That sounds like an answer from vCita that is avoiding the issue. In none of my websites I activated vCita (not even tried it), but in all of them the cookie is set if you access the website. If you Google for the name of the cookie you will find a lot of privacy statements from websites that found out the cookie is there as well.
I feel no need to refresh earlier vCita/privacy discussions, but it feels funny that a cookie is being set by a funtion that I don't need and really don't want.
I am looking forward to the all new 4.0 plugin. I hope you can leave the vCita code out and find another way to make some money from getting customers for vCita. It seems they have their own plugin now, so maybe there is another way...
All the best with the work on 4.0!