Version 1.0 | Effective 21 Nov 2024 | Last Reviewed 11 Apr 2025 | Prepared by Privacy & Compliance Office, AtomLeap.ai
1. Purpose of This Policy
This document explains how AtomLeap.ai uses cookies and similar tracking technologies. The policy aims to inform users about what cookies are, what types we use, how they are used, and how users can control their preferences.
2. What Are Cookies?
Cookies are small text files that websites place on your device to store information about you or your device. The policy distinguishes between session cookies (deleted when closing browser), persistent cookies (remain for a set period), first-party cookies (from the visited website), and third-party cookies (from external services). Related technologies include web beacons, pixel tags, and local storage.
3. Types of Cookies We Use
| Type | Description |
|---|---|
| Strictly Necessary | Required for essential functions like page navigation, login, and security |
| Performance | Collect anonymous data on user website interactions |
| Functional | Enable personalized features such as remembering settings or preferences |
| Targeting/Advertising | Deliver ads relevant to users and limit repetitive ad exposure |
| Social Media | Enable content sharing via platforms like Twitter or Facebook |
| Third-Party Cookies | Set by external platforms for analytics, advertising, or integrations |
4. Specific Cookies Deployed
| Cookie Name | Purpose | Provider | Expiry | Type |
|---|---|---|---|---|
| _ga | Google Analytics tracking | 2 years | Performance | |
| _gid | Session analytics | 24 hours | Performance | |
| cookie_consent | User consent storage | AtomLeap.ai | 1 year | Necessary |
| lang_pref | Language preference | AtomLeap.ai | 1 year | Functional |
| _fbp | Facebook retargeting | 3 months | Advertising | |
| _hjSessionUser | Heatmap and user feedback tool | Hotjar | 365 days | Analytics |
| li_fat_id | LinkedIn conversion tracking | 1 month | Advertising |
5. How We Use Cookies
Cookies help organizations:
- Maintain secure sessions and authentication mechanisms
- Analyze usage trends and identify most visited content
- Track promotional campaign effectiveness
- Remember language preferences and UI settings
- Deliver location-specific content and offers
- Offer support tools like chat or help widgets
6. Cookie Lifecycle and Retention
Cookies have defined lifespans ranging from session-only to several months or years. Retention schedules are defined per use-case and governed by our Data Retention Policy. Periodic audits remove obsolete or redundant cookies.
7. Legal Basis for Processing Cookies
Usage complies with:
- GDPR Article 6: Lawful basis for processing
- ePrivacy Directive: Explicit consent for non-essential cookies
- PECR (UK): Alignment with communications regulations
Essential cookies operate under "legitimate interest," while others require consent.
8. Consent Management
The organization uses a GDPR-compliant Cookie Consent Management Platform (CMP) that requests clear opt-in on first visit, differentiates between cookie categories, saves consent choices for 12 months, and allows consent withdrawal.
9. Third-Party Integrations and Cookies
Third-party services that may place cookies include YouTube/Vimeo, Twitter/X, Calendly, Stripe, and Intercom/LiveChat. The organization performs vendor privacy due diligence and maintains signed Data Processing Agreements (DPAs) where necessary.
10. Your Rights Regarding Cookies
Users possess:
- Right to Information: Know what cookies are used and why
- Right to Consent/Refuse: Choose which cookies to allow
- Right to Withdraw Consent: Change or revoke choices anytime
- Right to Erasure: Clear cookies manually from browser
11. How to Manage or Delete Cookies
Via Browser Settings
- Chrome: Settings → Privacy → Site Settings → Cookies
- Firefox: Preferences → Privacy & Security → Cookies
- Safari: Preferences → Privacy
- Edge: Settings → Site Permissions → Cookies
Via Device Settings
Some mobile devices allow app-level cookie settings.
Via Opt-Out Tools
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative: https://optout.networkadvertising.org/
12. Cookie Banners and Pop-ups
The organization displays banners that describe cookie types, offer opt-in/out functionality per category, provide access to full policy, and reflect choices dynamically. The policy states that failure to act (i.e., continued browsing) is not considered consent under GDPR.
13. Children’s Privacy and Cookies
The organization does not knowingly set cookies on devices of children under 16 without verified parental consent. Systems automatically disable non-essential cookies for potential underage accounts.
14. Policy Review, Changes & Notification
Annual reviews occur, or upon material changes in technology providers, cookie types, or legal obligations. Users receive notifications through persistent banners, platform notifications, emails, and updated date stamps.
15. Contact and Escalation
Data Protection Officer
Email: privacy@atomleap.ai
The organization aims to respond within 10 business days, with escalation options to local data protection authorities for unresolved concerns.
16. Appendix – Glossary of Terms
- CMP (Cookie Management Platform): Platform for obtaining GDPR-compliant user consent
- Pixel Tag: Small transparent image tracking user interactions
- Session Cookie: Erased when user closes browser
- Persistent Cookie: Remains for a set period or until manually deleted
- DPA (Data Processing Agreement): Contract outlining privacy obligations between controller and processor
- ePrivacy Directive: European legislation regulating privacy and electronic communications
- Behavioral Advertising: Marketing based on browsing behavior over time
- Retargeting: Serving targeted ads to previous website visitors
- First-party Cookies: Set by the visited website
- Third-party Cookies: Placed by external domains
- Web Beacon: Small graphic monitoring user behavior
- Local Storage: Browser-based persistent data storage
- Consent Banner: Notification interface gathering cookie permissions
- Cookie Duration: Length of time a cookie remains active
- Opt-out Mechanism: Method allowing users to withdraw consent
- IAB TCF (Transparency and Consent Framework): Industry standard for digital advertising consent
- Functional Cookies: Enable enhanced features and personalization
- Analytics Cookies: Help understand visitor interactions
- Advertising Cookies: Deliver relevant ads and track campaign performance
- Data Subject: Individual whose personal data is being collected or processed
17. Appendix B – Cookie Audit Template
| Cookie Name | Provider | Category | Purpose Description | Consent Required | Retention Period | Reviewed By | Last Reviewed |
|---|---|---|---|---|---|---|---|
| _ga | Analytics | Tracks visitor behavior anonymously | Yes | 2 years | Compliance Team | 2025-07-01 | |
| cookie_consent | AtomLeap.ai | Strictly Necessary | Stores user’s cookie preference | No | 1 year | IT Dept | 2025-07-01 |
| _fbp | Advertising | Delivers personalized ads on Facebook | Yes | 3 months | Marketing Team | 2025-07-01 | |
| _hjSessionUser | Hotjar | Analytics | Heatmap and user session feedback tool | Yes | 365 days | UX Team | 2025-07-01 |
| li_fat_id | Advertising | Conversion tracking and ad targeting | Yes | 1 month | Marketing Team | 2025-07-01 | |
| lang_pref | AtomLeap.ai | Functional | Stores preferred language for interface | No | 1 year | Dev Team | 2025-07-01 |
Instructions for Internal Use:
- Conduct audits quarterly
- Validate cookies using browser developer tools and CMP logs
- Remove unused or legacy cookies
- Update retention periods and consent types if vendors change policies