Visit EthicPagesCookie Policy
Last updated: January 15, 2026
Cookie Policy
Document owner: Chief Privacy Officer (CPO) Version: 3.0 Effective date: January 1, 2026 Last updated: January 15, 2026 Classification: Public — Trust Center Review cadence: Semi-annual, and upon changes to cookie usage or consent requirements Company: Acme Cloud, Inc. Address: 1200 Market Street, Suite 400, San Francisco, CA 94103, USA Primary contacts: trust@acmecloud.com | security@acmecloud.com | privacy@acmecloud.com
Definitions
| Term | Definition |
|---|---|
| Cookie | A small text file stored on a user's device by a web browser |
| First-Party Cookie | A cookie set by the domain the user is visiting (Acme Cloud domains) |
| Third-Party Cookie | A cookie set by a domain other than the one the user is visiting |
| Session Cookie | A cookie that expires when the browser is closed |
| Persistent Cookie | A cookie that remains on the device until it expires or is deleted |
| Strictly Necessary Cookie | A cookie essential for website functionality |
| Functional Cookie | A cookie that remembers user preferences and settings |
| Performance Cookie | A cookie that collects analytics data about website usage |
| Targeting Cookie | A cookie used for advertising and marketing purposes |
| Consent Management Platform (CMP) | Software for managing user cookie consent |
| TCF | Transparency and Consent Framework (IAB Europe standard) |
| IDFA | Identifier for Advertisers (Apple mobile devices) |
| GAID | Google Advertising ID (Android mobile devices) |
| Fingerprinting | Collecting device characteristics to identify users without cookies |
| Local Storage | Browser storage mechanism similar to cookies but with larger capacity |
| Pixel | A small image file used to track user behavior |
| SDK | Software Development Kit, libraries for mobile app analytics |
| Web Beacon | A technique using images or scripts to monitor user behavior |
Scope and Applicability
1.1 Covered Properties
This Cookie Policy applies to all digital properties owned or operated by Acme Cloud, Inc.:
| Property Type | Examples | Cookie Usage |
|---|---|---|
| Marketing websites | acmecloud.com, www.acmecloud.com | All cookie categories |
| Application platform | app.acmecloud.com | Necessary + functional |
| Developer documentation | docs.acmecloud.com | Necessary + performance |
| Blog and resources | blog.acmecloud.com, resources.acmecloud.com | All cookie categories |
| Support portal | support.acmecloud.com | Necessary + functional |
| Status page | status.acmecloud.com | Necessary only |
| Mobile applications | iOS and Android apps | SDK analytics |
1.2 Geographic Applicability
Cookie consent requirements vary by jurisdiction. Acme Cloud implements consent mechanisms to comply with applicable laws:
| Jurisdiction | Legal Basis | Consent Requirement | Opt-Out Mechanism |
|---|---|---|---|
| European Union | GDPR, ePrivacy Directive | Prior consent for non-essential | Cookie banner |
| United Kingdom | UK GDPR, PECR | Prior consent for non-essential | Cookie banner |
| California (US) | CCPA/CPRA | Notice + opt-out for sale/sharing | "Do Not Sell" link |
| Other US states | State privacy laws | Varies by state | Preference center |
| Brazil | LGPD | Prior consent for non-essential | Cookie banner |
| Canada | PIPEDA, CASL | Implied consent (analytics), express consent (marketing) | Preference center |
| Australia | Privacy Act | Notice required, consent best practice | Preference center |
1.3 Updates to This Policy
Acme Cloud reviews this Cookie Policy semi-annually and updates it when:
- New cookies or tracking technologies are implemented
- Existing cookies change purpose or duration
- Consent requirements change due to new regulations
- Third-party providers modify their tracking practices
Changes are communicated via updated policy publication and, where required, renewed consent requests.
