Privacy and cookies

Cookie policy

Review the cookies Evolve needs to run this site and choose whether optional browser monitoring can run on this browser.

Last updated: 18 April 2026

Always required: Sign-in, private content, and your settings.
Optional: Browser monitoring only after consent.
This browser: Your choice is stored per browser.

Cookie choices for this browser

Essential cookies stay on so sign-in, language selection, private content delivery, and your privacy choice keep working.

Current setting Optional monitoring is off until you choose otherwise.

Always on

Sign-in, private content, language, theme, and your cookie choice.

Changes only if you allow optional cookies

Datadog can collect browser performance, error, and interaction telemetry to help Evolve diagnose issues.

If you withdraw optional consent after monitoring has already loaded, Evolve refreshes the page so the current tab restarts without optional monitoring.

What Evolve uses cookies for

These are the essential jobs the current Evolve frontend relies on cookies to do.

Keeps you signed in

Authentication and account access

Session cookies keep sign-in working and keep you in the correct account context.

Protects private files

Private content delivery

Signed CloudFront cookies prove your browser can open private files through the Evolve CDN.

Remembers device choices

Language, theme, and consent choices

Evolve stores your language, theme, and cookie choice on this device.

Cookie inventory

The inventory below covers the first-party cookies confirmed in the current Evolve frontend and the consent cookie used by this route.

Cookie	Category and status	Provider	Use	Duration	Notes
evolve_cookie_consent	Essential Always on	Evolve	Remembers whether this browser should allow optional monitoring cookies or only essential cookies.	180 days or until you change your choice.	Set by the consent controls shipped with this cookie-policy update. Evolve treats this cookie as essential because it stores your privacy preference.
__Host-accessToken	Essential Always on	Evolve	Keeps the current signed-in browser session authenticated with Evolve APIs.	Until the access token expires. Middleware aligns the cookie expiry to the token expiry when it is issued.	Readable by the browser because the frontend uses it when calling authenticated APIs. Localhost development uses the same cookie name without the `__Host-` prefix.
__Host-refreshToken	Essential Always on	Evolve	Allows Evolve to refresh the current authenticated session without forcing a fresh sign-in on every token expiry.	Until the refresh token expires. Middleware aligns the cookie expiry to the token expiry when it is issued.	Stored as an HttpOnly cookie so client-side scripts cannot read it directly. Localhost development uses the same cookie name without the `__Host-` prefix.
__Host-auth_account_slug	Essential Always on	Evolve	Preserves the active account slug so Evolve can route the signed-in user to the correct tenant context.	Matches the refresh-token lifetime so tenant context survives browser restarts while the authenticated session is still refreshable.	Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
__Host-auth_refresh_account_slug	Essential Always on	Evolve	Stores the issuer-backed account used when Evolve refreshes the authenticated session after the access token expires.	Matches the refresh-token lifetime so the browser can recover the session after restart without losing refresh routing context.	Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
__Host-auth_role_id	Essential Always on	Evolve	Preserves the currently selected role so Evolve can restore the correct authorization context on the next request.	Matches the refresh-token lifetime so role context stays aligned with the recoverable authenticated session.	Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
__Host-auth_membership_id	Essential Always on	Evolve	Preserves the selected membership so Evolve can validate account and role context during session refresh.	Matches the refresh-token lifetime so membership context stays aligned with the recoverable authenticated session.	Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
__Host-auth_session_id	Essential Always on	Evolve	Stores the active session identifier for account-security views and sign-out flows.	Matches the refresh-token lifetime when available, or the active access-token lifetime otherwise.	Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
CloudFront-Key-Pair-Id	Essential Always on	Evolve CDN / AWS CloudFront	Part of the signed-cookie set Evolve uses to authorize access to private CDN content.	Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.	Used together with `CloudFront-Policy` and `CloudFront-Signature`.
CloudFront-Policy	Essential Always on	Evolve CDN / AWS CloudFront	Stores the signed access policy for Evolve private CDN paths.	Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.	May be stored as an HttpOnly cookie when the server mints it.
CloudFront-Signature	Essential Always on	Evolve CDN / AWS CloudFront	Stores the signature CloudFront checks before it serves Evolve private content.	Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.	May be stored as an HttpOnly cookie when the server mints it.
CloudfrontDomain	Essential Always on	Evolve CDN / AWS CloudFront	Records which Evolve CDN domain the current browser should use for private content requests.	Matches the signed-cookie lifetime used for private content access.	Readable by the browser so client-side download flows can target the right CDN host.
theme	Essential Always on	Evolve	Remembers the light or dark theme selected on this device.	Session cookie until the browser session ends or you change it.	The frontend also mirrors the current theme in local storage for immediate theme restoration.
i18next	Essential Always on	Evolve	Stores the language choice used when the browser switches between supported locales.	Session cookie until the browser session ends or you change it.	Written by the language-switch flows in the Evolve frontend when locale changes happen on the client.
acc_lang_switch	Essential Always on	Evolve	Signals that a language switch just occurred so Evolve can complete the locale handoff cleanly.	Short-lived session cookie that the client clears after the switch.	Used only as a transition flag during locale changes rather than as a long-term preference cookie.

