aboutinvestor relationsnewsroomcontact
COOKIE POLICY
Last Updated: MAY 2026

1. Introduction

2. What Are Cookies

This Cookie Policy (“Policy”) explains how ProCap Financial, Inc. and its subsidiaries, including CFO Silvia, Inc. (collectively, “ProCap,” “we,” “us,” or “our”), use cookies and similar tracking technologies when you visit or use our websites at www.procapfinancial.com, www.procapinsights.com, and www.cfosilvia.com, our web and mobile applications, and any other digital properties we operate (collectively, the “Services”).

This Policy supplements our Privacy Policy and should be read alongside it.

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function properly, improve performance, and provide information to site operators.

  • First-party cookies are set by the website you are visiting and can only be read by that site.
  • Third-party cookies are set by a domain other than the website you are visiting, typically by integration partners, analytics providers, or service providers.
  • Session cookies are temporary and deleted when you close your browser.
  • Persistent cookies remain on your device for a set period or until manually deleted.

3. Similar Technologies

In addition to cookies, we may use web beacons (pixel tags), local storage (HTML5 localStorage and sessionStorage), and JavaScript tags. We do not use browser or device fingerprinting. References to “cookies” in this Policy include these similar technologies unless otherwise specified.

4. How We Use Cookies

We organize the cookies and similar technologies we use into the categories below. The categories describe the purposes for which the technology is used; the tables identify the principal service providers who set or read these technologies and the principal cookies they use today. Cookie names and durations are determined by each service provider and may change as those providers update their products; the current, in-use list is reflected in the Cookie Preferences control accessible from the footer of each Service. References to "cookies" include the similar technologies described in Section 3. 

Provider Role Representative cookies / storage Type Approximate duration
Clerk Authentication and session management __session, __client_uat (and instance-specific variants), __clerk_db_jwt, refresh-token cookies First-party (set on a domain we operate, including clerk.cfosilvia.com) Session to 1 year
NextAuth (only when you link a Coinbase account) OAuth session, CSRF, and PKCE protection for the optional Coinbase link __Secure-next-auth.session-token, __Host-next-auth.csrf-token, __Secure-next-auth.callback-url, __Secure-next-auth.pkce.code_verifier, __Secure-next-auth.state First-party Session to 30 days
Cloudflare Bot mitigation, DDoS protection, and security-challenge confirmation for our edge __cf_bm, cf_clearance, _cfuvid (Cloudflare Turnstile, used for our authentication flow) Third-party (set on Cloudflare domains) 30 minutes to 1 year
Vercel Hosting, content delivery, and platform-level abuse detection (BotID) Short-lived signed tokens; persistent platform cookies on infrastructure-managed paths First-party Session
ProCap / Silvia Referral attribution required to honor incentives (set only when you arrive via a referral link) referrer_clerk_id First-party (HttpOnly) 7 days

4.1 Essential Cookies (Strictly Necessary)

These cookies and similar technologies are required for the Services to operate. They are used for the following specific purposes: 

  • Authentication and session management — to sign you in, keep you signed in across pages, and securely terminate your session. 
  • Security, fraud prevention, and abuse mitigation — to detect automated traffic, defeat credential-stuffing, prevent account takeover, and protect the integrity of authenticated requests. 
  • Load balancing and content delivery — to route requests across our infrastructure and serve the Services reliably. 
  • Payment-session integrity — to maintain the integrity of a payment transaction in progress. 
  • Compliance with legal and regulatory obligations — including record-keeping required of regulated financial services activities.

Strictly necessary cookies are always active and cannot be declined; declining them in your browser will prevent the Services from functioning. The principal service providers and cookies in this category are:

4.2 Performance, Analytics, and Session Replay

These cookies and similar technologies help us measure how the Services are used, diagnose errors, monitor performance, and improve product quality. 

We use session-replay technology in this category. Session replay records interactions with our Services — including pointer movements, clicks, taps, scrolling, and the structure of pages you view — so that we can reproduce errors and improve usability. We configure our session-replay tools to mask form inputs and other text by default, and we contractually prohibit our session-replay providers from using the recorded data for their own purposes (including for advertising or model training). Session replay is used only on signed-in surfaces of the Services. You may decline session replay through the Cookie Preferences control without losing access to any feature.