Cookie Categories
2.1 Strictly Necessary Cookies
These cookies are essential for website functionality and cannot be disabled. They enable basic functions like page navigation, secure area access, and session management.
| Cookie Name | Provider | Purpose | Duration | Data Collected |
|---|---|---|---|---|
| session_id | Acme Cloud | Maintains user session state | Session | Session identifier |
| csrf_token | Acme Cloud | Prevents cross-site request forgery | Session | Security token |
| auth_token | Acme Cloud | Authenticates logged-in users | 30 days | Authentication token |
| device_id | Acme Cloud | Device recognition for security | 1 year | Device identifier |
| consent_status | Acme Cloud | Stores cookie consent preferences | 1 year | Consent choices |
| cf_clearance | Cloudflare | Verifies human visitors (bot protection) | 30 minutes | Challenge result |
| __cf_bm | Cloudflare | Bot management | 30 minutes | Bot detection score |
| rate_limit | Acme Cloud | Prevents abuse through rate limiting | 1 hour | Request count |
Legal basis: These cookies are exempt from consent requirements under Article 5(3) of the ePrivacy Directive as they are strictly necessary for the service explicitly requested by the user.
2.2 Functional Cookies
These cookies enable enhanced functionality and personalization. While the website can function without them, user experience may be degraded.
| Cookie Name | Provider | Purpose | Duration | Data Collected |
|---|---|---|---|---|
| locale | Acme Cloud | Remembers language preference | 1 year | Language code |
| timezone | Acme Cloud | Stores timezone preference | 1 year | Timezone identifier |
| theme | Acme Cloud | Remembers dark/light mode preference | 1 year | Theme selection |
| sidebar_state | Acme Cloud | Remembers navigation sidebar state | 1 year | Collapsed/expanded |
| dashboard_layout | Acme Cloud | Remembers dashboard configuration | 1 year | Layout preferences |
| recent_items | Acme Cloud | Stores recently accessed items | Session | Item identifiers |
| tour_completed | Acme Cloud | Tracks onboarding tour completion | 1 year | Completion status |
| notification_prefs | Acme Cloud | Stores notification preferences | 1 year | Preference settings |
| cookie_banner_dismissed | Acme Cloud | Tracks if banner was dismissed | 1 year | Dismissal status |
| feature_announcements | Acme Cloud | Tracks viewed feature announcements | 90 days | Announcement IDs |
Legal basis: Consent required in GDPR jurisdictions. In non-consent jurisdictions, legitimate interest for improved user experience.
2.3 Performance Cookies
These cookies collect information about how visitors use the website, including which pages are visited most often and any error messages received. Data is aggregated and anonymous.
| Cookie Name | Provider | Purpose | Duration | Data Collected |
|---|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users | 2 years | User identifier |
| ga[ID] | Google Analytics | Maintains session state | 2 years | Session data |
| _gid | Google Analytics | Distinguishes users | 24 hours | User identifier |
| _gat | Google Analytics | Throttles request rate | 1 minute | N/A |
| _gcl_au | Google Ads | Conversion tracking | 90 days | Conversion data |
| mp_[token] | Mixpanel | Product analytics | 1 year | Event data |
| ajs_anonymous_id | Segment | Anonymous user tracking | 1 year | Anonymous ID |
| ajs_user_id | Segment | Identified user tracking | 1 year | User ID (if logged in) |
| ph_[key] | PostHog | Product analytics | 1 year | Event data |
| intercom-session | Intercom | Session tracking for support | 1 week | Session data |
| intercom-device-id | Intercom | Device identification | 9 months | Device ID |
| FullStory_uid | FullStory | Session replay | 90 days | User identifier |
| fs_uid | FullStory | Session replay | 1 year | User identifier |
| datadog_rum | Datadog | Real user monitoring | Session | Performance data |
Legal basis: Consent required. Users can decline these cookies without affecting core functionality.
