Cookie Policy
Cookies Policy — Dokan Conditional Category Attributes
Effective Date: 8 June 2026
Last Updated: 24 June 2026
Jurisdictional Scope: United Kingdom, United States, European Union/EEA, Canada, Brazil, Australia, and Other Territories
Plugin Version: 2.0.0 (Server) / 2.0.0 (Plugin)
Developer: OpequeGlass
IMPORTANT LEGAL DISCLAIMER
This Cookies Policy is provided as a compliance template for the Dokan Conditional Category Attributes plugin ecosystem. It is not legal advice. Data protection and electronic communications laws are complex, jurisdiction-specific, and subject to change. You should consult a qualified data protection attorney or privacy professional to adapt this policy to your specific business activities, data processing practices, and target jurisdictions.
1. Introduction and Scope
This Cookies Policy explains how OpequeGlass and the Dokan Conditional Category Attributes plugin (“we,” “us,” “our”) use cookies and similar tracking technologies on our website, licensing server, plugin interfaces, and digital services (collectively, the “Services”).
What This Policy Covers:
- Our marketing website at
https://dokanconditionalattribute.com - The plugin’s Authorization Manager interface within WordPress admin
- Update checker communications
- Any embedded content or third-party integrations
What This Policy Does NOT Cover:
- Your own WordPress installation (you are the data controller for your site)
- Customer/vendor data processed through WooCommerce/Dokan (your responsibility)
- Third-party plugins you install independently
Multi-Jurisdictional Operation: Visitors to our Services may be subject to the laws of the United Kingdom, the United States, the European Union and European Economic Area, Canada, Brazil, Australia, and other territories. This policy is designed to meet the strictest applicable standards while providing clear, territory-specific disclosures where legal requirements diverge.
By accessing or using our Services, you acknowledge that you have read and understood this Cookies Policy. If you do not agree with our use of cookies as described herein, you must adjust your browser settings or discontinue use of the Services.
2. What Are Cookies and Similar Technologies
Cookies are small text files that websites, applications, and online services place on your computer, mobile device, or other terminal equipment when you visit. They are widely used to make websites work efficiently, to improve user experience, and to provide information to website operators.
In addition to traditional browser cookies, we and our partners may use other similar technologies, including:
Table
| Technology | Description |
|---|---|
| Web Beacons (Pixels) | Tiny graphic images embedded in web pages or emails that allow us to monitor user activity |
| Local Storage / Session Storage | HTML5 mechanisms that allow websites to store data in your browser beyond traditional cookies |
| Device Fingerprinting | Techniques that collect device configuration (screen resolution, fonts, time zone) to create a unique identifier |
| Software Development Kits (SDKs) | Code libraries embedded in applications that perform tracking functions |
| URL Tracking Parameters | Identifiers appended to links that enable cross-site tracking without cookie storage |
For the purposes of this policy, the term “cookies” encompasses all of the above technologies unless otherwise specified.
3. Categories of Cookies We Use
We classify cookies into the following categories. The legal treatment of each category varies by jurisdiction, as detailed in Section 4.
3.1 Strictly Necessary Cookies
These cookies are essential for the operation of our Services. They enable core functionality such as user authentication, session management, security protocols, and load balancing. Without these cookies, services you have explicitly requested cannot be provided.
Examples in Our Services:
Table
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
dokan_license_admin | Server | Admin session authentication for license manager | Session |
PHPSESSID | Server | PHP session management | Session |
wordpress_logged_in_* | WordPress (your site) | WordPress admin authentication | Session |
dokan_conditional_attrs_* | Plugin | Authorization state storage (local options, not browser cookies) | Persistent |
Important Note: The Dokan Conditional Category Attributes plugin stores authorization state in the WordPress options table, not browser cookies. This includes the license token, status, expiry, and integrity fingerprint. These are server-side storage mechanisms and are not subject to browser cookie controls.
Legal Status: These cookies and server-side storage mechanisms are exempt from consent requirements across all jurisdictions, though they must still be disclosed.
