Third-Party Cookies Policy
1. Introduction & Scope
This policy is part of CyberVault's comprehensive Privacy Framework (Section 5). It specifically addresses how we use third-party cookies and similar tracking technologies across our web properties, client portals, and application interfaces. As a cybersecurity provider, we are acutely aware of data privacy regulations including GDPR, CCPA/CPRA, and ePrivacy directives.
Key Takeaway: CyberVault does not sell personal data. Third-party cookies are used strictly for essential security monitoring, anonymized analytics, and service optimization. You maintain full control over your preferences.
2. What Are Third-Party Cookies?
First-party cookies are set by the domain you are visiting. Third-party cookies are set by domains other than the one you are visiting, typically through embedded content, scripts, or analytics services. These cookies can track user activity across different websites and services.
At CyberVault, we carefully vet every third-party service we integrate to ensure they meet our rigorous security and privacy standards before deployment.
3. Why We Use Third-Party Cookies
- Security & Threat Detection: Partners like Cloudflare and Akamai help us identify DDoS attacks, bot traffic, and malicious scanning behavior to protect our infrastructure and your data.
- Performance Analytics: Services such as Plausible Analytics and Google Lighthouse help us monitor site speed, load times, and user flow without collecting personally identifiable information (PII).
- Application Functionality: Embedded components (e.g., video hosting, live chat, payment processing) require specific cookies to function securely and remember your session preferences.
- Compliance & Auditing: Certain security posture management tools use cookies to verify consent, track policy acknowledgments, and maintain audit trails required by SOC 2 and ISO 27001.
4. Third-Party Services & Cookie Inventory
Below is a transparent list of third-party providers that may set cookies when you interact with CyberVault properties. All providers are bound by data processing agreements (DPAs) and restrict data usage to the specified purposes.
| Provider | Cookie Category | Purpose | Retention | Region |
|---|---|---|---|---|
| Cloudflare Inc. | Security / Essential | DDoS mitigation, bot management, SSL/TLS optimization | Session to 30 days | Global |
| Plausible Analytics | Analytics | Privacy-friendly traffic & performance metrics (no PII) | 18 months (aggregated) | EU |
| Stripe / GoCardless | Functional | Secure payment processing & subscription management | Session to 7 days | Global |
| Intercom / Crisp | Functional | Customer support chat, ticket tracking, knowledge base | Session to 30 days | US/EU |
| Vercel / Netlify | Performance | CDN routing, edge caching, deployment verification | Session | Global |
5. Managing & Opting Out
You have the right to control how cookies are used on your device. We provide multiple methods to manage your preferences:
- Cookie Consent Banner: Upon your first visit, you will be presented with granular controls to accept or reject analytics and functional cookies. You can update your choices at any time by clicking "Cookie Settings" in our footer.
- Browser Controls: Most browsers allow you to block or delete cookies entirely. Please consult your browser's help documentation for instructions on modifying cookie settings.
- Global Privacy Controls: We respect the Global Privacy Control (GPC) signal. If enabled in your browser, it will automatically opt you out of non-essential data collection.
- Third-Party Opt-Outs: Providers like Google, Cloudflare, and Stripe offer their own opt-out mechanisms and privacy dashboards, linked in the table above.
Note: Disabling essential security cookies may impact our ability to protect your session or detect suspicious activity. We recommend keeping security and essential cookies enabled for optimal protection.
6. Policy Updates & Transparency
CyberVault reserves the right to update this policy to reflect changes in our technology stack, legal obligations, or industry best practices. We will notify users of material changes via email or prominent on-site notices at least 30 days before implementation.
Our commitment to transparency is core to our cybersecurity mission. If you have questions about third-party data handling, want to request a data export, or wish to exercise deletion rights, please contact our Data Protection Officer.
7. Contact Us
For inquiries regarding this Third-Party Cookies Policy, data processing agreements, or privacy concerns:
- Email: privacy@cybervault.example.com
- Phone: +1 (800) 555-SECURE
- Mailing Address: CyberVault Inc., Attn: DPO, 100 Security Blvd, Suite 400, Austin, TX 78701
- Response Time: We acknowledge all privacy requests within 48 hours and respond fully within 30 days as required by applicable law.