2.4 Targeting and Advertising Cookies
These cookies track browsing activity to deliver relevant advertisements and measure advertising campaign effectiveness.
| Cookie Name | Provider | Purpose | Duration | Data Collected |
|---|---|---|---|---|
| _fbp | Meta (Facebook) | Facebook advertising | 90 days | Browser ID |
| _fbc | Meta (Facebook) | Click attribution | 90 days | Click ID |
| fr | Meta (Facebook) | Advertising delivery | 90 days | User data |
| li_fat_id | LinkedIn advertising | 30 days | First-party ID | |
| lidc | Data center selection | 24 hours | Routing data | |
| bcookie | Browser identification | 1 year | Browser ID | |
| bscookie | Secure browser cookie | 1 year | Browser ID | |
| IDE | Google DoubleClick | Ad serving | 13 months | Conversion data |
| NID | Preferences and ads | 6 months | Preferences | |
| _gcl_aw | Google Ads | Conversion tracking | 90 days | Conversion data |
| hubspotutk | HubSpot | Visitor tracking | 13 months | User token |
| __hssc | HubSpot | Session tracking | 30 minutes | Session data |
| __hssrc | HubSpot | Session reset | Session | Session status |
| __hstc | HubSpot | Visitor tracking | 13 months | Tracking data |
| _uetsid | Microsoft Bing | Session tracking | Session | Session ID |
| _uetvid | Microsoft Bing | Visitor tracking | 13 months | Visitor ID |
Legal basis: Explicit consent required in all jurisdictions. Users must actively opt in to targeting cookies.
Similar Technologies
3.1 Local Storage and Session Storage
In addition to cookies, Acme Cloud uses browser storage APIs:
| Storage Type | Purpose | Data Stored | Persistence | Consent Required |
|---|---|---|---|---|
| localStorage | Application state | User preferences, cached data | Until cleared | Same as cookie category |
| sessionStorage | Session state | Temporary application data | Until tab closed | Not typically required |
| IndexedDB | Offline functionality | Cached documents, offline data | Until cleared | Same as cookie category |
Local storage items used by Acme Cloud:
| Key | Purpose | Category |
|---|---|---|
| app_state | Application state persistence | Functional |
| cached_data | Performance optimization | Performance |
| user_preferences | User settings | Functional |
| draft_content | Autosaved drafts | Strictly necessary |
| analytics_queue | Queued analytics events | Performance |
3.2 Web Beacons and Pixels
Acme Cloud uses web beacons (tracking pixels) for:
| Beacon Type | Provider | Purpose | Trigger | Consent Required |
|---|---|---|---|---|
| Email open tracking | HubSpot | Measure email engagement | Email open | Implied with email |
| Conversion pixel | Meta | Track sign-up conversions | Registration | Yes (targeting) |
| Conversion pixel | Track demo request conversions | Form submission | Yes (targeting) | |
| Conversion pixel | Google Ads | Track trial start conversions | Trial activation | Yes (targeting) |
| Page view beacon | Google Analytics | Track page views | Page load | Yes (performance) |
3.3 Mobile SDKs and Device Identifiers
Acme Cloud mobile applications use:
| SDK/Technology | Platform | Purpose | Data Collected | Consent Required |
|---|---|---|---|---|
| Firebase Analytics | iOS, Android | App analytics | Usage events, crashes | Yes |
| Crashlytics | iOS, Android | Crash reporting | Crash data, device info | Legitimate interest |
| Segment | iOS, Android | Analytics routing | Configurable events | Yes |
| Intercom | iOS, Android | In-app support | User ID, conversation data | Legitimate interest |
| IDFA | iOS | Advertising attribution | Advertising identifier | Yes (ATT prompt) |
| GAID | Android | Advertising attribution | Advertising identifier | Yes |
Consent Management
4.1 Consent Mechanisms
Acme Cloud implements consent management through:
| Mechanism | Description | Jurisdictions |
|---|---|---|
