YPI.AE Cookie Policy
Effective Date: 22/05/2026
1. Introduction
This Cookie Policy explains how YPI LLC, a company incorporated in Sharjah Media City Free Zone, United Arab Emirates, trading as YPI.AE (“YPI.AE”, “we”, “us”, “our”), Trade Licence No. 2428370.01, uses cookies, pixels, SDKs, local storage, device identifiers and similar technologies when you access or use www.ypi.ae, our mobile applications and related services (together, the “Platform”).
This Cookie Policy should be read together with our Terms of Use and Privacy Policy. It explains what cookies are, why we use them, which categories we use, how long they may last, how third parties may use them and how you can manage your choices.
2. What are cookies and similar technologies?
Cookies are small text files placed on your browser or device when you visit a website. Similar technologies include pixels, web beacons, SDKs, local storage, tags and device identifiers. In this Cookie Policy, we refer to all of these collectively as “cookies”.
Cookies can be session cookies, which expire when you close your browser, or persistent cookies, which stay on your device until they expire or you delete them.
3. Who places cookies?
Cookies may be placed by YPI.AE as first-party cookies or by third-party providers such as analytics providers, advertising networks, social media platforms, payment providers, security providers, map providers, embedded content providers, CRM tools and app technology providers.
Third-party providers may collect information across different websites and services and may process such information under their own privacy and cookie policies. The exact third parties used by YPI.AE may change as the Platform develops.
4. Categories of cookies we use
| Category | Purpose | Control |
|---|---|---|
| Strictly necessary cookies | Required to operate the Platform, keep users logged in, remember privacy choices, route traffic, protect accounts, prevent fraud, enable forms, security, payment/session functions and core service delivery. | Cannot be switched off through our cookie preference centre because the Platform cannot function properly without them. |
| Functional cookies | Remember choices such as language, region, saved searches, filters, favourites, map preferences, login status and other settings. | May be controlled through the preference centre where available and browser/device settings. |
| Performance and analytics cookies | Help us understand usage, pages viewed, errors, search performance, feature usage, campaign performance and product quality. | Used with consent where required. |
| Advertising and marketing cookies | Support personalised ads, retargeting, campaign measurement, frequency capping, conversion tracking and audience building. | Used with consent where required. You may withdraw consent at any time. |
| Social media and embedded content cookies | Enable embedded content, social sharing, social login, videos, maps, property media, widgets or external tools. | Third-party providers may set cookies subject to their own policies. Used with consent where required. |
| Security, fraud and abuse-prevention cookies | Protect accounts, identify suspicious sessions, prevent scraping, spam, fake listings, automated abuse, payment fraud and cyber threats. | Usually treated as necessary where essential to security and fraud prevention. |
| Payments and transaction cookies | Support checkout, payment sessions, fraud checks, refunds, chargebacks and transaction security when paid services are purchased. | Strictly necessary or compliance-related where needed to process payments securely. |
| Mobile app SDKs and device identifiers | Support app analytics, push notifications, crash reporting, attribution and security in mobile applications. | Can often be controlled through app permissions, device settings or in-app choices. |
5. Cookie, pixel, SDK and vendor table
The table below is intentionally broad and designed to cover current and reasonably foreseeable YPI.AE integrations. The live cookie banner or preference centre should identify the vendors that are actually active on the Platform. If a listed provider is not used, it should not be enabled in the live preference centre.
Cookie names, purposes and retention periods may change when providers update their technologies. YPI.AE should periodically review the live cookies and update this table or the online preference centre accordingly.