3.2 Functional / Preference Cookies
These cookies enable enhanced functionality and personalization. They remember choices you make and provide customized features.
Examples:
Table
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
language_pref | Website | Remember language choice | 12 months |
admin_per_page | License Server | Remember admin table pagination preferences | Session |
admin_license_per_page | License Server | Remember licenses per page setting | Session |
admin_log_per_page | License Server | Remember logs per page setting | Session |
Legal Status: These cookies require consent under UK PECR, EU ePrivacy Directive, and similar frameworks. Under the UK’s Data (Use and Access) Act 2025, certain appearance/interface customization cookies may be exempt if used solely for that purpose and not combined with other tracking.
3.3 Performance / Analytics Cookies
These cookies collect information about how visitors use our Services. They help us understand which pages are most popular, how users navigate between pages, and how long they spend on each section.
Examples:
Table
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Traffic analysis and user behavior | 24 months |
_gid | Google Analytics | Session-based user identification | 24 hours |
_gat | Google Analytics | Request rate limiting | 1 minute |
matomo_* | Matomo (if used) | Privacy-focused analytics | 13 months |
Legal Status: Under the EU ePrivacy Directive and traditional UK PECR, these cookies require explicit opt-in consent. However, under the UK’s Data (Use and Access) Act 2025 (in force from 5 February 2026), statistical (analytics) cookies used solely by the website operator to collect statistical information are now exempt from consent requirements, provided they are not used simultaneously for advertising or other non-exempt purposes.
⚠️ Critical Caveat: If an analytics cookie also feeds into advertising targeting, it does not qualify for the DUAA exemption.
3.4 Targeting / Advertising Cookies
These cookies track browsing habits across websites to build a profile of your interests. They are used to deliver relevant advertisements, limit ad frequency, measure campaign effectiveness, and enable retargeting.
Examples:
Table
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
_fbp | Meta (Facebook) | Retargeting and conversion tracking | 90 days |
gads_conversion | Google Ads | Ad conversion measurement | 30 days |
affiliate_click | Affiliate Networks | Commission attribution | 30 days |
Legal Status: These cookies always require consent under UK and EU frameworks. In the United States, you generally have the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising under laws such as CCPA/CPRA.
3.5 Social Media and Embedded Content Cookies
These cookies are set by third-party social media platforms when you interact with embedded content on our Services.
Examples:
- YouTube embedded video cookies
- Twitter/X timeline widgets
- LinkedIn share buttons
Legal Status: These generally require consent under UK/EU frameworks. In the US, they are subject to general privacy notice requirements.
4. Jurisdiction-Specific Legal Frameworks
4.1 United Kingdom
Governing Laws: Privacy and Electronic Communications Regulations (PECR), UK GDPR, Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA).
Key Requirements:
Table
| Requirement | Detail |
|---|---|
| PECR Regulation 6 | Clear information + consent required before storing/accessing information on devices, unless exempt |
| Valid Consent Standard | Must be freely given, specific, informed, and unambiguous (UK GDPR Article 4(11)) |
| Equal Prominence | “Accept All” and “Reject All” must have equal visual prominence |
| Granularity | Consent by purpose/category separately required |
| Prior Blocking | Non-essential cookies must be blocked until consent is obtained |
| Withdrawal | Must be as easy to withdraw as to give consent |
New DUAA Exemptions (Effective 5 February 2026):
Table
| Exempt Category | Conditions |
|---|---|
| Statistical cookies | Solely for aggregate statistics; not used for advertising |
| Appearance cookies | Customize display (font size, color scheme, accessibility) |
| Emergency assistance cookies | Identify user location for emergency services |
| Security cookies | Fraud prevention and device security |
| Software update cookies | Maintain/update software |
Expanded Scope: The DUAA expands PECR to cover organizations that “instigate” the storage or access of information on your device, even if a third party technically sets the cookie. This catches tag managers, marketing platforms, and analytics services.
