Cookie Policy

Cookie Policy

Last Updated: 21 February 2026
Effective Date: 21 February 2026

This Cookie Policy explains how Massive Dynamic Limited ("we", "our", "us") uses cookies and similar technologies on our websites: mdhk.ltd, track.mdhk.ltd, and app.mdhk.ltd.

1. What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They enable the website to remember your actions and preferences over time, so you don't have to keep re-entering them.

Cookie Types by Duration

Session Cookies:

• Temporary cookies deleted when you close your browser
• Used for maintaining your logged-in state during a browsing session
• Do not collect information from your computer

Persistent Cookies:

• Remain on your device for a set period or until manually deleted
• Remember your preferences across multiple visits
• Duration: Typically 30 days (configurable in account settings)

Cookie Types by Purpose

First-Party Cookies:

• Set directly by our websites
• Only we can read and use the information stored in these cookies

Third-Party Cookies:

• Set by external services we use (authentication, payment processing)
• Subject to the privacy policies of those third parties

2. What Cookies We Use

Essential Cookies (Strictly Necessary)

We use ONLY essential cookies that are strictly necessary for our websites to function. These cookies cannot be disabled as they are critical for core functionality.

Authentication Cookies (Clerk)

• Purpose: Manage your login sessions and account security
• Set By: Clerk (our authentication provider)
• Duration: 30 days (or until logout)
• Contains: Session token, user identifier (hashed), authentication state
• Security Features:
  • httpOnly flag: Prevents JavaScript access (XSS protection)
  • Secure flag: Transmitted only over HTTPS
  • SameSite attribute: Prevents cross-site request forgery (CSRF)

Session Management Cookies

• Purpose: Maintain your logged-in state and shopping cart contents
• Duration: Deleted when browser closes (session cookies)
• Contains: Temporary session ID, cart items, form data
• Security: Encrypted, no personally identifiable information stored

Security & CSRF Protection Cookies

• Purpose: Protect against unauthorized access and cross-site attacks
• Duration: Single session or 24 hours
• Contains: CSRF tokens, security validation codes
• Security: Cryptographically signed, validated on every request

3. What Cookies We Do NOT Use

We are committed to minimal data collection. We explicitly DO NOT use:

Analytics & Tracking Cookies

• ✗ Google Analytics or similar analytics platforms
• ✗ Heatmaps or session recording tools
• ✗ User behavior tracking beyond essential server logs
• ✗ Conversion tracking or advertising pixels

Note: We collect only essential server logs (IP address, page visited, timestamp) for security and technical troubleshooting purposes.

Advertising Cookies

• ✗ Advertising network cookies
• ✗ Retargeting or remarketing cookies
• ✗ Third-party ad cookies
• ✗ Affiliate tracking cookies

Social Media Cookies

• ✗ Facebook Pixel or similar social tracking
• ✗ Social media "Like" or "Share" button tracking
• ✗ Social login tracking (beyond Clerk authentication)

Marketing & Personalization Cookies

• ✗ Marketing automation cookies
• ✗ A/B testing cookies
• ✗ Personalization or recommendation engine cookies
• ✗ Email campaign tracking cookies

4. Legal Basis for Cookie Use

GDPR Compliance (EU Users)

Our use of essential cookies is lawful under GDPR Article 6(1)(b) and Article 6(1)(f):

Contract Performance (Article 6(1)(b)): Essential cookies are strictly necessary to perform our contract with you (providing account access and service delivery).

Legitimate Interests (Article 6(1)(f)): Security cookies protect our legitimate interests in:

• Preventing fraud and unauthorized access
• Ensuring website security and integrity
• Detecting and preventing abuse

ePrivacy Directive

Under the EU ePrivacy Directive and PECR (UK):

• Essential cookies for service provision do not require consent
• We do not use non-essential cookies that would require consent banners

Result: We do not display cookie consent banners because we use only strictly necessary cookies.

5. Third-Party Cookies

While we minimize third-party cookies, some are essential for service delivery:

Clerk (Authentication Provider)

Cookies Set:

• __session - Session authentication token
• __clerk_db_jwt - Database session token
• Other authentication-related cookies

Purpose: Secure account management, login sessions, multi-factor authentication

Privacy Policy: https://clerk.com/privacy

Security: SOC 2 Type II certified, GDPR compliant, encryption at rest and in transit

Stripe & Airwallex (Payment Processors)

Cookies Set:

• Fraud detection and prevention cookies
• Payment session cookies

Purpose: Secure payment processing, fraud prevention

Privacy Policies:

• Stripe: https://stripe.com/privacy
• Airwallex: https://www.airwallex.com/privacy-policy

Security: PCI DSS Level 1 compliant

Important: Payment card data is never stored in cookies. Card details are handled entirely on processor infrastructure.

