Sign Up Login
Legal

Cookie Policy

This Cookie Policy explains how Malum Limited ("Malum", "we", "us") uses cookies and similar technologies on malum.co and on merchant checkouts hosted by Malum, and the choices available to you under UK PECR, the UK GDPR, and the EU ePrivacy Directive.

Last modified 05/12/2026 Malum Legal Team

Table of Contents

  1. What are cookies?
  2. How we use cookies
  3. Categories of cookies we set
  4. Third-party cookies
  5. How long cookies are stored
  6. Managing your preferences
  7. Changes to this policy
  8. Contact

What are cookies?

Cookies are small text files placed on your device when you visit a website. Similar technologies covered by this policy include local storage, session storage, pixels, and SDK identifiers used inside the Malum dashboard and on merchant checkouts that we operate on behalf of merchants (including custom-domain checkouts proxied via our Cloudflare Worker).

How we use cookies

We use cookies to authenticate users, secure the checkout flow against fraud and abuse, remember interface preferences, measure how the platform is used in aggregate, and meet our legal and regulatory obligations as a payments service.

Lawful basis. Strictly necessary cookies are placed under our legitimate interest in delivering the service you requested and do not require consent. All other categories are set only after you give consent through our cookie banner, and you can withdraw consent at any time.

Categories of cookies we set

CategoryPurposeExamples
Strictly necessary Session management, authentication, CSRF protection, fraud prevention, load balancing. malum (JWT auth cookie), PHPSESSID, Cloudflare __cf_bm bot-management cookie.
Functional Remembering theme, language, last-used workspace, and accessibility preferences. malum_theme, malum_workspace.
Analytics Understanding aggregate usage of pages and checkout flows so we can improve them. First-party page-view counters; only set after consent.
Security / risk Identifying suspicious devices and meeting our anti-money-laundering and Travel Rule obligations. Device-fingerprint identifiers, Turnstile challenge cookies, GeoIP lookups against MaxMind GeoLite2.

Third-party cookies

Some pages embed services from third parties who may set their own cookies subject to their own policies:

  • Stripe — card acceptance, Strong Customer Authentication, fraud screening.
  • Cryptomus — cryptocurrency payment processing and virtual-card issuance.
  • Cloudflare — bot protection and Turnstile challenges.
  • Google Fonts — webfont delivery.

We do not embed advertising trackers and we do not sell personal information.

How long cookies are stored

Session cookies are deleted when you close your browser. Persistent cookies are retained for the period stated when they are set, typically no longer than twenty-four (24) months for functional cookies and thirteen (13) months for analytics cookies, in line with ICO and CNIL guidance.

Managing your preferences

You can change your choices at any time by re-opening the cookie banner from the footer of malum.co. Most browsers also let you block or delete cookies in their settings; doing so may prevent parts of the dashboard or checkout from working.

Changes to this policy

We may update this Cookie Policy from time to time. When we do, we will update the "Last modified" date below. Material changes will be highlighted on the site.

Contact

Questions about this Cookie Policy can be sent to [email protected] or by post to the address listed in our Privacy Policy.

Last modified 05/12/2026