Penalties: The DUAA raised maximum PECR fines to UK GDPR levels: up to £17.5 million or 4% of global annual turnover, whichever is higher. Previously, the maximum was £500,000.
Complaints Procedure: From 19 June 2026, we must maintain a formal data protection complaints procedure.
How We Comply in the UK:
- Deploy cookie consent banner before any non-essential cookies are placed
- Provide granular category controls with equal Accept/Reject prominence
- Maintain persistent preference center for withdrawal
- Conduct regular cookie audits to ensure exempt cookies genuinely qualify
- Maintain timestamped consent records for audit purposes
- Ensure third-party scripts do not fire without consent
4.2 United States
Governing Laws: No comprehensive federal cookie law. Requirements derive from:
- California Consumer Privacy Act (CCPA) as amended by California Privacy Rights Act (CPRA)
- California Privacy Protection Agency (CPPA) regulations (updated 1 January 2026)
- State comprehensive privacy laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and 20+ other states
- Children’s Online Privacy Protection Act (COPPA) for users under 13
- Sector-specific laws (HIPAA for health data, GLBA for financial data)
Key Requirements:
Table
| Requirement | Detail |
|---|---|
| Opt-Out Model | Most cookies can be placed without prior consent, but clear notice and opt-out rights required |
| Sale and Sharing | Right to opt out of “sale” and “sharing” for cross-context behavioral advertising |
| Disclosure | Clear privacy notice describing categories collected, purposes, third parties |
| Sensitive Personal Information | Opt-in consent or limited use may be required for sensitive data |
Penalties (2026):
- CCPA administrative fines: $2,663 per unintentional violation and $7,988 per intentional violation
- Revenue threshold for CCPA applicability: $26,625,000 in annual gross revenue
New 2026 CPPA Regulations:
- Annual cybersecurity audits for certain businesses
- Risk assessments for high-risk processing
- Rules for Automated Decision-Making Technology (ADMT)
DELETE Act: California’s Data Broker Delete Request and Opt-out Platform is now live, allowing consumers to submit deletion requests to registered data brokers at once.
How We Comply in the US:
- Provide comprehensive privacy notices disclosing cookie practices
- Honor browser-based opt-out signals such as Global Privacy Control (GPC)
- Maintain “Do Not Sell or Share My Personal Information” link for California residents
- Do not knowingly collect personal information from children under 13
4.3 European Union and European Economic Area (EU/EEA)
Governing Laws: ePrivacy Directive (2002/58/EC, as amended), General Data Protection Regulation (GDPR 2016/679), and national implementing laws.
Key Requirements:
Table
| Requirement | Detail |
|---|---|
| Prior Consent | Article 5(3) ePrivacy Directive requires prior, informed consent before storing/accessing information on devices, unless strictly necessary |
| No Legitimate Interest | Cannot rely on GDPR Article 6 “legitimate interest” for non-essential cookies |
| Planet49 Standard | Pre-ticked checkboxes invalid; consent must be active and specific; must inform of duration and third-party access |
| EDPB Guidelines 2/2023 | Scope expanded beyond cookies to tracking pixels, URL tracking, IP-only tracking, device fingerprinting |
| Equal Prominence | “Reject” must be as easy as “Accept” (CNIL fines: Google €325M, Shein €150M in 2025) |
| Cookie Walls | Access cannot be conditional on consent to non-essential cookies |
| Consent Records | Must maintain auditable records of freely given, specific, informed, unambiguous consent |
| Re-Prompting | Recommended after 6-12 months or when purposes change significantly |
Penalties: Up to €20 million or 4% of global annual turnover under GDPR. National ePrivacy implementations carry separate penalty frameworks.
