Transparency

Cookie Policy

Plain-English answers to what cookies we set, why, and how you can manage them — written for humans, not lawyers.

Last updated: 3 May 2026

Cookies at a glance

We group every cookie into one of four categories. Essential cookies always run because the platform can't work without them. The other three you can switch on or off whenever you want.

Essential

Keep you signed in, secure your session, and remember your language. Always on — without these the platform cannot function.

Functional

Remember preferences like recently-used services, accessibility options, and dashboard layout choices. Optional but recommended.

Analytics

Help us understand which parts of the platform need clearer guidance. We use aggregated, IP-hashed data — no personal profiling.

Marketing

Off by default. We do not currently run third-party advertising cookies, and we'll ask before that ever changes.

Why this policy exists

This Cookie Policy explains how Monjaaz uses cookies and similar technologies (pixels, local storage, session storage) when you visit our website or use our app. It complements our Privacy Policy and is published under the transparency obligations of the Saudi Personal Data Protection Law (PDPL).

We've written it in plain language because we'd rather you actually read it than scroll past a wall of legalese. If anything is unclear, email privacy@monjaaz.sa and a real person will respond.

Where this policy refers to "cookies" we mean any client-side storage technology — including HTTP cookies, browser local storage, session storage, and similar identifiers used to recognize your device or session.

What are cookies, exactly?

A cookie is a tiny text file your browser stores when you visit a website. The site can read that file on your next visit, which is how it remembers things like your login state, language, or whether you've dismissed a banner.

Some cookies last only for the current session and disappear when you close the tab — these are called session cookies. Others persist for a set duration (a day, a month, a year) and are called persistent cookies.

Cookies set by the website you're visiting are called first-party cookies. Cookies set by other domains loaded on the page (analytics, embedded videos, etc.) are called third-party cookies. We minimize the latter and disclose every one we use below.

How Monjaaz uses cookies

Authentication and security — we set a session cookie when you sign in to keep you logged in across pages, plus a CSRF token cookie that protects sensitive forms (like submitting a payment) from cross-site attacks.

Personalization — a small set of cookies remember your preferred language (Arabic or English), interface theme preferences, dashboard column widths, and which onboarding tips you've already dismissed.

Performance and improvement — privacy-friendly analytics cookies aggregate which pages users visit, how long pages take to load, and which actions fail. We hash IP addresses with a daily rotating salt before storage, and we never share this data with advertising networks.

The cookies we set, in detail

Essential cookies (always on): mnj_session — your authenticated session, expires when you close the browser unless you check "Remember me"; mnj_csrf — anti-forgery token, session-only; mnj_locale — saves your AR/EN choice for 1 year so /en/ links don't bounce you back to AR.

Functional cookies (opt-in): mnj_prefs — UI preferences like sidebar collapse state and table density, 90 days; mnj_recent — recently-viewed services on your dashboard, 30 days; mnj_a11y — accessibility settings such as reduced motion and high contrast, 1 year.

Analytics cookies (opt-in): _mnj_session_id — a randomly-generated, non-identifying session ID for funnel analysis, expires after 30 minutes of inactivity; _mnj_perf — anonymized page-performance metrics (load times, paint times), 14 days. No user-level profiles are constructed.

Third-party cookies

Payment gateways — when you choose a payment method, the gateway (Moyasar, Stripe, PayPal, etc.) may set its own session cookies on the redirect / iframe domain to complete the transaction securely. These are governed by the gateway's own privacy and cookie policies, linked at checkout.

Embedded support widgets — our optional live chat widget (when enabled) sets a guest-id cookie on the public chat path so we can reconnect you to the same agent if your tab is reloaded. The cookie is first-party (mnj_chat_guest), expires after 24 hours, and contains only a random UUID.

We do not load Google Analytics, Facebook Pixel, or any advertising/retargeting trackers. If we ever add such a service, we will request explicit opt-in consent before activation, in line with PDPL Article 6.

How to manage your cookies

On Monjaaz — use the "Cookie settings" link in the footer of every page to review and toggle each non-essential category. Your choices are stored in a first-party preference cookie (mnj_consent, 6 months) and applied immediately across the platform.

In your browser — every modern browser lets you view, block, or delete cookies. Chrome: Settings → Privacy & Security → Cookies. Safari: Preferences → Privacy. Firefox: Settings → Privacy & Security. Edge: Settings → Cookies and site permissions.

Note that disabling essential cookies will prevent you from signing in, submitting forms, or completing payments. We have no workaround for this — they are fundamental to how the web works.

Do Not Track & Global Privacy Controls

We respect the Global Privacy Control (GPC) signal as well as legacy Do Not Track (DNT) headers. When your browser sends either signal, we automatically opt you out of analytics and functional cookies on first load, before you see the cookie banner.

Essential cookies remain active because they are strictly necessary to deliver the service you requested — the GPC and DNT specifications explicitly permit this.

If you change your mind later, you can manually opt back in to functional or analytics cookies through the Cookie settings link in the footer. Your GPC signal is honored on every visit until you do.

Updates to this Cookie Policy

We will update this Cookie Policy if we add new cookies, change purposes, switch providers, or extend storage durations. The "last updated" date at the top of the page always reflects the current version.

For material changes — such as adding a new third-party tracker or extending storage beyond 12 months — we will re-prompt you with an updated cookie banner so you can re-confirm or change your choices.

Minor changes (typo fixes, rewording for clarity, version bumps to existing cookies) will not trigger a re-prompt but will be reflected on this page with a refreshed update date.

Questions about cookies?

Email — privacy@monjaaz.sa for cookie-specific questions, or dpo@monjaaz.sa to reach our Data Protection Officer about broader data-handling questions.

Read more — our Privacy Policy explains what data we collect (cookies are just one source), how we secure it, and the rights you have under the Saudi PDPL.

Regulatory authority — the Saudi Data and AI Authority (SDAIA) supervises personal-data practices, including cookie usage, in the Kingdom and can be reached at sdaia.gov.sa.