Cookies & analytics

2.1 Overview

A cookie is a small text file that a website places on your device. Similar technologies - such as localStorage, sessionStorage, pixels, and fingerprinting techniques - perform comparable functions. Throughout this Section, “cookie” means cookies and any such similar technologies.

We deliberately keep our cookie footprint to the minimum necessary to operate the Site and to keep the donation flow secure. We do not run advertising, behavioural targeting, retargeting, or third-party social-media trackers on the Site.

2.2 Categories of cookies

(a) Strictly necessary cookies

These cookies are essential for the Site to function. You cannot opt out of strictly necessary cookies without breaking the Site. They do not require your consent under the EU ePrivacy Directive (2002/58/EC) or Regulation 26 of the Nigeria Data Protection Regulation Implementation Framework 2020.

• Session token: issued where you initiate a donation, used to maintain your session through the payment flow.
• CSRF token: used to protect form submissions against cross-site request forgery.
• Rate-limit cookie / IP fingerprint: used to prevent automated abuse of the donation API.

(b) Functional cookies

These cookies remember preferences such as your selected currency, language, and accessibility options. They are set only when you exercise the relevant feature.

(c) Analytics cookies

We use a privacy-friendly analytics setup that does not:

• Track you across other websites;
• Use your IP address to identify you (IPs are truncated at the edge);
• Set persistent identifiers that would qualify as “personal data” under the GDPR or NDPA;
• Share data with advertising networks.

Where we use a hosted analytics provider (currently Vercel Analytics for Web Vitals and Plausible Analytics for visitor counts), the providers act as our processors under Article 28 GDPR / NDPA s. 28. Their processing is governed by data-processing addenda that mirror the obligations imposed on us in this Policy.

2.3 Consent and how to withdraw it

We rely on the “strictly necessary” exemption for the cookies in Section 2.2(a). For Section 2.2(b) and (c), we use either your express consent or our legitimate interests, whichever your jurisdiction requires.

You can manage cookies through:

• The cookie preference centre- accessible at any time via the “Cookie preferences” link in the footer (rolling out as part of v1.1 of the Site);
• Your browser settings - every modern browser permits you to delete and block cookies for any individual website;
• Your device settings - iOS and Android both expose system-level tracking controls.

Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

2.4 Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC)signal as a valid opt-out of the sale or sharing of personal data under the CCPA / CPRA. Browsers vary in their support for the legacy “Do Not Track” signal, and there is no agreed industry standard for it; we make no representations about how third parties interpret DNT.

2.5 Cookies and children

We do not knowingly serve cookies to users known to be under the age of eighteen (18). If a parent or guardian becomes aware of cookies set on a minor's device, contact contact@peterobi.support and we will erase the associated identifiers.

2.6 Changes to this Section

We will update this Section to reflect any material changes to the cookies we set. Material changes will be flagged on the Site at least fourteen (14) days before they take effect, except where shorter notice is required by law.

For the wider data we collect, see Section 1 - What we collect.