Country-Specific Nuances:
Table
| Country | Specific Requirement |
|---|---|
| Germany | Section 25 TTDSG — cookie walls generally not permitted unless closable in single step |
| France | CNIL distinguishes first-party vs. third-party analytics; granular consent by purpose strictly required |
| Belgium | BDPA requires Accept/Reject on same banner layer; essential cookies limited to 6 months |
| Italy | Garante: closing banner with “X” defaults to no consent; re-prompting after ~6 months acceptable |
| Netherlands | Dutch DPA warned 200+ websites; significant fines for pre-ticked consent boxes |
How We Comply in the EU/EEA:
- Implement consent management platform (CMP) blocking all non-essential cookies before consent
- Provide granular, category-level consent choices with equal prominence
- Record consent metadata (timestamp, categories accepted, banner version, user signal)
- Respect browser-based consent signals where technically feasible
4.4 Canada
Governing Law: Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial laws (Alberta’s PIPA, BC’s PIPA, Quebec’s Law 25).
Key Requirements:
- PIPEDA requires knowledge and consent for collection, use, and disclosure of personal information
- Quebec’s Law 25 requires explicit consent for cookies collecting personal information
- Right to withdraw consent, subject to legal or contractual restrictions
How We Comply in Canada: Provide clear notice of cookie practices and obtain consent where required by applicable provincial laws.
4.5 Brazil
Governing Law: Lei Geral de Proteção de Dados (LGPD).
Key Requirements:
- Transparent information about data processing and legal basis required
- ANPD indicates cookies collecting personal data require legal basis (consent or legitimate interest)
- Consent must be free, informed, and unambiguous
How We Comply in Brazil: Provide clear disclosures and obtain consent for non-essential cookies that process personal data.
4.6 Australia
Governing Law: Privacy Act 1988 (as amended by Privacy Legislation Amendment Act 2024) and Australian Privacy Principles (APPs).
Key Requirements:
- Notification of collection of personal information required
- 2024 amendments introduced enhanced notice requirements and strengthened OAIC enforcement
- No specific cookie consent requirement, but transparency and fair handling required
How We Comply in Australia: Disclose cookie practices in privacy policy; ensure personal information collected via cookies handled per APPs.
4.7 Singapore, South Africa, and Other Jurisdictions
Table
| Jurisdiction | Law | Approach |
|---|---|---|
| Singapore | PDPA | Consent required with exceptions for deemed consent |
| South Africa | POPIA | Informed consent required, subject to justification |
| Other Territories | — | EU/EEA framework applied as baseline |
5. How We Obtain and Manage Consent
5.1 Consent Mechanism
When you first visit our Services, we present a cookie banner or consent dialog. The specific mechanism depends on your detected or selected jurisdiction:
UK and EU/EEA Visitors:
- Opt-in banner blocking all non-essential cookies until active consent
- Accept All / Reject All / Customize options with equal visual prominence
- No pre-ticked boxes, implied consent, or cookie walls
- Granular category-level controls
US Visitors:
- Notice banner informing of cookie use and rights under applicable state laws
- Link to privacy settings for opt-out of sale/sharing
- “Do Not Sell or Share My Personal Information” link for California residents
Other Visitors:
- Default to UK/EU opt-in standard unless local law permits less stringent approach
5.2 Consent Recordkeeping
We maintain timestamped records of consent events, including:
Table
| Record Field | Description |
|---|---|
| Date and time of consent or preference update | ISO 8601 timestamp |
| Cookie categories accepted or rejected | strictly_necessary, functional, analytics, advertising, social |
| Banner version and policy version in effect | Semantic versioning |
| User signal | “Accept All”, “Reject All”, “Customized” |
| Geographic region detected | IP-based geolocation (where technically feasible) |
These records are maintained for accountability and to demonstrate compliance in the event of a regulatory inquiry.
5.3 Withdrawing Consent
You may withdraw or modify your cookie consent at any time by:
- Clicking the “Cookie Settings” or “Privacy Settings” link in the footer of our website
- Using the floating preference icon (where available)
- Adjusting your browser settings as described in Section 7
If you withdraw consent, we will:
- Stop placing the relevant non-essential cookies
- Delete or anonymize data collected under that consent where legally permissible
- Allow strictly necessary cookies to continue operating
6. Third-Party Cookies and Partners
We allow select third parties to place cookies on your device through our Services. These third parties have their own privacy and cookie policies.
