Cookie Policy
Cookie Policy
Last updated: May 19, 2026
This Cookie Policy explains how Hexcraft Oy (Business ID: 3569616-7), located at Satelliitinkatu 1, 37140 Nokia, Finland ("Hexcraft", "we", "our", or "us"), uses cookies and similar technologies on hexedcosmetics.com and crossing.hexedcosmetics.com (collectively, the "Services").
This Cookie Policy should be read together with our Privacy Policy, which provides additional information about how we collect and use personal data.
What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Similar technologies — such as pixels, web beacons, local storage, and software development kits (SDKs) — perform comparable functions. In this Cookie Policy, "cookies" refers to all such technologies unless stated otherwise.
Cookies can be:
- First-party cookies — set directly by the website you are visiting
- Third-party cookies — set by external services we have integrated into the Services
- Session cookies — temporary, deleted when you close your browser
- Persistent cookies — remain on your device for a set period or until you delete them
How We Categorise Cookies
We categorise the cookies we use into four groups, in line with European Data Protection Board (EDPB) guidelines and the Finnish supervisory authority's recommendations:
1. Strictly Necessary Cookies
These cookies are essential for the Services to function. They cannot be switched off and are not based on consent — without them, basic features such as adding items to your cart, logging in, completing the HEXED Crossing, or protecting against bot abuse would not work.
| Cookie / Technology | Purpose | Set By | Duration |
|---|---|---|---|
_shopify_* (e.g. _shopify_y, _shopify_s) |
Maintain your shopping session and store preferences | Shopify Inc. | Session to 1 year |
cart, cart_sig, cart_ts
|
Track items in your shopping cart | Shopify Inc. | 2 weeks |
secure_customer_sig |
Authenticate logged-in customers | Shopify Inc. | 20 years |
localization |
Remember your region and language preference | Shopify Inc. | 1 year |
consentmo_* |
Remember your cookie consent choices | Consentmo OÜ | 1 year |
cf_turnstile_* |
Bot protection at email submission points on the HEXED Crossing | Cloudflare Inc. | Session (single-use) |
2. Functional Cookies
These cookies enable enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have integrated. Enabling these cookies provides a better experience but is not strictly required.
| Cookie / Technology | Purpose | Set By | Duration |
|---|---|---|---|
hexed.crossingResult (sessionStorage) |
Temporarily store your tribe assignment and Ferryman sentence between the Crossing and Reveal experiences | First-party (Hexcraft) | Browser session |
hexed.ferrymanSentence (sessionStorage) |
Persist your personal Ferryman sentence for display on subsequent pages of the HEXED Crossing | First-party (Hexcraft) | Browser session |
hexed.crossedAt (sessionStorage) |
Persist your crossing date for display on your Marked card | First-party (Hexcraft) | Browser session |
3. Analytics and Performance Cookies
These cookies help us understand how visitors interact with our Services so we can improve them. They collect aggregated, anonymised information about page visits, navigation patterns, conversion events, and any errors encountered.
| Cookie / Technology | Purpose | Set By | Duration |
|---|---|---|---|
Shopify Analytics (_shopify_y, _shopify_s, _landing_page, _orig_referrer) |
Aggregated visitor statistics, page views, sales attribution | Shopify Inc. | Up to 2 years |
Google Analytics 4 (_ga, _ga_*) |
Aggregated traffic analytics, user journeys, conversion tracking | Google LLC | Up to 2 years |
Tracklution attribution (_tlc_* and equivalent first-party identifiers) |
First-party server-side conversion tracking and marketing attribution | Tracklution Oy (first-party) | Up to 13 months |
4. Marketing and Advertising Cookies
These cookies are used to deliver personalised marketing, measure the effectiveness of campaigns, and to provide content relevant to your interests. They are set by us or by advertising partners.
| Cookie / Technology | Purpose | Set By | Duration |
|---|---|---|---|
Meta Pixel (_fbp, _fbc) |
Audience targeting and conversion measurement for advertising on Facebook and Instagram | Meta Platforms, Inc. | Up to 90 days |
Google Ads (_gcl_au, _gcl_aw, conversion linker) |
Conversion tracking and audience targeting for advertising on Google Ads | Google LLC | Up to 90 days |
Klaviyo (__kla_id, __kla_*) |
Email marketing engagement (opens, clicks), site behaviour for personalised newsletters | Klaviyo Inc. | Up to 2 years |
We use Marketing and Analytics cookies only with your explicit consent given through our cookie banner. In addition to client-side pixels, we use server-side event tracking (via Tracklution Oy) to send aggregated, hashed, and anonymised event data to Meta, Google Ads, and Google Analytics 4 for measurement purposes. Server-side processing is also subject to your consent choices.
How We Obtain Your Consent
When you first visit our Services, you are shown a cookie banner (managed by our consent provider, Consentmo) which lets you choose which categories of cookies you allow. You can:
- Accept all cookies — enables all categories above
- Reject non-essential cookies — only Strictly Necessary cookies are used
- Customise your preferences — choose specific categories to enable or disable
Strictly Necessary cookies do not require consent and are always active.
You can change your cookie preferences at any time by clicking the cookie preferences link in our website footer, or by clearing the cookies in your browser and re-visiting the site.
How to Manage or Disable Cookies
In addition to our cookie banner, you can also manage cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
Please note that disabling Strictly Necessary cookies will prevent core functionality such as shopping cart, login, and the HEXED Crossing experience from working correctly.
You can also opt out of certain third-party advertising cookies via industry tools:
- Your Online Choices (EU)
- Network Advertising Initiative (NAI)
- Digital Advertising Alliance (DAA)
- Google Ads opt-out: Ad Settings
- Meta ad preferences: available within your Facebook/Instagram account settings
Third-Party Services and International Transfers
Several of the providers listed above are based outside of the European Economic Area (EEA), including in the United States. Where this is the case, the relevant transfer is protected by the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.
For more details about international transfers and the safeguards in place, see the International Transfers section of our Privacy Policy.
Your Rights
You have a number of rights in relation to personal data collected through cookies, including the right to access, correct, or delete your data, and to object to certain processing activities. To exercise your rights, please use our Privacy Requests portal or contact us at customerservice@hexcraft.fi.
For complaints, you may also contact the Finnish supervisory authority, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), at tietosuoja.fi.
Changes to This Cookie Policy
We may update this Cookie Policy from time to time, including to reflect changes in the cookies we use or for other operational, legal, or regulatory reasons. We will post the updated Cookie Policy on this website and update the "Last updated" date. Material changes will be notified to you in accordance with applicable law.
Contact
For any questions about this Cookie Policy or our use of cookies, please contact:
Hexcraft Oy (Business ID: 3569616-7)
Satelliitinkatu 1, 37140 Nokia, Finland
Email: customerservice@hexcraft.fi
Phone: +358 45 861 9591
© 2026 Hexcraft Oy. All rights reserved. HEXED is a brand of Hexcraft Oy.