Provider Role Representative cookies / storage Type Approximate duration
PostHog Product analytics, feature-flagging, A/B testing, and session replay (where enabled) ph_<project_api_key>_posthog (single cookie containing distinct, device, and session identifiers); ph_<project_api_key>_window_id in sessionStorage First-party (served via our /ingest reverse proxy on cfosilvia.com; served directly from PostHog on procapinsights.com) Up to 13 months
Sentry Error monitoring, performance monitoring, and session replay for error reproduction Browser storage used by the Sentry SDK to buffer replay events; Sentry traffic is tunneled through /monitoring on our domains First-party tunnel; processed by Sentry as our service provider Session
Vercel Cookieless aggregate analytics and Core Web Vitals measurement (Vercel Analytics, Vercel Speed Insights) None (cookieless) First-party n/a
ProCap / Silvia A/B testing and marketing-attribution storage required to deliver experiments accurately and credit referrals lp_experiment_variant (24 hours), lp_source (30 days, ProCap Insights), ph_utm (30 days, ProCap Insights) First-party 24 hours to 30 days

4.3 Functional

These cookies and similar technologies remember choices you make and personalize your experience. Functional preferences include display theme, privacy/redaction mode, sidebar layout, dashboard configuration, dismissals of in-app banners, and short-lived tokens carried through third-party redirects (for example, when you link a financial account or complete a payment). 

Most functional preferences are stored in your browser's localStorage (a similar technology described in Section 3) rather than as cookies; we treat both equivalently for purposes of this Policy.

Provider Role Representative cookies / storage Type Approximate duration
ProCap / Silvia Display preferences, in-app state, dismissed prompts, and short-lived linking tokens theme, privacyMode, sidebarCollapsed, dashboard-cards-settings, chat-conversation-id, plaid_link_token (transient), and similar keys (localStorage) First-party (localStorage) Until cleared by the user
ProCap / Silvia Cookie-preference choices silvia_consent_v1 First-party 13 months, then re-prompted

4.4 Advertising and Targeting

We do not use advertising or targeting cookies. We do not display third-party advertisements on the Services, do not embed advertising pixels (including Meta, Google Ads, X, LinkedIn, TikTok, Reddit, or similar), and do not participate in cross-context behavioral advertising. We do not "sell" personal information or "share" it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended (Cal. Civ. Code §§ 1798.140(ad), (ah)), or analogous state laws. If this ever changes, we will update this Policy and obtain any required consent before such cookies are set.

4.5 Cookies Set by Third-Party Providers During Specific Features

The following providers may set cookies on their own domains when you use specific features. Each is governed by the provider's own privacy and cookie practices, linked in Section 6.

Feature Provider Domain on which cookies are set
Subscription billing and checkout Stripe stripe.com, checkout.stripe.com, billing.stripe.com
Linking a bank account Plaid plaid.com and Plaid's institution-redirect domains
Linking a brokerage account SnapTrade snaptrade.com and brokerage OAuth domains
Linking a Coinbase account Coinbase coinbase.com
Embedded video YouTube (privacy-enhanced mode) youtube-nocookie.com, youtube.com
Address autocomplete and maps Google Maps / Places maps.googleapis.com, *.google.com
Document upload UploadThing *.uploadthing.com, utfs.io
Marketing content (CMS) Sanity cdn.sanity.io, *.sanity.io
Embedded testimonials on marketing pages Testimonial.to embed-v2.testimonial.to

4.6 Cookie Lifetimes 

Session cookies expire when you close your browser. Persistent cookies typically expire within thirteen (13) months of being set or last refreshed, consistent with guidance from European data protection authorities, although a small number of strictly necessary or fraud-prevention cookies set by our service providers may persist longer where required for security purposes. The exact retention for each cookie in use is shown in the Cookie Preferences control. 

4.7 Investor Relations Website 

If you visit pages of our website intended for investors or shareholders (including any pages that host SEC filings, earnings materials, press releases, or webcasts), additional cookies may be set by our investor-relations service providers and webcast hosts solely to deliver and measure that content. These cookies are limited to the categories described above and are not used for advertising or for any purpose unrelated to your visit.

5. Cookie Consent and Your Choices

5.1 Consent Mechanism

When you first visit the Services, a cookie consent banner allows you to accept or decline non-essential cookies. Essential cookies are always active. You can modify preferences at any time through the cookie settings in the footer or your account settings.

5.2 Browser Controls

Most browsers allow you to view, delete, and block cookies through their settings. Blocking essential cookies will prevent you from using authenticated features.

