Cookie Policy

What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit a website. They allow websites to recognize your device and remember information about your visit.

Purpose: Cookies help us provide, protect, and improve our Services by:

• Remembering your preferences and settings
• Keeping you logged in
• Understanding how you use our Services
• Detecting and preventing fraud

Similar Technologies

In addition to cookies, we use similar tracking technologies:

• Web Beacons / Pixels: Small transparent images embedded in web pages or emails to track page views and email opens
• Local Storage: Browser storage (localStorage, sessionStorage) for larger data that doesn't expire with the session

This Policy Applies To: All cookies and similar tracking technologies used on https://thisone.app and our Services.

What We Do NOT Use: We do not use ETags as tracking identifiers or device fingerprinting techniques. These methods are excluded due to stricter consent requirements and privacy concerns.

Legal Framework

Our cookie practices comply with:

1. ePrivacy Directive 2002/58/EC (as amended by Directive 2009/136/EC)

   • Article 5(3): Consent requirement for storing or accessing information on user devices

2. GDPR Regulation (EU) 2016/679

   • Article 6(1)(a): Consent as lawful basis for cookie-based processing
   • Article 7: Valid consent requirements (freely given, specific, informed, unambiguous)

Cookie Consent (ePrivacy Directive GDPR Art. 5(3))

For EU/EEA Users: We obtain your explicit consent before placing non-essential cookies on your device, in accordance with ePrivacy Directive Article 5(3).

Consent Mechanism: When you first visit our website from the EU/EEA, you will see a cookie consent banner allowing you to:

1. Accept All: Consent to all cookie categories
2. Reject Non-Essential: Only essential cookies will be used

Pre-Consent Blocking: Non-essential cookies are blocked until you provide consent. We use cookie consent management technology to prevent unauthorized cookie placement.

Consent Storage: Your consent choices are stored in browser localStorage (hh-cookie-consent) for up to 12 months.

Essential vs. Non-Essential Cookies

Essential Cookies (ePrivacy Directive exemption):

• Strictly necessary for the Services to function
• Cannot be disabled without preventing service functionality
• Do NOT require consent under ePrivacy Directive GDPR Art. 5(3)
• Examples: Authentication, security, load balancing

Non-Essential Cookies (consent required):

• Enhance user experience but not strictly necessary
• Require explicit consent under ePrivacy Directive GDPR Art. 5(3)
• Examples: Analytics, advertising, functional preferences
• Can be disabled via cookie settings

Scope of This Policy

What This Policy Covers:

• Cookies and similar technologies we use
• Why we use each cookie
• How long cookies are stored
• How to manage your cookie preferences

Related Policies:

• Privacy Policy: How we process Personal Data
• Terms of Service: Terms governing your use of Services

Cookie Categories Overview

We categorize cookies into the following types (detailed in Cookie Categories):

1. Essential Cookies: Strictly necessary for service operation
2. Analytics Cookies: Understanding how users interact with Services
3. Functional Cookies: Remembering preferences and enhancing UX

Your Control

You have control over cookies:

Cookie Settings: Manage preferences via our cookie consent banner or footer link

Browser Controls: Configure your browser to block or delete cookies

Third-Party Opt-Outs: Use industry opt-out tools (detailed in Third-Party Opt-Out Tools)

Contact: Questions about cookies? Email support@hashedhorizon.com

Cookie Categories

1. Essential Cookies (No Consent Required)

Purpose: Strictly necessary for the Services to function. These cookies are exempt from consent requirements under ePrivacy Directive GDPR Art. 5(3).

Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) - essential for service delivery

Examples:

Cannot Be Disabled: Disabling essential cookies and storage will prevent you from using the Services.

2. Analytics Cookies (Consent Required)

Purpose: Help us understand how users interact with our Services to improve user experience.

Legal Basis: Consent (GDPR Art. 6(1)(a)) obtained via cookie consent banner

Consent Required: Yes, for EU/EEA users under ePrivacy Directive GDPR Art. 5(3)

Google Analytics (ID: G-XXXXXXXXXX)

Provider: Google Ireland Limited (EU) / Google LLC (USA)

Purpose: Website traffic analysis, user behavior tracking, conversion tracking

Cookies Set:

Data Collected: Page views, session duration, referral source, device type, approximate location (city-level)

IP Anonymization: Enabled - last octet of IP address is anonymized

Data Retention: Up to 26 months (configurable)

Privacy Policy: Google Analytics Privacy

Opt-Out: Google Analytics Opt-Out Browser Add-on

4. Functional Cookies (Consent Required for Non-Essential)

Purpose: Remember your choices to provide enhanced, personalized features.

