Cookie Notice

Effective Date: January 2, 2026 | Last Updated: January 2, 2026

Summary: We use cookies and similar technologies to improve your experience, analyze platform usage, and support security. This notice explains what cookies are, what we use, and how you can control them.

1. What Are Cookies?

Cookies are small text files stored on your device (computer, phone, tablet) by websites you visit. They allow websites to:

  • Remember your preferences and login information
  • Understand how you use the site
  • Deliver personalized experiences
  • Detect and prevent fraud

Other similar technologies include web beacons, pixels, and local storage objects. Throughout this notice, "cookies" refers to all such technologies.

2. Types of Cookies We Use

2.1 Essential / Strictly Necessary Cookies

Purpose: Enable core Platform functionality, security, and user authentication.

  • Session cookies: Maintain your login state and authentication
  • Security cookies: Protect against CSRF attacks and fraud detection
  • Preference cookies: Remember your theme choice (light/dark mode)
  • Load balancing: Route requests to appropriate servers

Consent Required: No (these are necessary for the Platform to function).

Duration: Session or 12 months.

2.2 Analytics & Performance Cookies

Purpose: Understand how users interact with our Platform; identify performance issues and usage patterns.

  • Google Analytics: Page views, user flow, device type, browser, referrer source
  • Performance monitoring: Page load times, error rates, API response times
  • Heatmaps (optional): User interaction patterns, click zones, scroll depth

Consent Required: Yes, in EU, UK, and other jurisdictions with cookie consent laws.

Duration: 6 months to 2 years.

Data Retention: Anonymized data is retained for up to 26 months for historical analysis.

2.3 Marketing & Engagement Cookies

Purpose: Track marketing campaign performance and deliver relevant content.

  • UTM parameters: Track campaign source, medium, and content (stored in cookies/URL)
  • Email tracking: Open rates and click-through rates for marketing emails (pixel-based)
  • Retargeting: Show relevant ads on third-party sites based on your visit to us (via Google Ads, LinkedIn, etc.)
  • Conversion tracking: Track leads, form submissions, and service inquiries

Consent Required: Yes (always).

Duration: 3 to 12 months.

2.4 Third-Party Cookies

Third-party sites and services embedded on our Platform may set their own cookies:

  • Google Analytics: Tracks usage across websites
  • LinkedIn (if embedded): Professional network tracking
  • YouTube (if embedded): Video playback and analytics
  • Payment processors: Fraud detection and transaction processing

We do not control third-party cookies. See their privacy policies for details.

3. Cookie Categories by Legal Standard

Cookie categories, their purposes, consent requirements, and examples
Category Purpose Consent Required Examples
Strictly Necessary Authentication, security, core function No Session tokens, CSRF tokens
Functional Remember preferences, enhance experience No (optional consent) Theme preference, language, accessibility
Performance / Analytics Understand usage and improve Platform Yes (EU/UK/other jurisdictions) Google Analytics, page analytics
Marketing / Targeting Deliver personalized ads and campaigns Yes (always) Retargeting, UTM parameters, email tracking

4. How We Obtain Consent

When you first visit our Platform:

  • Cookie banner: We display a cookie consent notice with options to accept, reject, or customize preferences
  • Granular control: You can accept/reject each category (except strictly necessary, which is always active)
  • Preference center: You can modify your choices at any time via settings or our Cookie Preferences page
  • Explicit consent: For marketing emails, we obtain opt-in consent before adding you to our mailing list

5. Data Shared with Third Parties

We share limited data with:

  • Google Analytics: Anonymized page views, user behavior, device info (under Data Processing Agreement)
  • Marketing platforms: Email address, engagement data (for marketing list management)
  • Advertising networks: Hashed email or cookie ID for retargeting (not your name or contact info)
  • Hosting & CDN providers: Log data for security and performance

All third parties are contractually obligated to use data only for our benefit and maintain confidentiality.

6. Your Privacy Rights & Choices

6.1 Cookie Management

You can control cookies in multiple ways:

  • Browser settings: Most browsers allow you to block, limit, or delete cookies. See your browser's help documentation.
  • Cookie consent banner: Adjust preferences on our website
  • Opt-out tools: Use NAI Opt-Out or AdChoices to opt out of behavioral advertising
  • Do Not Track (DNT): If your browser supports DNT, we honor opt-out signals

6.2 Email Preferences

You can opt out of marketing emails by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Emailing us at privacy@exchangeguardians.com with "Unsubscribe" in the subject
  • Adjusting preferences in your account settings

6.3 Data Subject Rights (GDPR, CCPA, etc.)

You have the right to:

  • Access: Request what data we hold on you
  • Correction: Ask us to update or correct inaccurate data
  • Deletion: Request we delete your data (except where legally retained)
  • Portability: Receive your data in a portable format
  • Opt-out: Object to specific processing (e.g., marketing, analytics)

See our Privacy Policy for details on exercising these rights.

7. California Consumer Rights (CCPA)

If you are a California resident:

  • You have the right to know what data we collect via cookies
  • You can opt out of the "sale" or "sharing" of your data (we do not sell cookies; limited sharing for analytics/marketing)
  • You can disable targeted advertising by using our preference controls
  • You have the right to delete cookie data we hold

To exercise CCPA rights, email privacy@exchangeguardians.com.

8. International Considerations

8.1 EU & UK (GDPR / PECR)

Under GDPR and the Privacy and Electronic Communications Regulations (PECR):

  • We obtain explicit prior consent for non-essential cookies before they are set
  • We provide granular cookie control with opt-in (not opt-out) for marketing and analytics
  • We respect DNT signals and browser preferences

8.2 Other Jurisdictions

We comply with privacy laws in other regions (Australia, Canada, Singapore, etc.) including cookie disclosure and user choice requirements.

9. Cookie Retention & Deletion

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Retained for the duration specified (typically 6 months to 2 years)
  • Your deletion: You can delete cookies via browser settings or request we delete stored data
  • Our deletion: We automatically delete analytics and marketing cookies after retention periods expire

10. Changes to This Cookie Notice

We may update this notice periodically to reflect new technologies, legal requirements, or service changes. We will post updates with an updated "Last Updated" date. Continued use of our Platform after material changes constitutes acceptance.

11. Contact Us

For cookie or privacy questions:

12. Cookie List (Transparent Disclosure)

Complete list of cookies used on the site including name, type, purpose, and duration
Cookie Name Type Purpose Duration
xo-theme Functional Remember user's light/dark mode preference 1 year
xo-cookie-consent Strictly Necessary Record cookie consent choice 1 year
_ga Analytics Google Analytics: user identification 2 years
_gid Analytics Google Analytics: session identification 24 hours
_gat Analytics Google Analytics: request throttling 1 minute
utm_source, utm_medium, utm_campaign Marketing Track marketing campaign attribution Session or 6 months
__stripe_sid, __stripe_mid Strictly Necessary Payment processing (if applicable) 1 year

Version: 1.0 | Effective: January 2, 2026

This Cookie Notice is part of our overall Privacy Policy and Terms of Service. For questions, contact our Privacy Team.