5.3 Global Privacy Control

We honor Global Privacy Control (GPC) signals where required by applicable law. A valid GPC signal is treated as an opt-out of non-essential cookies and any data sharing that would constitute a “sale” or “sharing” under the CCPA/CPRA.

5.4 Do Not Track

We do not currently respond to browser-based Do Not Track (DNT) signals, as there is no uniform standard. If a standard is adopted, we will update this Policy.

6. Third-Party Cookies

Some cookies are set by third-party providers. We recommend reviewing their privacy policies:

  • Clerk (authentication): clerk.com/privacy
  • Cloudflare (security): cloudflare.com/privacypolicy
  • PostHog (analytics): posthog.com/privacy
  • Stripe (payments): stripe.com/privacy
  • Plaid (financial linking): plaid.com/legal
  • SnapTrade (financial linking): snaptrade.com/privacy-policy

We contractually require third-party providers to use cookies only for specified purposes and in compliance with applicable data protection laws.

7. Data Collected Through Cookies

Cookies may collect: IP address, browser type and version, device type, pages visited, session duration, referring URL, authentication status, user preferences, error occurrences, and performance metrics. This data is processed in accordance with our Privacy Policy.

8. Retention

Session cookies are deleted when you close your browser. Persistent cookies are retained for the duration specified in the tables above, typically up to one year. Deleting cookies does not delete information already collected and processed.

9. International Transfers

Some cookies are set by providers based outside your jurisdiction. The same safeguards described in the Privacy Policy (Section 14) apply.

10. Children

The Services are not intended for individuals under 18. We do not knowingly use cookies to collect information from anyone under 18.

11. Changes to This Policy

We may update this Policy to reflect changes in cookies, technology, or law. Material changes will be communicated through the cookie consent banner or other reasonable means. Your continued use constitutes acceptance.

12. Contact Us

ProCap Financial, Inc.

Privacy Team: privacy@procapfinancial.com

General Support: support@procapfinancial.com

aboutINVESTOR RELATIONSNEWSROOMCAREERSCONTACTINSIGHTS
privacy policyterms & conditions
New York, New York, USA
© 2025 ProCap Financial, Inc.

All rights reserved.
PRIVACY POLICY
Last Revised December 8th, 2025

ProCap may collect personal information that you voluntarily provide, such as your name, email address, and contact details. ProCap may also collect non-personal information such as browser type, IP address,and usage data.

ProCap uses your information to operate and improve the website, respond to inquiries, and communicate with you about our services. ProCap may sell or rent your personal information to third parties.

Cookies and Tracking Technologies

The website may use cookies and similar technologies to enhance your experience and collect usage data. You can adjust your browser settings to refuse cookies, but some features of the website may not function properly.

Disclosure of Information

ProCap may disclose your information if required by law, regulation, legal process, or governmental request, or in good faith belief that such action is necessary to comply with legal obligations or protect the rights, property, or safety of ProCap, our users, or others.

International Users Disclaimer

If you access the website from outside the United States, you do so at your own risk and you are responsible for compliance with local laws. Your information may be transferred to, stored, and processed in the United States or other countries.

External Links

Links to external websites are provided solely for convenience. ProCap does not control, review, or endorse the content of these third-party sites and accepts no responsibility for their content or privacy practices.

No Offering Intended

This website does not constitute an offering of securities in any jurisdiction, nor has it been reviewed or approved by any securities regulatory authority. Users should not rely on this site for making investment decisions. Official copies of investor-related disclosures are available through ProCap’s investor relations team.

Third-Party Data and Content Disclaimer

All content accessed through this website—including information from affiliates or third-party sources—is provided “as is.” No warranties or representations of any kind (whether express, implied, or statutory) are provided regarding content accuracy, timeliness, merchantability, or suitability for any purpose.

Except where prohibited by law, ProCap and its service providers are not liable for any loss, including profit or opportunity, or for any punitive, incidental, or consequential damages arising from use or access of this website.

Some jurisdictions may not allow certain warranty exclusions or damage limitations. Where such provisions are legally unenforceable, they shall be severed without affecting the remainder of this disclaimer.

Children’s Privacy

The website is not intended for children under the age of 18. ProCap does not knowingly collect personal information from children.

ProCap reserves the right to update or modify this notice at any time without advance notice.

aboutINVESTOR RELATIONSNEWSROOMCAREERSCONTACTINSIGHTS
privacy policyterms & conditions
New York, New York, USA
© 2025 ProCap Financial, Inc.

All rights reserved.