Legal & compliance
Last updated 26 June 2026
Last updated: 26 June 2026
This Cookie Policy explains how Waypoint Aviation Software Ltd ("Waypoint", "we", "us") uses cookies and similar technologies on the Waypoint TMS websites and web applications (the "Service"). It should be read alongside our Privacy Policy.
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, or work more efficiently, and to provide information to the site's operators. Similar technologies include local storage and session storage, which store data in your browser rather than as a traditional cookie.
Waypoint TMS is a private, account-based application — not an ad-supported website. We use strictly necessary cookies only. We do not use advertising cookies, third-party tracking cookies, cross-site profiling, or analytics cookies that identify you personally. Because we set no non-essential cookies, no cookie-consent banner is required under the Privacy and Electronic Communications Regulations (PECR); strictly necessary cookies are exempt from the consent requirement.
| Cookie | Purpose | Type | Expiry |
|---|---|---|---|
| Session cookie | Keeps you signed in to the portal and staff console after you authenticate. It is signed, HTTP-only and (in production) Secure, so it cannot be read by JavaScript. | Strictly necessary | Expires at the end of your session or when it times out |
| Security / anti-abuse | Supports rate-limiting and abuse detection on authentication endpoints. | Strictly necessary | Short-lived |
We also use your browser's local storage on the web client to remember interface preferences (for example light/dark mode). This data stays on your device and is never transmitted to us for tracking.
The native iOS and Android apps do not use web cookies. Your session is stored securely on the device using the platform secure store (iOS Keychain / Android Keystore) and is used solely to keep you signed in.
We do not embed third-party advertising or social-media tracking on the Service. Subprocessors that help us deliver the Service (see our Subprocessors list) may set their own strictly necessary cookies when their infrastructure serves a request, but none are used to profile you for advertising.
Because we only use strictly necessary cookies, blocking them will prevent you from signing in and using the Service. You can control or delete cookies through your browser settings — see https://www.aboutcookies.org for guidance. Blocking essential cookies will break authentication.
We will update this policy if our use of cookies changes. If we ever introduce non-essential cookies, we will ask for your consent first.