| Cookie consent banner | Prominent banner on first visit | EU, UK, Brazil |
| Granular consent controls | Category-level opt-in/opt-out | EU, UK, Brazil |
| Preference center | Detailed cookie management page | All jurisdictions |
| "Do Not Sell" link | CCPA-required opt-out | California |
| Global Privacy Control | Browser signal respect | California, Colorado |
| ATT prompt | iOS advertising tracking authorization | iOS devices |
4.2 Consent Banner Implementation
The cookie consent banner implements the following workflow:
Step 1: Initial Display 1.1. Banner displays on first visit to any Acme Cloud property 1.2. No non-essential cookies are set before consent 1.3. User presented with clear consent options
Step 2: User Choice 2.1. "Accept All" enables all cookie categories 2.2. "Reject All" (or "Necessary Only") blocks non-essential cookies 2.3. "Customize" opens granular preference center
Step 3: Consent Recording 3.1. Consent choice stored in first-party cookie 3.2. Timestamp and version recorded 3.3. Consent signal shared with third-party providers via CMP integration
Step 4: Consent Enforcement 4.1. JavaScript tag manager respects consent state 4.2. Non-consented tags blocked from firing 4.3. Consent state checked on each page load
4.3 Consent Withdrawal
Users can withdraw consent at any time through:
| Method | Access | Effect |
|---|---|---|
| Cookie settings link | Website footer | Opens preference center |
| Preference center | Settings page | Granular cookie control |
| Browser settings | Browser controls | Clear cookies, block third-party |
| "Do Not Sell" link | Website footer (California) | Opt-out of sale/sharing |
| Email request | privacy@acmecloud.com | Manual processing |
Upon consent withdrawal:
- Non-essential cookies are immediately blocked
- Existing cookies are not automatically deleted (user must clear browser)
- Consent preference is updated in consent management system
- Third-party providers receive updated consent signal
4.4 Consent Records
Acme Cloud maintains consent records as required by GDPR Article 7:
| Record Element | Data Stored | Retention |
|---|---|---|
| Consent timestamp | Date and time of consent | 3 years |
| Consent version | Policy version at time of consent | 3 years |
| Categories consented | Selected cookie categories | Until withdrawal |
| User identifier | Anonymized session/device ID | 3 years |
| Method of consent | Banner, preference center, etc. | 3 years |
| Withdrawal timestamp | Date and time of withdrawal (if applicable) | 3 years |
Managing Your Cookie Preferences
5.1 Acme Cloud Preference Center
The Acme Cloud cookie preference center allows granular control:
| Feature | Functionality |
|---|---|
| Category toggles | Enable/disable each cookie category |
| Cookie list | View all cookies in each category |
| Purpose descriptions | Understand why each category is used |
| Third-party links | Access third-party privacy policies |
| Save preferences | Store choices across sessions |
| Reset defaults | Return to default consent state |
Access the preference center at: acmecloud.com/cookie-preferences
5.2 Browser Controls
Most browsers provide cookie management capabilities:
| Browser | Cookie Settings Location | DNT Support | GPC Support |
|---|---|---|---|
| Chrome | Settings > Privacy and Security > Cookies | Yes (deprecated) | Via extension |
| Firefox | Settings > Privacy & Security > Cookies | Yes | Yes (default) |
| Safari | Preferences > Privacy | N/A | Via extension |
| Edge | Settings > Cookies and Site Permissions | Yes | Yes |
| Brave | Settings > Shields | N/A | Yes (default) |
Browser cookie controls:
| Control | Effect |
|---|---|
| Block all cookies | May break website functionality |
| Block third-party cookies | Blocks advertising cookies; functional/analytics may work |
