Skip to content
Your Ops — SOP it Easy

Cookie Policy

Effective date:

This Cookie Policy explains how Your Ops, the fractional COO consulting practice founded and operated by Sara Heggy from Dubai, United Arab Emirates, uses cookies and similar technologies on yourops.co. The short version: if you are an ordinary visitor, we set no cookies at all. The only cookie this website ever uses is a single strictly-necessary session cookie for authorized staff signing in to our private admin area.

1. What Cookies Are

Cookies are small text files that a website places on your computer, tablet, or phone when you visit. They are stored by your browser and sent back to the website on subsequent requests, allowing the site to remember things between page loads — for example, that you are signed in. Cookies set by the website you are visiting are called "first-party" cookies; cookies set by other companies whose technology is embedded in a page (advertisers, analytics vendors, social media widgets) are called "third-party" cookies.

Cookies are also commonly classified by function. "Strictly necessary" cookies are essential for a service you have requested to work at all, such as keeping an authenticated session alive. Other categories — performance, functionality, analytics, and advertising cookies — support measurement, personalization, and marketing. As explained below, yourops.co uses exactly one strictly-necessary cookie and nothing from any other category.

2. Our Approach: No Analytics, No Advertising, No Third-Party Cookies

We have deliberately built yourops.co without tracking technology. We believe a consulting practice earns trust through its work, not by surveilling the people who read about it. Concretely, this website does not use:

  • Analytics cookies or scripts of any kind (no Google Analytics, no self-hosted analytics, no measurement pixels).
  • Advertising or retargeting cookies, and no participation in any advertising network.
  • Third-party cookies of any kind — no social media widgets, embedded trackers, or fingerprinting scripts.
  • Visitor accounts, profiles, or any mechanism that identifies individual visitors across visits.

Our infrastructure providers do process limited technical data in order to deliver the site: Vercel Inc. hosts yourops.co and, like any host, generates server logs containing IP addresses, user-agent strings, and timestamps, and Resend (resend.com) delivers contact-form submissions to our inboxes by email. That processing is described in our Privacy Policy; it does not involve setting cookies on your device.

Yourops.co includes a private administrative area at /admin, used exclusively by authorized Your Ops staff to publish articles and manage site content. Signing in to /admin requires the staff member's email and password and sets a single strictly-necessary session cookie named "payload-token". This cookie keeps the authenticated staff session alive so the staff member does not have to re-authenticate on every request.

The payload-token cookie is flagged HttpOnly, which means it cannot be read by JavaScript running in the browser — a standard safeguard against session theft. It is deleted when the staff member signs out and expires automatically within hours in any event. Images and article documents uploaded through /admin are stored on Vercel Blob storage, but that storage does not place any cookie on any visitor's device.

To be unambiguous: ordinary visitors never receive this cookie. It is set only when a person actively signs in to the staff admin area with valid credentials. If you have never logged in to /admin, this website has placed no cookies on your device.

The complete list of cookies set by yourops.co, together with the purpose and duration of each, is as follows:

  • payload-token — Purpose: maintains the authenticated session of an authorized Your Ops staff member who has signed in to the private /admin content-management area; classified as strictly necessary; first-party; HttpOnly. Duration: deleted on sign-out, and expires automatically within hours at most.
  • No other cookies — Purpose: not applicable. Yourops.co sets no analytics, performance, functionality, advertising, or third-party cookies for any visitor. Duration: not applicable.

If we ever add a cookie to this list, we will update this policy and its effective date before the new cookie is deployed, as described in Section 8.

5. localStorage and Similar Technologies

Cookies are not the only way a website can store information on a device. Browsers also offer localStorage, sessionStorage, IndexedDB, and cache-based techniques, and some sites use these for tracking in place of cookies. Yourops.co does not use any of these technologies to store information on visitors' devices, and it does not use device fingerprinting, tracking pixels, web beacons, or any comparable identification technique.

Your browser may cache static assets (such as fonts, stylesheets, and images) to make repeat visits faster. That caching is a standard browser behavior controlled by you, is not readable by us as a tracking mechanism, and can be cleared at any time through your browser settings.

6. How to Control Cookies in Your Browser

Even though we set no cookies for ordinary visitors, you remain in full control of cookies on your own device. Every major browser lets you view, block, and delete cookies:

  • Google Chrome: Settings > Privacy and security > Third-party cookies (and Site settings > Cookies) to view, block, or clear cookies.
  • Apple Safari: Settings > Privacy > Manage Website Data on macOS, or Settings > Safari > Advanced > Website Data on iOS.
  • Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data to clear data or set blocking rules.
  • Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data.

Blocking all cookies will not affect your ability to browse yourops.co, read our articles, or send us a message through the contact form, because none of those activities depends on a cookie. The only functionality that requires a cookie is the staff sign-in to /admin: with cookies blocked, an authorized staff member would be unable to hold an authenticated session.

You may have noticed that yourops.co does not display a cookie consent banner. That is intentional, and it is compliant. Under the EU ePrivacy rules and the GDPR (which apply to our visitors in the European Economic Area and the United Kingdom), consent is required before storing or accessing information on a user's device — except for cookies that are strictly necessary to provide a service explicitly requested by the user. The payload-token cookie falls squarely within that strictly-necessary exemption: it is set only for staff who actively request authenticated access to the admin area, and it exists solely to deliver that access.

The same analysis holds under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), which governs our processing from Dubai, United Arab Emirates, and under the California Consumer Privacy Act as amended by the CPRA. Because we set no analytics or advertising cookies, we do not "sell" or "share" personal information within the meaning of the CCPA/CPRA, and there is no cross-context behavioral advertising to opt out of. If we ever introduce non-essential cookies, we will implement a consent mechanism that obtains your opt-in before any such cookie is set.

8. Changes to This Policy

We may update this Cookie Policy from time to time — for example, if we change how the /admin area works, adopt a new infrastructure provider, or (though we do not currently intend to) introduce a new cookie. When we make changes, we will post the revised policy on this page and update the effective date at the top. Material changes, such as the introduction of any non-essential cookie, will be accompanied by an appropriate consent mechanism before the change takes effect. We encourage you to review this page periodically; your continued use of yourops.co after an updated policy takes effect constitutes acknowledgment of the revised terms, though it never substitutes for consent where consent is legally required.

9. Contact Us

If you have questions about this Cookie Policy, about the payload-token cookie, or about our data practices generally, we are glad to help. Your Ops is operated by Sara Heggy, Business Operations Consultant, remotely from Dubai, United Arab Emirates, and this policy is governed by the laws of the United Arab Emirates (Dubai).

  • General inquiries: hello@yourops.co
  • Administrative and privacy matters: admin@yourops.co
  • Phone: +971 52 945 5502

Please also see our Privacy Policy for a full description of how we handle personal data submitted through the contact form and processed by our hosting and email providers, Vercel Inc. and Resend.