Categories of Third Parties
Table
| Category | Examples | Purpose |
|---|---|---|
| Analytics Providers | Google Analytics, Matomo, Adobe Analytics | Traffic analysis, behavior tracking |
| Advertising Networks | Google Ads, Meta, Programmatic platforms | Ad targeting, retargeting, conversion tracking |
| Social Media Platforms | Twitter/X, LinkedIn, TikTok, Instagram, YouTube | Social sharing, embedded content |
| Functional Services | Live chat, customer support, video hosting | Enhanced functionality |
| Affiliate Partners | Commission Junction, ShareASale, Impact | Conversion tracking for commissions |
DUAA “Instigation” Liability
Under UK PECR (as expanded by the Data (Use and Access) Act 2025), we are responsible for cookies that we “instigate” third parties to set on our behalf, even if we do not directly control the technical placement. This includes tag managers, marketing platforms, and analytics services.
Safeguards Implemented:
- Contractual obligations requiring third-party partners to respect consent choices
- Technical blocking of third-party scripts until consent is obtained
- Regular audits of third-party cookie deployment
7. How to Manage, Delete, and Block Cookies
7.1 Browser Controls
Most web browsers allow you to manage cookies through their settings. You can typically:
- View cookies stored on your device
- Delete individual cookies or all cookies
- Block all cookies from being placed
- Block third-party cookies specifically
- Set alerts to notify you when a cookie is being placed
⚠️ Important: If you block all cookies, including strictly necessary cookies, our Services may not function correctly. You may be unable to log in, access the license manager, or use personalized features.
7.2 Industry Opt-Out Tools
Table
| Tool | URL | Coverage |
|---|---|---|
| Digital Advertising Alliance (DAA) | www.aboutads.info/choices | US |
| Network Advertising Initiative (NAI) | www.networkadvertising.org/choices | US |
| European Interactive Digital Advertising Alliance (EDAA) | www.youronlinechoices.eu | EU |
| Global Privacy Control (GPC) | Browser signal | US state laws |
7.3 Mobile Device Controls
Table
| Platform | Path |
|---|---|
| iOS | Settings > Privacy & Security > Tracking |
| Android | Settings > Privacy > Ads |
7.4 Email Tracking
If you receive marketing emails from us, they may contain tracking pixels that tell us when you open the email or click a link. You can:
- Disable image loading in your email client
- Unsubscribe using the link provided in each email
8. Data Retention Periods
We and our third-party partners retain cookie data only as long as necessary to fulfill the purposes described in this policy.
Table
| Cookie Category | Typical Retention | Notes |
|---|---|---|
| Strictly Necessary | Session to 12 months | Security and authentication cookies |
| Functional | Up to 12 months | Until browser data cleared |
| Analytics | Up to 24 months | Aggregated or deleted after period |
| Advertising | Up to 13 months | In line with EU ePrivacy recommendations |
| Server Logs | 90 days | IP addresses, user agents for security |
| License Audit Logs | 24 months | Activation/deactivation records |
Specific retention periods are detailed in our Cookie Table, available through our Cookie Settings panel.