6. Managing Cookies

Browser Settings

You can control cookies through your browser settings:

Block All Cookies: Most browsers allow you to block all cookies. However, this will prevent you from using our services as essential cookies are required for:

• Login and account access
• Shopping cart functionality
• Security and CSRF protection
• Form submission and data persistence

Delete Cookies: You can delete existing cookies through your browser settings. Note:

• You will be logged out of your account
• Your preferences and cart contents will be lost
• You will need to log in again on your next visit

Browser-Specific Instructions:

• Chrome: Settings > Privacy and Security > Cookies and other site data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Edge: Settings > Cookies and site permissions > Cookies and site data

Do Not Track (DNT)

Our websites respect Do Not Track (DNT) signals. Since we do not use tracking cookies, enabling DNT has no additional effect on our cookie usage.

7. Cookie Duration & Expiry

Session Cookies

• Expiry: When you close your browser
• Purpose: Shopping cart, form data, temporary session state
• Auto-Deletion: No manual action required

Authentication Cookies

• Default Duration: 30 days from login
• Configurable: You can set "Remember Me" preferences in account settings
• Options:
  • Session Only: Cookies deleted when browser closes
  • 7 Days: Short-term persistence
  • 30 Days: Default (balance between convenience and security)
  • 90 Days: Extended persistence (less secure, not recommended)

Security Cookies

• Duration: 24 hours or single request
• Purpose: CSRF protection, security validation
• Auto-Renewal: Generated fresh for each protected action

8. Data Stored in Cookies

What IS Stored

• Session Identifiers: Random tokens linking your browser to your server session
• Authentication Tokens: Encrypted credentials for maintaining logged-in state
• CSRF Tokens: Security validation codes
• Preferences: Language, timezone, display settings (if set)

What is NOT Stored

• ✗ Passwords or credentials (plain text or otherwise)
• ✗ Payment card numbers or CVV codes
• ✗ Passport numbers or identity documents
• ✗ Social security numbers or tax IDs
• ✗ Biometric data
• ✗ Browsing history across other websites
• ✗ Personal conversations or messages

Encryption: All sensitive data in cookies is encrypted using industry-standard algorithms.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect data from children through cookies or any other means.

If a parent or guardian becomes aware that a child has provided us with information, please contact us immediately at [email protected], and we will delete such information.

10. International Data Transfers

Cookies may facilitate data transfers to:

Hong Kong: Our primary servers and business operations

United States: Third-party service providers (Clerk, Stripe)

• Safeguards: EU-US Data Privacy Framework certification, Standard Contractual Clauses (SCCs)

European Union: For EU client service delivery

Security: All transfers protected by encryption (TLS 1.3) and GDPR Article 46 safeguards.

11. Changes to Cookie Policy

We may update this Cookie Policy to reflect:

• Changes in cookie usage or technologies
• New legal or regulatory requirements
• Improvements to privacy or security
• Feedback from users

Notification:

• Updated version and date displayed at top of this page
• Material changes communicated via email to account holders
• Continued use constitutes acceptance of updated policy

Version History: Current: 07 October 2025

12. Contact & Questions

For questions about our cookie usage:

Email: [email protected]
Subject: "Cookie Policy Inquiry"
Phone: +852 9290 0201
Mail: Unit 1603, 16/F, The L. Plaza, 367-375 Queen's Road Central, Sheung Wan, Hong Kong

Data Protection Officer: [email protected]

13. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights regarding cookies:

Right to Information: This Cookie Policy and our Privacy Policy provide comprehensive information about cookie usage.

Right to Object: You can object to cookie usage by blocking cookies in your browser. However, this will prevent website functionality.

Right to Deletion: You can delete cookies anytime through your browser settings.

Right to Lodge a Complaint: If you have concerns, you may lodge a complaint with your national data protection authority.

Minimal, Essential, Secure

We use only the cookies absolutely necessary for website functionality and security. No tracking, no advertising, no unnecessary data collection.

Last Updated: 21 February 2026
Governing Law: Hong Kong SAR
Compliance: GDPR, ePrivacy Directive, Hong Kong PDPO
Related Policies: Privacy Policy, Terms of Service
© 2025-2026 Massive Dynamic Limited. All rights reserved.