Legal Basis: Consent (GDPR Art. 6(1)(a)) for non-essential functional cookies

Examples:

We do not currently use non-essential functional cookies or storage.

Note: Application state stores (thisone-auth, thisone-decisions, thisone-tasks, thisone-thoughts) are classified as Essential (see above) because the application cannot function without them.

Cookie Duration Types

Session Cookies: Deleted when you close your browser

Persistent Cookies: Remain on your device for a specified duration or until manually deleted

First-Party Cookies: Set by https://thisone.app directly

Third-Party Cookies: Set by external services (Google, Hotjar, etc.)

Cookie Consent Management

How We Obtain Consent (GDPR Art. 7)

For EU/EEA Users

Cookie Consent Banner: When you first visit our website from the EU/EEA, you will see a cookie consent banner with:

Options Provided:

1. Accept All: Consent to all cookie categories (Essential, Analytics, Marketing, Functional)
2. Reject Non-Essential: Only essential cookies will be used; all others blocked
3. Customize: Granular control - enable/disable each category individually
4. Cookie Policy: Link to this full Cookie Policy for detailed information

GDPR Art. 7 Compliance: Our consent mechanism ensures:

1. Freely Given (GDPR Art. 7(4)):

   • No cookie walls - you can use basic Services without consenting to non-essential cookies
   • Separate consent options for each category
   • No bundled consent (analytics separate from advertising)

2. Specific (GDPR Art. 7(2)):

   • Individual consent options for each cookie category
   • Clear description of what each category does

3. Informed (GDPR Art. 7(2)):

   • Clear information about each cookie's purpose, data collected, and retention
   • Link to full Cookie Policy
   • Provider names and privacy policy links

4. Unambiguous (GDPR Art. 7(1)):

   • Affirmative action required (clicking "Accept" or toggling categories)
   • No pre-ticked boxes
   • Clear indication of consent

Consent Storage: Your consent choices are stored in browser localStorage (hh-cookie-consent) containing:

• Consent status for each category (accepted/rejected)
• Timestamp of consent
• Consent version number

Consent Duration: 12 months - after expiry, you will be asked to renew consent

Withdraw Consent (GDPR Art. 7(3) - "As Easy As Giving Consent")

Legal Requirement: Under GDPR Art. 7(3), withdrawing consent must be as easy as giving consent. We provide multiple withdrawal methods with equal prominence:

Method 1: One-Click Withdrawal (Fastest)

• Location: Floating "Cookie Settings" button visible on all pages (bottom-left or bottom-right corner)
• Action: Click button → Opens consent panel → Toggle categories OFF → Click "Save"
• Timing: Immediate - changes apply instantly
• Persistence: Your withdrawal is saved in browser localStorage (hh-cookie-consent)

Method 2: Cookie Settings Page

• Location: Accessible from website footer link "Cookie Settings" or direct URL: https://thisone.app/legal
• Action: Visit page → Adjust preferences → Click "Save Preferences"
• Granular Control: Enable/disable each category individually
• Timing: Immediate application

Method 3: Clear Browser Cookies

• Action: Clear browser cookies for https://thisone.app
• Effect: Resets all consent choices
• Note: You'll see the consent banner again on next visit

Method 4: Email Request

• Email: support@hashedhorizon.com
• Subject: "Withdraw Cookie Consent"
• Response: We will reset your consent within 24 hours
• Confirmation: You'll receive email confirmation

GDPR Compliance - "As Easy As Giving":

• Same Interface: Consent banner and withdrawal both use the same UI
• Same Accessibility: Floating button always visible, just like consent banner was
• Same Steps: Giving consent = 2 clicks; Withdrawing consent = 2 clicks
• No Barriers: No account login required, no forms to fill
• Clear Action: "Withdraw" or "Disable" buttons clearly labeled

Real-Time Withdrawal Effects:

Immediate Actions (happens instantly):