Essential
evolve_cookie_consent
Always on
Evolve
Use
Remembers whether this browser should allow optional monitoring cookies or only essential cookies.
Duration
180 days or until you change your choice.
Notes
Set by the consent controls shipped with this cookie-policy update. Evolve treats this cookie as essential because it stores your privacy preference.
Essential
__Host-accessToken
Always on
Evolve
Use
Keeps the current signed-in browser session authenticated with Evolve APIs.
Duration
Until the access token expires. Middleware aligns the cookie expiry to the token expiry when it is issued.
Notes
Readable by the browser because the frontend uses it when calling authenticated APIs. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
__Host-refreshToken
Always on
Evolve
Use
Allows Evolve to refresh the current authenticated session without forcing a fresh sign-in on every token expiry.
Duration
Until the refresh token expires. Middleware aligns the cookie expiry to the token expiry when it is issued.
Notes
Stored as an HttpOnly cookie so client-side scripts cannot read it directly. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
__Host-auth_account_slug
Always on
Evolve
Use
Preserves the active account slug so Evolve can route the signed-in user to the correct tenant context.
Duration
Matches the refresh-token lifetime so tenant context survives browser restarts while the authenticated session is still refreshable.
Notes
Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
__Host-auth_refresh_account_slug
Always on
Evolve
Use
Stores the issuer-backed account used when Evolve refreshes the authenticated session after the access token expires.
Duration
Matches the refresh-token lifetime so the browser can recover the session after restart without losing refresh routing context.
Notes
Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
__Host-auth_role_id
Always on
Evolve
Use
Preserves the currently selected role so Evolve can restore the correct authorization context on the next request.
Duration
Matches the refresh-token lifetime so role context stays aligned with the recoverable authenticated session.
Notes
Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
__Host-auth_membership_id
Always on
Evolve
Use
Preserves the selected membership so Evolve can validate account and role context during session refresh.
Duration
Matches the refresh-token lifetime so membership context stays aligned with the recoverable authenticated session.
Notes
Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
__Host-auth_session_id
Always on
Evolve
Use
Stores the active session identifier for account-security views and sign-out flows.
Duration
Matches the refresh-token lifetime when available, or the active access-token lifetime otherwise.
Notes
Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.
Essential
CloudFront-Key-Pair-Id
Always on
Evolve CDN / AWS CloudFront
Use
Part of the signed-cookie set Evolve uses to authorize access to private CDN content.
Duration
Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.
Notes
Used together with `CloudFront-Policy` and `CloudFront-Signature`.
Essential
CloudFront-Policy
Always on
Evolve CDN / AWS CloudFront
Use
Stores the signed access policy for Evolve private CDN paths.
Duration
Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.
Notes
May be stored as an HttpOnly cookie when the server mints it.
Essential
CloudFront-Signature
Always on
Evolve CDN / AWS CloudFront
Use
Stores the signature CloudFront checks before it serves Evolve private content.
Duration
Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.
Notes
May be stored as an HttpOnly cookie when the server mints it.
Essential
CloudfrontDomain
Always on
Evolve CDN / AWS CloudFront
Use
Records which Evolve CDN domain the current browser should use for private content requests.
Duration
Matches the signed-cookie lifetime used for private content access.
Notes
Readable by the browser so client-side download flows can target the right CDN host.
Essential
theme
Always on
Evolve
Use
Remembers the light or dark theme selected on this device.
Duration
Session cookie until the browser session ends or you change it.
Notes
The frontend also mirrors the current theme in local storage for immediate theme restoration.
Essential
i18next
Always on
Evolve
Use
Stores the language choice used when the browser switches between supported locales.
Duration
Session cookie until the browser session ends or you change it.
Notes
Written by the language-switch flows in the Evolve frontend when locale changes happen on the client.
Essential
acc_lang_switch
Always on
Evolve
Use
Signals that a language switch just occurred so Evolve can complete the locale handoff cleanly.
Duration
Short-lived session cookie that the client clears after the switch.
Notes
Used only as a transition flag during locale changes rather than as a long-term preference cookie.