| Cookie / technology | Provider | Category | Purpose | Retention |
|---|---|---|---|---|
| ypi_session / session identifier | YPI.AE | Strictly necessary | Login, account session, dashboard access and core website operation. | Session |
| csrf_token / XSRF token | YPI.AE | Strictly necessary | Form protection, login security and protection against cross-site request forgery. | Session or as configured |
| auth / remember login cookies | YPI.AE | Strictly necessary / Functional | Authentication, account continuity and user convenience where enabled. | Session to 12 months |
| cookie_consent / preference identifier | YPI.AE | Strictly necessary | Stores cookie choices and consent preferences. | Up to 12 months or as configured |
| security / anti-fraud identifiers | YPI.AE or security provider | Security | Fraud prevention, bot detection, rate limiting, scraping prevention and account protection. | As required for security |
| _cf_bm / cf_clearance / similar | Cloudflare or equivalent CDN/security provider | Security | Bot management, DDoS protection, traffic routing and secure access. | Approx. 30 minutes to 12 months, depending on provider |
| _GRECAPTCHA / rc::a / rc::b / rc::c | Google reCAPTCHA or equivalent | Security | Spam prevention, form abuse prevention and account security. | Session to 6 months or provider-defined |
| payment session / checkout cookies | Payment gateway such as Stripe, Checkout.com, PayTabs, Telr, MyFatoorah, myPOS or other used provider | Payments / Strictly necessary | Secure checkout, payment authorisation, fraud screening, refunds and chargeback support. | Session to provider-defined |
| language / region preference | YPI.AE | Functional | Remembers selected language, currency, emirate or regional preferences. | Up to 12 months |
| saved_search / filters / favourites | YPI.AE | Functional | Stores saved searches, property preferences, favourites, comparison lists and filters. | Session to 12 months |
| map and location preferences | YPI.AE / map provider | Functional | Remembers map zoom, area searches, radius searches and map-related preferences. | Session to provider-defined |
| _ga / _ga_* | Google Analytics 4 | Performance and analytics | Measures visits, usage patterns, traffic sources, search behaviour and feature performance. | Usually up to 13 months |
| _gid / _gat / similar | Google Analytics / Google Tag Manager | Performance and analytics | Analytics measurement, tag control, throttling and diagnostics. | Minutes to 24 hours or provider-defined |
| Google Tag Manager container | Google Tag Manager | Tag management | Controls deployment of analytics, consent-aware marketing and measurement tags. GTM may not itself set cookies but can trigger other tags. | Depends on enabled tags |
| _clck / _clsk | Microsoft Clarity | Performance and analytics | Heatmaps, session insights, usability analytics and error/friction detection. | Session to 12 months |
| _hjSessionUser_* / _hjSession_* | Hotjar | Performance and analytics | Heatmaps, session recordings, surveys and user experience analysis where enabled. | 30 minutes to 12 months |
| sentryReplaySession / similar | Sentry or equivalent monitoring provider | Performance / Security | Error monitoring, crash reporting, performance diagnostics and security troubleshooting. | Session to provider-defined |
| Firebase Analytics identifiers | Google Firebase | Analytics / Mobile SDK | App usage analytics, crash reports, push attribution and mobile performance. | Provider-defined |
| _gcl_au / gclid / gcl_aw | Google Ads | Advertising and marketing | Ad conversion tracking, retargeting, attribution and campaign measurement. | Up to 90 days or provider-defined |
| IDE / test_cookie / NID or similar | Google advertising services | Advertising and marketing | Ad delivery, frequency capping, fraud prevention and personalised advertising where enabled. | Provider-defined |
| _fbp / fr / fbc | Meta Pixel / Facebook / Instagram | Advertising and marketing | Retargeting, conversion tracking, audience building and campaign measurement. | Usually up to 90 days |
| li_sugr / bcookie / lidc / UserMatchHistory | LinkedIn Ads | Advertising and marketing | B2B advertising, retargeting, conversion tracking and campaign analytics. | Session to 24 months, provider-defined |
| _ttp / ttclid / tiktok identifiers | TikTok Pixel | Advertising and marketing | Ad attribution, campaign measurement, retargeting and conversion tracking. | Provider-defined |
| sc_at / Snap identifiers | Snap Pixel | Advertising and marketing | Ad delivery, conversion tracking, retargeting and campaign measurement. | Provider-defined |
| _uetsid / _uetvid / msclkid | Microsoft Advertising / Bing Ads | Advertising and marketing | Ad conversion tracking, remarketing and campaign measurement. | Session to 13 months, provider-defined |
| personalization_id / Twitter/X identifiers | X / Twitter Ads | Advertising and marketing | Ad measurement, retargeting and audience tools where enabled. | Provider-defined |