9. Plugin-Specific Data Handling
9.1 What the Plugin Does NOT Do
The Dokan Conditional Category Attributes plugin is designed with privacy by design principles:
Table
| Data Type | Collected? | Notes |
|---|---|---|
| Customer personal data | No | No customer/vendor data collected |
| Payment information | No | No payment processing |
| Browsing history | No | No tracking of user behavior |
| Analytics data | No | No built-in analytics |
| Cookies (browser) | No | No frontend cookies set |
| Geolocation data | No | No location tracking |
9.2 What the Plugin DOES Do
Table
| Action | Data Involved | Purpose |
|---|---|---|
| License validation | License key, domain, site URL | Authorization verification |
| Update checking | Current version, domain | Version compatibility |
| Authorization sync | Token, status, expiry | State synchronization |
| Admin dashboard | None (server-rendered) | Management interface |
All communication:
- Uses HTTPS with certificate validation
- Includes API secret authentication
- Implements zero-cache headers
- Has 15-30 second timeouts
- Gracefully degrades on server unreachability
9.3 Server-Side Storage (Not Browser Cookies)
The plugin stores the following in your WordPress database (options table), not in browser cookies:
Table
| Option Name | Data | Purpose |
|---|---|---|
dokan_conditional_attrs_auth_token | License key | Authorization identification |
dokan_conditional_attrs_auth_status | active/inactive/expired/suspended | Current state |
dokan_conditional_attrs_auth_type | single/multi/business | License tier |
dokan_conditional_attrs_auth_expiry | Expiry date | License validity |
dokan_conditional_attrs_auth_fingerprint | MD5 checksum | Anti-tamper verification |
dokan_conditional_attrs_last_sync | Timestamp | Sync tracking |
Important: These are server-side WordPress options, not browser cookies. They are not accessible to JavaScript on the frontend and are not transmitted to third parties.
10. Changes to This Cookies Policy
We may update this Cookies Policy from time to time to reflect changes in:
- Technology (new tracking methods)
- Legal requirements (new laws or regulatory guidance)
- Business practices (new services or partnerships)
When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy
- Notify you through a banner or email where required by law
- Provide a summary of key changes in our preference center
We encourage you to review this policy periodically. Your continued use of the Services after changes are posted constitutes your acknowledgment of the modified policy.
11. Contact Information
If you have questions, concerns, or complaints about this Cookies Policy or our cookie practices, please contact us:
Data Protection / Privacy Officer
OpequeGlass
Email: help@opequeglass.com
Website: https://dokanconditionalattribute.com/contact/
OpequeGlass
Email: help@opequeglass.com
Website: https://dokanconditionalattribute.com/contact/
Jurisdiction-Specific Complaints
Table
| Jurisdiction | Authority | URL |
|---|---|---|
| UK | Information Commissioner’s Office (ICO) | www.ico.org.uk |
| EU/EEA | Local Data Protection Authority | List via European Data Protection Board |
| US (California) | California Privacy Protection Agency (CPPA) | cppa.ca.gov |
| Canada | Office of the Privacy Commissioner (OPC) | priv.gc.ca |
| Brazil | National Data Protection Authority (ANPD) | gov.br/anpd |
| Australia | Office of the Australian Information Commissioner (OAIC) | oaic.gov.au |
12. Cookie Table
Table
| Cookie Name | Provider | Category | Purpose | Retention | Jurisdictional Notes |
|---|---|---|---|---|---|
session_id | First-Party | Strictly Necessary | Admin session maintenance | Session | Exempt globally |
PHPSESSID | First-Party | Strictly Necessary | PHP session management | Session | Exempt globally |
wordpress_logged_in_* | WordPress | Strictly Necessary | WordPress authentication | Session | Exempt globally |
language_pref | First-Party | Functional | Remember language choice | 12 months | Requires consent UK/EU; notice US |
admin_per_page | First-Party | Functional | Admin pagination preference | Session | Requires consent UK/EU |
_ga | Analytics | Traffic analysis | 24 months | Exempt under UK DUAA (sole purpose); requires consent EU | |
_gid | Analytics | Session identification | 24 hours | Exempt under UK DUAA (sole purpose); requires consent EU | |
_fbp | Meta | Advertising | Facebook Pixel retargeting | 90 days | Requires opt-in UK/EU; opt-out US |
gads_conversion | Advertising | Conversion tracking | 30 days | Requires opt-in UK/EU; opt-out US | |
affiliate_click | Third-Party | Advertising | Affiliate attribution | 30 days | Requires consent UK/EU (DUAA instigation rule) |
This Cookies Policy reflects the current implementation as of License Server v3.5.0 and Plugin v3.0.1. For the latest terms, always refer to your purchase agreement and the live documentation at https://dokanconditionalattribute.com/documentation/