| Clear cookies on exit | Removes all cookies when browser closes |
| Delete specific cookies | Remove individual cookies manually |
| Private/Incognito mode | Session cookies only; cleared on exit |
5.3 Industry Opt-Out Programs
Users can opt out of targeted advertising through industry programs:
| Program | Coverage | Opt-Out URL |
|---|---|---|
| Digital Advertising Alliance | US advertisers | optout.aboutads.info |
| Network Advertising Initiative | US ad networks | optout.networkadvertising.org |
| European Digital Advertising Alliance | EU advertisers | youronlinechoices.eu |
| AdChoices | Cross-industry | youradchoices.com |
5.4 Mobile Device Settings
Mobile users can manage tracking through device settings:
| Platform | Setting | Location |
|---|---|---|
| iOS 14+ | App Tracking Transparency | Settings > Privacy > Tracking |
| iOS | Limit Ad Tracking | Settings > Privacy > Advertising |
| Android | Opt out of personalization | Settings > Google > Ads |
| Android | Reset advertising ID | Settings > Google > Ads |
Data Processing and Transfer
6.1 Data Collected Through Cookies
| Data Type | Examples | Purpose | Retention |
|---|---|---|---|
| Device information | Browser type, OS, screen size | Analytics, compatibility | 2 years |
| IP address | Full or truncated IP | Geolocation, security | 30 days (full), 2 years (truncated) |
| Page visits | URLs visited, time on page | Analytics | 2 years |
| Referrer | Source of visit | Marketing attribution | 90 days |
| Interactions | Clicks, scrolls, form submissions | UX optimization | 2 years |
| Conversion events | Sign-up, purchase, demo request | Marketing ROI | 2 years |
6.2 Third-Party Data Processing
Third-party cookie providers process data according to their privacy policies:
| Provider | Privacy Policy | Purpose | Data Shared |
|---|---|---|---|
| policies.google.com/privacy | Analytics, advertising | Usage data, device info | |
| Meta | facebook.com/privacy | Advertising | Conversion events |
| linkedin.com/legal/privacy-policy | Advertising | Conversion events | |
| HubSpot | hubspot.com/legal/privacy-policy | Marketing automation | Contact data, behavior |
| Intercom | intercom.com/legal/privacy | Customer support | User data, conversations |
| Segment | segment.com/legal/privacy | Data routing | Configurable |
| PostHog | posthog.com/privacy | Product analytics | Usage events |
| FullStory | fullstory.com/legal/privacy-policy | Session replay | Session recordings |
6.3 International Data Transfers
Cookie data may be transferred internationally:
| Transfer Route | Mechanism | Safeguards |
|---|---|---|
| EU to US (Google) | EU-US Data Privacy Framework | DPF certification |
| EU to US (Meta) | SCCs + supplementary measures | Additional technical measures |
| EU to US (HubSpot) | EU-US Data Privacy Framework | DPF certification |
| EU to US (Segment) | SCCs | Contractual protections |
| UK transfers | UK adequacy + IDTA | Appropriate safeguards |
Cookie Compliance by Website Section
7.1 Marketing Website (acmecloud.com)
| Cookie Category | Cookies Active | Consent Required |
|---|---|---|
| Strictly Necessary | session_id, csrf_token, consent_status | No |
| Functional | locale, theme | Yes (EU/UK) |
| Performance | Google Analytics, Mixpanel, FullStory | Yes |
| Targeting | Meta Pixel, LinkedIn, HubSpot | Yes |
7.2 Application Platform (app.acmecloud.com)
| Cookie Category | Cookies Active | Consent Required |
|---|---|---|
| Strictly Necessary | auth_token, session_id, csrf_token | No |
| Functional | locale, timezone, dashboard_layout | Implied (logged in) |
| Performance | Product analytics (PostHog) | Yes |
| Targeting | None | N/A |
7.3 Documentation (docs.acmecloud.com)
| Cookie Category | Cookies Active | Consent Required |
|---|---|---|
| Strictly Necessary | session_id | No |
| Functional | locale | Yes (EU/UK) |