Optional monitoring tools

Optional cookies only affect browser monitoring. Essential site functions stay on either way.

Datadog browser monitoring

Provider: Datadog

What changes: When you allow optional cookies, Datadog can collect browser performance, error, and interaction telemetry to help Evolve diagnose issues.
Duration: Starts only after you allow optional cookies and remains allowed until you switch this browser back to essential-only cookies.
When it loads: Evolve loads the Datadog browser SDK from the root layout only when the Datadog environment flags are enabled and your consent cookie is set to allow optional cookies.

How to grant or withdraw optional consent

Use the controls on this page or the consent banner to allow optional cookies on this browser.
Choose Use only essential cookies or Withdraw optional consent to switch optional Datadog monitoring back off.
Essential cookies remain active because Evolve needs them for sign-in, theme and language preferences, private CDN access, and storing your privacy choice.
If you withdraw optional consent after monitoring has already loaded, Evolve refreshes the current tab so the page restarts without optional monitoring.

Support

For privacy or cookie questions about Evolve, contact evolve@unic.ac.cy.

Return to sign in

What Evolve uses cookies for

These are the essential jobs the current Evolve frontend relies on cookies to do.

Keeps you signed in

Authentication and account access

Session cookies keep sign-in working and keep you in the correct account context.

Protects private files

Private content delivery

Signed CloudFront cookies prove your browser can open private files through the Evolve CDN.

Remembers device choices

Language, theme, and consent choices

Evolve stores your language, theme, and cookie choice on this device.

Category and status

Provider

Use

Duration

Notes

evolve_cookie_consent

Essential

Always on

Evolve

Remembers whether this browser should allow optional monitoring cookies or only essential cookies.

180 days or until you change your choice.

Set by the consent controls shipped with this cookie-policy update. Evolve treats this cookie as essential because it stores your privacy preference.

__Host-accessToken

Essential

Always on

Evolve

Keeps the current signed-in browser session authenticated with Evolve APIs.

Until the access token expires. Middleware aligns the cookie expiry to the token expiry when it is issued.

Readable by the browser because the frontend uses it when calling authenticated APIs. Localhost development uses the same cookie name without the `__Host-` prefix.

__Host-refreshToken

Essential

Always on

Evolve

Allows Evolve to refresh the current authenticated session without forcing a fresh sign-in on every token expiry.

Until the refresh token expires. Middleware aligns the cookie expiry to the token expiry when it is issued.

Stored as an HttpOnly cookie so client-side scripts cannot read it directly. Localhost development uses the same cookie name without the `__Host-` prefix.

