This policy explains how VMC uses cookies and similar technologies on Creatoll.

This policy should be read alongside the Privacy Policy and Terms of Service.

Cookies are small text files stored on your device to support website operation and user experience.

Cookies may be session or persistent, and first-party or third-party depending on origin and lifespan.

Creatoll uses essential/functional cookies required for core operation and does not currently use third-party advertising/tracking cookies.

Session cookie (vmc-cms-session): supports authenticated Admin Dashboard sessions (default idle timeout 120 minutes), HttpOnly, Secure (HTTPS), SameSite=Lax.

XSRF-TOKEN cookie: supports CSRF protection for state-changing requests; readable by JS frameworks for header inclusion; Secure (HTTPS), SameSite=Lax.

Client/Creator portal token auth is primarily bearer-token based (Authorization header) rather than cookie-based.

Session management for authenticated dashboard usage.

CSRF protection for secure form and mutation operations.

Authentication integrity controls for request validation.

Security controls include HttpOnly on session cookies, HTTPS Secure flags, SameSite=Lax, server-side session storage, and automatic expiry for inactive sessions.

Browser settings can be used to view/delete/block cookies and tune first-party vs third-party preferences.

Disabling essential cookies may break Admin Dashboard authentication and CSRF workflows.

The Client/Creator portal can continue functioning with token-based authentication even when cookie behavior changes.

Cookies primarily carry session identifiers and CSRF tokens; they do not store full personal data payloads.

Linked server-side session state may include auth state, flash messages, and temporary form-state data.

This policy may be updated over time. Material changes are communicated via the Platform.

Visit Maldives Corporation Limited (VMC) - Creatoll Support

Email: info@visitmaldives.com

Website: https://creatoll.com