1. Scripts Blocked: Third-party analytics/marketing scripts stop executing
2. Cookie Deletion: Non-essential cookies are deleted from your browser
3. No New Tracking: No new tracking data is collected
4. Preference Saved: Your withdrawal choice is stored in essential cookie

Delayed Actions (within 24 hours):

1. Subprocessor Notification: We notify analytics providers to stop processing your data
2. Data Deletion Request: Instruct subprocessors to delete collected data (where technically feasible)

What Happens to Your Experience:

• Core Services Work: Website functionality unaffected
• Analytics Disabled: We cannot track usage patterns to improve UX
• Personalization Limited: Generic experience instead of personalized
• No Discrimination: You will NOT be treated differently for withdrawing consent

Verification of Withdrawal:

• Check browser developer tools (F12 → Application → Cookies) - non-essential cookies should be absent
• Check network requests (F12 → Network) - analytics scripts should not load
• Check localStorage (F12 → Application → Local Storage) - hh-cookie-consent should show categories as rejected

Consent Logging (GDPR Art. 7(1))

We maintain records of your consent for accountability:

What We Log:

• Date and time of consent
• Consent choices (which categories accepted/rejected)
• Consent method (banner interaction)
• Consent version (Cookie Policy version at time of consent)
• IP address (for geographic consent requirements)

Purpose: Demonstrate compliance with GDPR Art. 7(1) ("consent must be demonstrable")

Retention: Consent logs retained for up to 12 months after account closure for regulatory compliance

Pre-Consent Cookie Blocking

Technology: We use cookie consent management platform (CMP) to block non-essential cookies before consent:

How It Works:

1. Before Consent: Only essential cookies are loaded
2. Script Blocking: Third-party scripts (Google Analytics, Hotjar, Google Ads) are blocked
3. After Consent: Approved scripts are dynamically loaded
4. After Rejection: Non-essential scripts remain blocked

Verification: You can verify blocking using browser developer tools (F12 → Network/Cookies tab)

Re-Consent on Policy Changes

If we make material changes to our cookie practices:

1. Notification: You will be notified via updated Cookie Policy and website banner
2. New Consent Required: Your previous consent may be invalidated
3. Re-Consent Banner: You will see the consent banner again to provide fresh consent
4. Grandfathering: If changes are minor, we may grandfather existing consents

Children's Consent

Age Verification: We do not knowingly obtain cookie consent from children under 18

Parental Consent: For users between 13 and 18 in the EU/EEA, parental consent is required (GDPR Art. 8)

Discovery: If we discover cookies were set for a child without proper consent, we will delete them immediately

Consent for Cross-Border Transfers

By consenting to analytics and marketing cookies, you also consent to international data transfers under GDPR Art. 49(1)(a):

Third Countries: Cookie data may be transferred to:

• United States: Google Analytics, Google Ads (if applicable)
• Other Countries: Where analytics/advertising providers have infrastructure

Safeguards: Standard Contractual Clauses (SCCs) and supplementary measures in place (see International Data Transfers)

Your Cookie Choices

Managing Cookies Through Our Website

Cookie Settings Link: Click "Cookie Settings" in the website footer to:

• View current consent status
• Enable/disable cookie categories
• Review which cookies are active
• Update preferences at any time

Immediate Effect: Changes take effect immediately; page may reload

Browser Cookie Controls

All modern browsers allow you to control cookies. Here's how:

Google Chrome

1. Settings → Privacy and security → Cookies and other site data
2. Choose:
   • "Allow all cookies"
   • "Block third-party cookies"
   • "Block all cookies" (breaks many websites)
3. Manage exceptions for specific sites
4. Clear existing cookies: Settings → Privacy and security → Clear browsing data

Chrome Mobile: Settings → Site settings → Cookies

Mozilla Firefox

1. Settings → Privacy & Security → Cookies and Site Data
2. Choose standard/strict/custom tracking protection
3. Manage exceptions
4. Clear cookies: Settings → Privacy & Security → Clear Data

Firefox Mobile: Settings → Data Management → Cookies

Apple Safari

1. Safari → Preferences → Privacy
2. Choose "Block all cookies" or "Prevent cross-site tracking"
3. Manage website data
4. Clear cookies: Safari → Clear History

Safari iOS: Settings → Safari → Block All Cookies

Microsoft Edge

1. Settings → Privacy, search, and services → Cookies
2. Choose tracking prevention level (Basic/Balanced/Strict)
3. Manage and delete cookies
4. Clear browsing data

