Cookie Policy
Contents
This Cookie Policy explains how Icon Stockbrokers Limited ("Icon", "we") uses cookies and similar tracking technologies on the Icon e-Trade web platform. The Icon e-Trade mobile app uses local device storage rather than browser cookies; see Section 5 for details.
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device, remember your preferences, and provide a functional and secure experience. Similar technologies include local storage and session storage, pixel tags and web beacons, and device fingerprinting for fraud prevention. For simplicity, we refer to all of these collectively as "cookies" in this Policy.
2. How We Use Cookies
We use cookies on the Icon e-Trade web platform to:
- Keep you securely logged in during your session
- Remember your display preferences and settings
- Prevent cross-site request forgery (CSRF) and other security threats
- Detect and prevent fraudulent activity and unauthorised account access
- Understand how users navigate and interact with the platform so we can improve it
- Ensure our legal and regulatory obligations are met (e.g., audit logging of session activity)
We do not use cookies to display third-party advertising or to build profiles for advertising purposes.
3. Types of Cookies We Use
3.1 Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be disabled. They do not require your consent because they are necessary to provide the service you have requested.
| Cookie Name | Purpose | Duration |
|---|---|---|
| session_id | Maintains your authenticated web session and keeps you logged in. Expires on logout or browser close. | Session |
| csrf_token | Protects against Cross-Site Request Forgery (CSRF) attacks on form submissions. | Session |
| sec_check | Security marker used to validate request integrity and detect session tampering. | Session |
3.2 Functional Cookies
These cookies allow the platform to remember choices you make and provide enhanced features. They do not track your browsing activity on other websites.
| Cookie Name | Purpose | Duration |
|---|---|---|
| ui_prefs | Stores your interface preferences (e.g., column layout, display density) so they persist between sessions. | 12 months |
| last_login | Records the timestamp of your last login for display in the account security section. | 6 months |
3.3 Analytics Cookies
We use analytics cookies to understand how users interact with the web platform. All data collected is aggregated and anonymised. No individual user profile is built from analytics data.
| Cookie Name | Purpose | Duration |
|---|---|---|
| _pk_id (internal analytics) | Identifies unique sessions for aggregate page-view and feature-usage statistics. Data is stored on Icon-controlled infrastructure and not shared with third parties. | 13 months |
| _pk_ses (internal analytics) | Tracks a single browser session for aggregate session-duration analytics. | 30 minutes |
3.4 Security & Fraud Prevention Cookies
| Cookie Name | Purpose | Duration |
|---|---|---|
| device_id | A pseudonymous device identifier used to detect suspicious logins from unrecognised devices and to assist fraud investigation. | 24 months |
| fp_token | A device fingerprint token used to flag anomalous access patterns for AML monitoring. | 12 months |
4. Third-Party Cookies
The Icon e-Trade web platform does not embed third-party advertising networks, social media widgets, or third-party analytics platforms that set their own cookies. Our payment partner Paystack may set cookies when you interact with the payment widget during a deposit. These cookies are governed by Paystack's own terms and privacy policy and are limited to the payment transaction flow. If we introduce any new third-party cookies in future, we will update this Policy and notify you in advance.
5. Mobile App & Local Storage
The Icon e-Trade mobile application (iOS and Android) does not use browser cookies. Instead, the app uses:
- Async Storage (encrypted): Stores your authentication tokens (access token and refresh token) locally on your device in encrypted form, used only for API requests to Icon's servers
- Keychain / Keystore (where available): On supported iOS and Android versions, sensitive tokens are stored in the device's secure hardware enclave (iOS Keychain or Android Keystore)
- App cache: Market data and portfolio information is cached locally to improve performance; cleared when you log out or uninstall the app
None of the data stored on your device is shared with third parties or used for advertising purposes. You can clear all locally stored app data by uninstalling the Icon e-Trade app.
6. Your Choices & How to Manage Cookies
You can control cookies through your browser settings. Most modern browsers allow you to view and delete individual cookies, block all cookies or cookies from specific websites, and receive a notification when a cookie is set.
Guidance for common browsers:
- Google Chrome: Settings → Privacy & Security → Cookies and other site data
- Safari: Preferences → Privacy → Manage Website Data
- Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data
- Microsoft Edge: Settings → Cookies and site permissions
Important: Disabling strictly necessary cookies (session and CSRF cookies) will prevent you from logging in and using the Icon e-Trade web platform. Analytics and functional cookies can be disabled without affecting your ability to trade.
7. Retention Periods
Cookie retention periods are listed in the tables in Section 3. Session cookies are deleted automatically when you close your browser or log out. Persistent cookies are retained for the period shown, after which they expire automatically. You may delete any cookie at any time through your browser settings. Server-side session logs associated with cookie data are retained for a minimum of 5 years as part of our regulatory audit trail obligations under the SEC AML/CFT Rules.
8. Legal Basis
Our use of cookies is governed by the Nigeria Data Protection Act 2023 (NDPA 2023).
- Strictly necessary and security cookies: Processed on the basis of legitimate interests and the performance of our contract with you
- Functional cookies: Processed on the basis of legitimate interests in improving your experience
- Analytics cookies: Processed on the basis of our legitimate interests in understanding platform usage, with no identifiable personal data retained beyond the session
Where consent is required under applicable law, we will request it explicitly before setting optional cookies.
9. Changes to This Policy
We may update this Cookie Policy from time to time. When we make material changes (for example, introducing new third-party cookies), we will notify you via a notice on the web platform and update the "Last Updated" date above.
10. Contact Us
For questions about our use of cookies or to exercise your data rights:
- Data Privacy Officer: privacy@icon-securities.ng
- Post: Data Privacy Officer, Icon Stockbrokers Limited, 24 Campbell Street, Lagos Island, Lagos, Nigeria
- Nigeria Data Protection Commission: ndpc.gov.ng