__Host-auth_account_slug

Essential

Always on

Evolve

Preserves the active account slug so Evolve can route the signed-in user to the correct tenant context.

Matches the refresh-token lifetime so tenant context survives browser restarts while the authenticated session is still refreshable.

Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.

__Host-auth_refresh_account_slug

Essential

Always on

Evolve

Stores the issuer-backed account used when Evolve refreshes the authenticated session after the access token expires.

Matches the refresh-token lifetime so the browser can recover the session after restart without losing refresh routing context.

Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.

__Host-auth_role_id

Essential

Always on

Evolve

Preserves the currently selected role so Evolve can restore the correct authorization context on the next request.

Matches the refresh-token lifetime so role context stays aligned with the recoverable authenticated session.

Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.

__Host-auth_membership_id

Essential

Always on

Evolve

Preserves the selected membership so Evolve can validate account and role context during session refresh.

Matches the refresh-token lifetime so membership context stays aligned with the recoverable authenticated session.

Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.

__Host-auth_session_id

Essential

Always on

Evolve

Stores the active session identifier for account-security views and sign-out flows.

Matches the refresh-token lifetime when available, or the active access-token lifetime otherwise.

Stored as an HttpOnly cookie. Localhost development uses the same cookie name without the `__Host-` prefix.

CloudFront-Key-Pair-Id

Essential

Always on

Evolve CDN / AWS CloudFront

Part of the signed-cookie set Evolve uses to authorize access to private CDN content.

Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.

Used together with `CloudFront-Policy` and `CloudFront-Signature`.

CloudFront-Policy

Essential

Always on

Evolve CDN / AWS CloudFront

Stores the signed access policy for Evolve private CDN paths.

Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.

May be stored as an HttpOnly cookie when the server mints it.

CloudFront-Signature

Essential

Always on

Evolve CDN / AWS CloudFront

Stores the signature CloudFront checks before it serves Evolve private content.

Up to 8 hours when minted by `/api/content-cookies`, or shorter when aligned to the current access-token lifetime.

May be stored as an HttpOnly cookie when the server mints it.

CloudfrontDomain

Essential

Always on

Evolve CDN / AWS CloudFront

Records which Evolve CDN domain the current browser should use for private content requests.

Matches the signed-cookie lifetime used for private content access.

Readable by the browser so client-side download flows can target the right CDN host.

theme

Essential

Always on

Evolve

Remembers the light or dark theme selected on this device.

Session cookie until the browser session ends or you change it.

The frontend also mirrors the current theme in local storage for immediate theme restoration.

i18next

Essential

Always on

Evolve

Stores the language choice used when the browser switches between supported locales.

Session cookie until the browser session ends or you change it.

Written by the language-switch flows in the Evolve frontend when locale changes happen on the client.

acc_lang_switch

Essential

Always on

Evolve

Signals that a language switch just occurred so Evolve can complete the locale handoff cleanly.

Short-lived session cookie that the client clears after the switch.

Used only as a transition flag during locale changes rather than as a long-term preference cookie.

Optional monitoring tools

Optional cookies only affect browser monitoring. Essential site functions stay on either way.

Datadog browser monitoring

Provider: Datadog

What changes: When you allow optional cookies, Datadog can collect browser performance, error, and interaction telemetry to help Evolve diagnose issues.
Duration: Starts only after you allow optional cookies and remains allowed until you switch this browser back to essential-only cookies.
When it loads: Evolve loads the Datadog browser SDK from the root layout only when the Datadog environment flags are enabled and your consent cookie is set to allow optional cookies.

How to grant or withdraw optional consent

Use the controls on this page or the consent banner to allow optional cookies on this browser.

Choose Use only essential cookies or Withdraw optional consent to switch optional Datadog monitoring back off.

Essential cookies remain active because Evolve needs them for sign-in, theme and language preferences, private CDN access, and storing your privacy choice.

If you withdraw optional consent after monitoring has already loaded, Evolve refreshes the current tab so the page restarts without optional monitoring.