Edge Mobile: Settings → Privacy and security → Cookies

Third-Party Opt-Out Tools

Industry Opt-Out Pages

Your Online Choices (EU): https://www.youronlinechoices.com/

• Opt out of behavioral advertising from participating companies
• Managed by European Interactive Digital Advertising Alliance (EDAA)

Network Advertising Initiative (NAI): https://optout.networkadvertising.org/

• Opt out of participating ad networks
• US-based but affects global tracking

Digital Advertising Alliance (DAA): https://optout.aboutads.info/

• Opt out of interest-based advertising

Analytics Opt-Outs

Google Analytics:

• Browser Add-on: https://tools.google.com/dlpage/gaoptout
• Prevents Google Analytics JavaScript from sharing information
• Works across all websites using Google Analytics

Do Not Track (DNT) Signals

Browser DNT Settings: Most browsers offer "Do Not Track" settings:

EU/EEA Users: We honor explicit cookie consent choices made through our consent banner, which provides more granular control than DNT signals.

DNT Signals: DNT browser signals are not universally standardized and may be overridden by your explicit consent choices through our banner.

Global Privacy Control (GPC): We respect Global Privacy Control signals where legally required.

California Privacy Rights (CPRA/CCPA)

For California Residents: Under the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), California residents have specific rights regarding the "sale" or "sharing" of Personal Information for targeted advertising purposes.

Right to Opt Out of Sale or Sharing

What is "Sale" or "Sharing"?

• Sale: Disclosing Personal Information to third parties for monetary or other valuable consideration
• Sharing: Disclosing Personal Information to third parties for cross-context behavioral advertising

Analytics and Advertising Cookies: When you allow analytics or advertising cookies (Google Analytics, Hotjar, Google Ads), this may constitute "sharing" of Personal Information under CPRA, as these services may use data for targeted advertising or behavioral profiling.

How to Opt Out

Option 1: Cookie Settings (Recommended)

• Click "Cookie Settings" in the website footer
• Disable "Analytics" and "Marketing" cookie categories
• This prevents cookies that may constitute "sharing" of your information

Option 2: Global Privacy Control (GPC)

• We honor GPC signals: If your browser sends a Global Privacy Control signal, we automatically treat it as an opt-out of "sale" or "sharing"
• Enable GPC: Install a browser extension or use a privacy-focused browser that supports GPC
  • Privacy Badger: https://privacybadger.org/
  • OptMeowt: https://github.com/privacy-tech-lab/gpc-optmeowt
  • Brave browser: Built-in GPC support
  • DuckDuckGo browser: Built-in GPC support

Option 3: Contact Us

• Email support@hashedhorizon.com with subject "CCPA Opt-Out Request"
• Include your email address associated with your account (if applicable)
• We will process your request within 15 business days

Additional California Privacy Rights

California residents also have the right to:

1. Right to Know: Request disclosure of Personal Information we collect, use, and share
2. Right to Delete: Request deletion of Personal Information we hold about you
3. Right to Correct: Request correction of inaccurate Personal Information
4. Right to Limit Use of Sensitive Personal Information: Limit use of sensitive Personal Information for certain purposes
5. Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment

Exercise These Rights: See our Privacy Policy for details on exercising these rights, or email support@hashedhorizon.com with subject "CCPA Rights Request".

Verification and Response

Verification: To protect your privacy, we may need to verify your identity before processing CCPA/CPRA requests. We may ask for:

• Email address associated with your account
• Recent account activity or transaction history
• Government-issued ID (for deletion or sensitive requests)

Response Timeline:

• Opt-Out Requests: Processed within 15 business days
• Other Requests: Responded to within 45 days (may extend by 45 additional days if reasonably necessary)

No Sale to Third Parties

Our Position: Hashed Horizon does NOT sell your Personal Information to third parties for monetary consideration. However, under the broad CPRA definition, sharing data with analytics providers (Google Analytics, Hotjar) may be considered "sharing" for targeted advertising purposes.

When You Opt Out: We will not share your Personal Information with analytics providers for behavioral advertising purposes.

Authorized Agents

California Law: You may designate an authorized agent to make CCPA/CPRA requests on your behalf.