| Performance | Google Analytics | Yes |
| Targeting | None | N/A |
Cookie Security
8.1 Cookie Security Attributes
Acme Cloud implements security best practices for cookies:
| Attribute | Implementation | Purpose |
|---|---|---|
| Secure | All cookies on HTTPS | Prevent transmission over insecure connections |
| HttpOnly | Authentication cookies | Prevent JavaScript access (XSS protection) |
| SameSite=Strict | Authentication cookies | Prevent CSRF attacks |
| SameSite=Lax | Functional cookies | Balance security and usability |
| SameSite=None | Third-party cookies (with Secure) | Cross-site functionality |
| Path | Scoped to relevant paths | Limit cookie exposure |
| Domain | Explicit domain setting | Prevent subdomain access where not needed |
8.2 Cookie Encryption
| Cookie Type | Encryption | Key Management |
|---|---|---|
| Authentication tokens | AES-256 encryption | Rotating server keys |
| Session identifiers | Cryptographically random | Generated per session |
| Consent preferences | Plaintext (non-sensitive) | N/A |
| Third-party cookies | Per provider | Provider-managed |
Framework Mapping Appendix
GDPR and ePrivacy Compliance
| Requirement | Article/Section | Acme Cloud Implementation | Evidence |
|---|---|---|---|
| Consent for non-essential | ePrivacy Art. 5(3) | Cookie consent banner | CMP records |
| Clear information | GDPR Art. 13 | Cookie policy, banner text | Published policy |
| Consent records | GDPR Art. 7(1) | Consent timestamp, version | CMP database |
| Withdrawal mechanism | GDPR Art. 7(3) | Preference center | Settings link |
| Lawful basis | GDPR Art. 6 | Consent, legitimate interest | Documentation |
| Purpose limitation | GDPR Art. 5(1)(b) | Category-based consent | Cookie inventory |
| Data minimization | GDPR Art. 5(1)(c) | Necessary data only | Regular audits |
CCPA/CPRA Compliance
| Requirement | Section | Acme Cloud Implementation | Evidence |
|---|---|---|---|
| Notice at collection | 1798.100 | Cookie policy, banner | Published policy |
| "Do Not Sell/Share" | 1798.120 | Footer link, preference center | Website implementation |
| Service provider contracts | 1798.140(ag) | Vendor agreements | Contracts |
| Consumer requests | 1798.105-106 | Privacy request form | Request records |
| Sensitive personal info | 1798.121 | Consent for sensitive data | Consent records |
IAB TCF 2.0 Compliance
| TCF Requirement | Implementation | Verification |
|---|---|---|
| CMP registration | Registered CMP ID | IAB CMP list |
| TC String | Generated and stored | CMP functionality |
| Vendor consent | Per-vendor consent captured | TC String parsing |
| Purpose consent | Purpose-level consent | TC String parsing |
| Publisher restrictions | Configured restrictions | CMP configuration |
| Global scope | Applied to EU/UK visitors | Geolocation detection |
Related Trust Center documents
privacy policy, terms of service, data retention, security overview, acceptable use
Document revision history
| Version | Date | Author | Summary of changes |
|---|---|---|---|
| 1.0 | 2024-06-01 | Legal & Compliance | Initial Trust Center publication |
| 2.0 | 2025-03-15 | GRC Program | SOC 2 Type II alignment refresh; expanded subprocessors |
| 2.5 | 2025-09-01 | Security Engineering | Encryption standards update; ISO 27001 mapping |
| 3.0 | 2026-01-15 | Trust Center Program | Full procurement-grade expansion; 34-document set |
Contact
Acme Cloud, Inc. 1200 Market Street, Suite 400 San Francisco, CA 94103, USA
| Channel | Use case | |
|---|---|---|
| Trust & procurement | trust@acmecloud.com | Security questionnaires, trust reviews |
| Security | security@acmecloud.com | Incidents, vulnerabilities, control questions |
| Privacy | privacy@acmecloud.com | DSRs, privacy assessments |
| Legal | legal@acmecloud.com | Contractual, DPA, legal notices |