| utm_source / utm_campaign / referral cookies | YPI.AE / analytics tools | Analytics / Marketing | Campaign attribution, source tracking and performance reporting. | Session to 12 months |
| affiliate_id / referral_code | YPI.AE / affiliate or referral platform | Referral / Marketing | Referral tracking, partner attribution, promotions and “Earn with YPI.AE” programme measurement. | Up to 12 months or programme-defined |
| Google Maps / Places cookies or local storage | Google Maps / Google Places | Functional / Embedded content | Maps, geolocation, places search, address suggestions and location-based search tools. | Provider-defined |
| YouTube cookies such as VISITOR_INFO1_LIVE / YSC | YouTube / Google | Embedded content / Advertising | Embedded video playback, performance, preferences and advertising where YouTube videos are embedded. | Session to provider-defined |
| Vimeo cookies such as vuid | Vimeo | Embedded content / Analytics | Embedded video playback and video analytics where Vimeo is used. | Provider-defined |
| WhatsApp / Meta integration identifiers | WhatsApp / Meta or integration provider | Functional / Communications | Click-to-WhatsApp, lead forms, communication integrations and campaign attribution where enabled. | Provider-defined |
| HubSpot / Intercom / Zendesk / Tawk.to / similar | CRM, support or live chat provider | Functional / Communications | Live chat, support tickets, customer messaging, lead management and support analytics. | Provider-defined |
| Mailchimp / Brevo / SendGrid / email tracking identifiers | Email or marketing automation provider | Marketing / Communications | Email delivery, open/click tracking, subscription management and unsubscribe records where enabled. | Provider-defined |
| Optimizely / VWO / Firebase Remote Config identifiers | A/B testing or optimisation provider | Performance / Functional | A/B testing, feature experiments, layout optimisation and product improvement. | Provider-defined |
| OneSignal / Firebase Cloud Messaging / push tokens | Push notification provider | Mobile app SDK / Communications | Push notifications, device tokens and notification preference management where app notifications are enabled. | Until withdrawn, app removed or provider-defined |
| appsflyer / Adjust / Branch identifiers | Mobile attribution provider | Analytics / Marketing | Mobile install attribution, deep links, referral attribution and campaign measurement. | Provider-defined |
6. Consent and cookie preference centre
Where required by applicable law, we will ask for your consent before placing non-essential cookies such as analytics, advertising, retargeting, heatmap, social media and embedded content cookies.
The Platform should provide a cookie banner or preference centre that allows users to accept all cookies, reject non-essential cookies or manage preferences by category. Strictly necessary cookies may operate without consent where required for the Platform to function or remain secure.
You may withdraw or change consent at any time through the Cookie Settings link, the preference centre, browser/device settings or other controls provided on the Platform. Withdrawal of consent does not affect processing that occurred before withdrawal.
7. Browser and device controls
Most browsers allow you to block, delete or restrict cookies. Mobile devices may also allow you to limit ad tracking, reset advertising identifiers, manage app permissions, disable push notifications or restrict background data.
Browser and device controls are separate from the cookie preference centre. If you block or delete cookies, some Platform features may not work properly, including login, saved searches, dashboards, payments, maps, security features and preferences.
8. Third-party cookies and external services
Third-party cookies and SDKs are controlled by the relevant provider. We do not control all provider practices, retention periods or downstream processing. You should review the privacy and cookie policies of those providers where relevant.
YPI.AE may use providers for hosting, security, analytics, advertising, maps, payment processing, communication tools, email delivery, CRM, AI infrastructure, fraud prevention, customer support and performance monitoring.
9. Mobile applications, SDKs and push notifications
If YPI.AE offers mobile applications, the app may use SDKs, app identifiers, device identifiers, crash analytics, performance monitoring and push notification tokens. These technologies may be controlled through app settings, device permissions and in-app preferences where available.
Push notifications will be sent only where permitted by law and device settings. You can usually disable push notifications through your device settings.
10. Changes to this Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies, vendors, SDKs, legal requirements, Platform features or business practices. When we make changes, we will update the effective date and, where appropriate, notify users through the Platform or cookie preference centre.
11. Contact
If you have any questions about this Cookie Policy or our use of cookies, please contact us at mail@ypi.ae or privacy@ypi.ae.