to third parties or used for marketing purposes. Its content is limited to supporting core Platform functionality.

7) Managing Your Preferences

You can control cookies and local storage through the following methods:

• Browser Settings: every major browser (Chrome, Firefox, Safari, Edge) provides options to view, delete, or block specific types of cookies
• Developer Tools: in the Application → Storage section you can clear localStorage, sessionStorage, and individual cookies
• Private/Incognito Browsing: no persistent cookies are saved after the private window is closed

Disabling essential cookies (the session cookie) will prevent you from signing in and accessing your dashboard. Clearing localStorage may reset your theme or language preferences, requiring you to re-set them.

Note: The Platform does not rely on cookies for advertising purposes, so disabling third-party cookies will not affect your core experience.

8) Storage Retention Periods

The lifetime of cookies and stored data varies by type. The following periods apply:

• Session Cookie: expires when the browser closes or after a maximum of 7 days of inactivity
• Theme preference in localStorage: permanent until manually cleared
• Login fingerprint: stored in localStorage with no expiry until cleared
• Tracking data on servers: 90 days for raw events, then merged into aggregated statistics
• Session-linked fraud logs: up to 36 months on the server

Retention periods are reviewed periodically. If any are changed, this page will be updated and partners will be notified through appropriate channels.

9) Updates to this Cookie Policy

We may update this policy when the Platform's technical architecture changes, new features requiring different storage are introduced, or privacy regulatory obligations are updated.

Material changes to this policy will be announced clearly with the "Last updated" date at the top of the page reflecting the revision. Your continued use of the Platform after an update constitutes implicit acceptance of the revised policy.