Legal notice

Cookie policy

This page explains which cookies and similar technologies GROW Invest uses, their purpose, retention period and your control options.

Transparent preferences

Cookies may be necessary, functional, analytical or marketing-related, depending on the active services.

Protected session

Authentication cookies are HttpOnly and, in production, are sent over secure connections.

Browser control

You can view, block or delete cookies in your browser settings, although this may affect authentication.

Cookies used directly by GROW Invest

The durations below reflect the current technical configuration and may be shortened if you sign out, delete browser data or the session is revoked for security reasons.

Name	Provider	Purpose	Category	Duration	Technical details
access_token	GROW Invest	Keeps the user authenticated and enables secure access to account features and information.	Strictly necessary	For the session or the period configured by the platform	Persistent cookie; HttpOnly; Secure in production; environment-specific SameSite; path /.
refresh_token	GROW Invest	Securely renews the session without requiring the user to sign in each time the access token expires.	Strictly necessary	Up to 30 days or the period configured by the platform	Persistent cookie; HttpOnly; Secure in production; environment-specific SameSite; available on the /api path.
XSRF-TOKEN	GROW Invest	Protects account requests against Cross-Site Request Forgery (CSRF) attacks.	Strictly necessary / security	For the browser session	Must be readable by the web application so it can be sent in the security header; Secure in production.

Categories and services that may be used

Actual availability depends on active features, the technical environment and your optional cookie preferences.

Strictly necessary

Purpose: Authentication, security, fraud prevention, traffic balancing and operation of the platform.
Examples: Session tokens, CSRF cookies and privacy preferences.
Possible providers: GROW Invest and essential technical providers.
Indicative duration: Session or until the configured expiry.

Functional

Purpose: Remembering language, region, interface settings and other options requested by the user.
Examples: Language, display, federated authentication or support preferences.
Possible providers: GROW Invest or integrated service providers.
Indicative duration: Session or up to 12 months, depending on the feature.

Analytics and performance

Purpose: Measuring traffic, errors, performance and aggregated use of the platform.
Examples: Google Analytics, Google Tag Manager, Microsoft Clarity or similar services.
Possible providers: Google, Microsoft or other selected analytics providers.
Indicative duration: From the session duration up to 24 months, according to provider and preferences.

Marketing and advertising

Purpose: Measuring campaigns, limiting advertising frequency and displaying relevant content.
Examples: Meta Pixel, Google Ads, LinkedIn Insight Tag or similar technologies.
Possible providers: Meta, Google, LinkedIn or other selected advertising partners.
Indicative duration: From the session duration up to 24 months, according to provider and preferences.

1. About this policy

This Cookie Policy applies to the GROW Invest web platform operated by GROW Invest Romania SRL and should be read together with the platform's Privacy Policy and Terms and Conditions.

It covers cookies and similar technologies currently used or that may be enabled to operate, develop, measure and promote the platform. The native mobile application may use secure device storage and similar identifiers instead of web cookies.

2. What is a cookie

A cookie is a small text file that a website may save on the computer, phone or other device used to access it. It allows the browser and web service to recognise a session, retain certain technical information or provide a requested feature.

Cookies are not programs, cannot run code and cannot independently access files stored on your device. Their content and use depend on the service that sets them.

3. Types of cookies

Session cookies are generally deleted when you close the browser. Persistent cookies remain on the device until their expiry date or until they are manually deleted.

First-party cookies are set by GROW Invest or the platform's backend service. Third-party cookies may be set by an external provider when you interact with a feature supplied by that provider.

Strictly necessary cookies enable requested services, authentication and security. Functional, analytics and marketing cookies may be enabled depending on integrated services and the choices expressed by the user.

4. Basis for use

Strictly necessary cookies are used to provide the service requested by the user, operate account features and protect the platform. They are not used for behavioural advertising or to create a marketing profile.

Because these cookies are required for authentication and security, they cannot be disabled through the platform. You may block them through your browser, but signing in, maintaining a session and certain account operations may stop working.

5. Third-party services and providers

The platform may integrate third-party services for authentication, hosting, media delivery, analytics, support, security, payments and advertising. These providers may use cookies or similar technologies under their own policies and your settings.

Providers may include, without limitation, Google for authentication, infrastructure, analytics or advertising; Meta for campaign measurement and advertising; Microsoft for analytics; LinkedIn for campaign measurement; and other technical partners integrated later.

The names, purposes and retention periods of third-party cookies are determined by those providers and may change. Where required by law, optional services are enabled only after consent is given.

6. Analytics, advertising and consent

The platform may use tools such as Google Analytics, Google Tag Manager, Meta Pixel, Microsoft Clarity, LinkedIn Insight Tag or comparable services for statistics, problem diagnosis, campaign measurement and service improvement.

Optional cookies are used on the basis of consent where required by law. Preferences may be given or withdrawn through the cookie management mechanism made available on the platform or through browser settings.

7. How to control and delete cookies

Most browsers allow you to view cookies, delete them, block all cookies or block third-party cookies. These options are generally located under the browser's Privacy, Security or Browsing Data settings.

If you delete authentication cookies, you will be signed out or asked to sign in again. If you block XSRF-TOKEN or the transmission of necessary cookies, requests that change account data may be rejected for security reasons.

Settings must be managed separately for each browser and device. Private or incognito mode may apply additional rules and generally deletes session data when the window is closed.

For further general information about managing cookies, you may visit aboutcookies.org, an independent third-party website.

8. Technical and personal data

The use of necessary cookies may be associated with technical data such as IP address, browser type, device information, session identifiers, sign-in time and activity required to secure the account.

For information about processing purposes, legal bases, recipients, retention periods and your personal data rights, please read the Privacy Policy.

9. Policy updates

We may update this policy when we change the technologies used, providers, retention periods or legal requirements. The updated version will be published on this page together with its last updated date.