Requirements:

• Agent must provide written authorization signed by you
• We may require you to verify your identity directly
• Agent must be registered with the California Secretary of State (if a business)

Submit Agent Requests: Email support@hashedhorizon.com with subject "CCPA Authorized Agent Request" and attach required authorization documentation.

Mobile App Tracking Controls

iOS Devices

Limit Ad Tracking:

1. Settings → Privacy → Tracking
2. Toggle off "Allow Apps to Request to Track"
3. Or deny tracking for specific apps

Advertising Identifier Reset:

1. Settings → Privacy → Apple Advertising
2. "Reset Advertising Identifier"

Android Devices

Opt Out of Ads Personalization:

1. Settings → Google → Ads
2. Toggle on "Opt out of Ads Personalization"

Reset Advertising ID:

1. Settings → Google → Ads
2. "Reset advertising ID"

Our Apps: Our mobile apps respect these device-level settings

Incognito / Private Browsing

Private Mode: Most browsers offer incognito/private browsing:

• Chrome: Ctrl+Shift+N (Windows) or Cmd+Shift+N (Mac)
• Firefox: Ctrl+Shift+P (Windows) or Cmd+Shift+P (Mac)
• Safari: Cmd+Shift+N (Mac)
• Edge: Ctrl+Shift+N (Windows)

Effect:

• Cookies are not saved after you close the window
• Browsing history is not recorded
• You may still see the cookie consent banner

Limitations: Private browsing does NOT:

• Make you anonymous online (IP address still visible)
• Prevent tracking during the session
• Block cookies while the window is open

Clearing Existing Cookies

Why Clear Cookies:

• Reset consent preferences
• Remove tracking cookies
• Troubleshoot website issues
• Improve privacy

How to Clear Cookies: See browser-specific instructions above

Effect:

• You will be logged out of websites
• Preferences will be reset
• You will see cookie consent banners again

Consequences of Blocking Cookies

Blocking All Cookies may result in:

• Cannot log in to your Account
• Settings and preferences not remembered
• Some features unavailable
• Website functionality degraded

Blocking Non-Essential Cookies:

• Core Services still functional
• Can create Account and log in
• Security features work
• Analytics disabled (we can't improve user experience)
• Personalized ads disabled

Recommended: Block only non-essential cookies (analytics, advertising) while allowing essential cookies

Contact for Cookie Questions

Email: support@hashedhorizon.com

Subject: "Cookie Policy Question"

Common Questions:

• How to opt out of specific cookies
• Which cookies are essential
• Cookie data retention periods
• Third-party cookie providers

Third-Party Cookies and Services

Third-Party Cookie Providers

Some cookies on our website are set by third-party services. We do not control these cookies, which are governed by the respective third parties' privacy policies.

Analytics Providers

Google Analytics (Google Ireland Limited / Google LLC)

Purpose: Website traffic analysis and behavior tracking

Cookies Set: _ga, _gid, _gat, _ga_<container-id>

Privacy Policy: Google Privacy Policy

Cookie Policy: Google Analytics Cookie Usage

Data Processing: Google acts as an independent Data Processor under our Data Processing Agreement

Opt-Out: Google Analytics Opt-Out

Cross-Site Tracking

What is Cross-Site Tracking: Third-party cookies that track your activity across multiple websites

Our Practices:

We Do NOT Use Cross-Site Tracking: Our cookies do not track you across other websites

Your Control:

• Block third-party cookies in browser settings
• Use tracking protection (Firefox, Safari)
• Opt out via industry tools (see Third-Party Opt-Out Tools)

Data Sharing with Third Parties

How Third-Party Cookies Work:

1. You visit https://thisone.app
2. Third-party script loads (e.g., Google Analytics)
3. Third-party sets cookies on your device
4. Third-party collects data from those cookies
5. Data is sent to third-party servers

Data Sent to Third Parties (with your consent):

Google Analytics:

• Page URLs visited
• Referral source
• Device type, browser, screen resolution
• Approximate location (city-level, anonymized IP)
• Session duration and behavior

Third-Party Responsibilities

Independent Data Controllers: Third-party cookie providers are independent Data Controllers for data collected through their cookies.

Their Privacy Policies Apply: Data collected by third parties is governed by their privacy policies, not ours.

