Introduction and who this is for
When the law in your country speaks about “cookies,” it usually also means any technology that can write to your device or read an identifier, including HTML local storage, session storage, and certain scripts in iframes. This Cookie Policy is directed to visitors and customers of the Site, whether they browse on a phone, tablet, or desktop, and whether they are individuals or, in a limited set of B2B edge cases, professionals signing up on work hardware subject to a separate company policy. If you are an employee of an enterprise that contracts with us, your employer’s IT rules may add further restrictions; this Policy only covers our own Site’s behavior.
What cookies and similar technologies are
HTTP cookies are small text strings your browser returns to a server on later requests, allowing state to be kept across a sequence of page views. Local storage and session storage are larger boxes inside your browser that scripts can use if you have not blocked them. Pixels are tiny, often-invisible image requests that can confirm a page was viewed and, when placed by third parties, can attach to cross-site identity graphs unless you or your environment blocks them. We describe each class we actually deploy or might deploy, so the list is not a promise of active tags at this exact moment in every jurisdiction; when we add a material new tag, we will update this text or the in-product experience before scaling broad use, consistent with the review date shown in the hero.
The categories of processing in plain language
We group technologies into: strictly necessary to deliver a service you asked for, such as a shopping cart, a signed-in state, a security token, the memory of the language you selected, and the log of the cookie choice itself so we do not ask you the same question on every subpage; and non-essential items such as analytics that help us know which content is read and in what order, and marketing tools that can attribute visits to a campaign, measure a conversion, or, when used responsibly, help us not show you a promotion that already reached you too many times. The banner on the Site lets you take “all,” “none” beyond necessary, or a custom selection when we have exposed custom toggles.
Strictly necessary items and why consent is not required for them in many regions
Under the European Electronic Communications Code’s usual reading, and similar analyses elsewhere, storage that is strictly needed to perform a service explicitly requested by the user can proceed without a separate “cookie consent” in the same way that delivering the HTML itself is not optional. In practice, that can include load-balancing and bot-detection techniques that are proportionate, temporary security cookies after a form submission, a flag that a maintenance window is active, the identifier that proves you are not a robot in a way that is privacy-preserving, and a record in local storage of whether you have closed the initial legal banner so the Site does not flash it again on the next page during the same session. We keep these to the minimum and review them in security reviews. If a particular script drifts from “necessary” into “convenient for analytics” territory, we reclassify it to the non-essential bucket in our internal inventory.
Analytics, marketing, and the consent gate
When you enable analytics through the Site’s controls, we or our vendors may set identifiers that can correlate pages within our domain, and sometimes, depending on the product, provide aggregated demographic bands that do not identify you by name. When you enable marketing, a partner might read a cookie that links an ad click to a visit (for example, tags associated with Google Ads conversion or remarketing, where we use them), subject to the partner’s own policies, your consent where required, and the advertising platform’s rules—including healthcare- and content-sensitive ad policies in the United States. You can turn these categories off, and the Site’s JavaScript will avoid firing the relevant tags when your stored preference says so. A tiny delay may still occur while the preference propagates; clearing storage or using another browser can reset the choice.
First party, third party, and the modern web platform
First party means the same registrable domain you see in the address bar, such as a cookie scoped to chalvornkhunryon.ddd. Third party means another hostname sets or reads, such as a static asset server or a plug-in, even when we chose that vendor. Some browsers are phasing in partitions that reduce cross-site leakage, which may change the practical reach of a third-party tool even when this Policy’s legal description of “third party” still applies. We will align our vendor instructions with the browser landscape as it evolves, including Privacy Sandbox or successor initiatives where they become binding on sites like ours.
Durations, rotation, and session versus persistent storage
Session cookies expire when you close the browser, subject to the browser’s “restore session” or mobile multitasking behavior, which in edge cases can feel like persistence. Persistent cookies and storage entries carry a Max-Age or equivalent that may range from a few days to, in rare product configurations, a year. Our analytics retention inside vendor dashboards, where we can configure it, is set to a window that is enough for year-on-year content planning but not indefinitely. Local copies of a consent string may be overwritten each time you change your mind, which effectively refreshes the clock on that record. Backups and logs at infrastructure providers are governed by the Privacy Policy and may persist longer in rare disaster-recovery media.
How to exercise granular control in practice
Use the in-Site Cookie settings control when available, because it is wired to the same legal categories we document here. In parallel, you can: open your browser’s privacy or site settings to block or delete per-site; install reputable extensions that label trackers; and on mobile operating systems, use the limited ad tracking and app-tracking transparency tools where they also affect web views launched inside apps. If you block everything including necessary items, parts of the Site that rely on a minimal session to prevent abuse may not function, and the contact form could reject submissions in environments that we cannot verify.
Global Privacy Control, “Do Not Track,” and future signals
Some browsers emit Global Privacy Control or legacy Do Not Track headers. The legal effect varies by state and is evolving. Where a jurisdiction treats a GPC signal as a valid opt-out of sale or sharing, we or our consent management layer will work to respect it in product once we can verify the signal in a way that is technically reliable, even if the Site also asks for a manual confirmation for non-essential tags that predate the signal’s arrival in your user agent string. The hero date on this page is generated dynamically in your browser so you always know which build of the text you are reading; we still recommend checking for “material change” callouts in email if you have an account with us in the future.
When we change this Policy and who to message
We can revise this Cookie Policy when the tools we use, the law, or our architecture change. The effective date shown in the hero updates each time the page is loaded, reflecting the “as of” moment; substantive edits to meaning will also be described in a short summary where we are able to reach you, such as a notice in the cookie banner the next time you visit after a major upgrade. If you have questions, write to the contact in the Privacy Policy’s controller section with “Cookie” in the subject so we can route your message to the right internal owner.