Our Obligations:

• Inform you about third-party cookies (this Policy)
• Obtain your consent before third-party cookies are set
• Provide opt-out mechanisms
• Regularly review third-party practices

Your Rights: You can exercise data subject rights directly with third parties:

• Google: privacy.google.com/take-control.html
• Hotjar: https://www.hotjar.com/legal/policies/privacy/

Social Media Plugins and Sharing

Social Sharing Implementation: We provide social sharing functionality using the Web Share API (browser/OS native sharing mechanism), which:

• Does NOT load social media SDKs (Facebook, Twitter, LinkedIn scripts)
• Does NOT set third-party cookies from social networks
• Uses your device's native share functionality (like iOS share sheet or Android sharesheet)
• Privacy-preserving: No tracking or data collection by social platforms until you actively share

How Web Share Works:

1. You click the "Share" button on our website
2. Your browser/OS opens its native share dialog
3. You choose which app/platform to share to (Messages, Twitter, Email, etc.)
4. Only the content you explicitly share is sent to the chosen platform

No Third-Party Cookies: Because we use Web Share API instead of embedded social plugins, no social media cookies are set on https://thisone.app.

Platform Responsibility: When you share content to third-party platforms (Facebook, Twitter, etc.), that platform's terms of service and privacy policy apply to the shared content. We do not control how platforms handle content you share.

Fallback for Unsupported Browsers: If your browser doesn't support Web Share API, we may provide direct links to sharing URLs (e.g., https://twitter.com/intent/tweet?url=...), which also do not load third-party scripts or set cookies until you click the link.

Embedded Content

Third-Party Embeds: We may embed third-party content (YouTube videos, Vimeo, etc.)

AI-Generated Images: AI-generated images are hosted on our infrastructure or CDN providers (not embedded from third-party sites).

Cookies from Embeds: Embedded content may set cookies from the third-party provider.

Your Control: You can block these by:

• Declining functional cookies in our consent banner
• Blocking third-party cookies in browser settings
• Using content blockers/ad blockers

Updates to Third-Party Services

Adding New Services: If we add new third-party cookie providers, we will:

1. Update this Cookie Policy
2. Obtain fresh consent from EU/EEA users
3. Provide opt-out mechanisms

Removing Services: If we remove third-party services:

1. Update this Cookie Policy
2. Request deletion of data from the third party
3. No longer load their scripts on our website

Current List: The third-party services listed in this Policy are current as of the "Last Updated" date at the top.

Cookie Data Retention & Policy Updates

Cookie Data Retention

How Long Cookies Last

Session Cookies: Deleted when you close your browser

• Authentication tokens
• CSRF tokens
• Session identifiers

Persistent Cookies: Remain on your device for a specified duration:

| Functional cookies | 1 year | Us/Third parties |

Data Retention After Cookie Expiry

Cookie Expires: Cookies are automatically deleted from your device when they expire

Server-Side Data: Data collected via cookies may be retained on our servers or third-party servers according to:

• Our Privacy Policy (see Data Retention section)
• Third-party privacy policies

Our Retention: Cookie-related data we collect is retained for:

• Consent logs: up to 12 months after account closure (for GDPR compliance)
• Analytics data: up to 90 days (aggregated and anonymized)

Manual Cookie Deletion

You Can Delete Cookies Anytime:

• Via browser settings (see Browser Cookie Controls)
• By clearing browsing data
• By opting out via our cookie settings

Effect of Deletion:

• Consent preferences reset (you'll see the banner again)
• Logged out of your Account
• Preferences and settings lost

Changes to This Cookie Policy

Right to Modify

We reserve the right to update this Cookie Policy to reflect:

• Changes in our cookie practices
• New cookies or third-party services
• Changes in applicable laws (ePrivacy Directive, GDPR)
• Technological developments
• Feedback from users or regulators

Notice of Material Changes

Advance Notice: We will provide at least 30 days' advance notice of material changes by:

1. Updated Policy: "Last Updated" date at top of this Policy
2. Website Notice: Prominent banner on https://thisone.app
3. Email Notification: To registered users (if applicable)
4. Fresh Consent: EU/EEA users will see the consent banner again if changes require re-consent

Material Changes Include:

• Adding new cookie categories (e.g., starting to use advertising cookies)
• Adding new third-party cookie providers
• Changes to cookie purposes or data collected
• Changes to cookie retention periods
• Changes to consent mechanisms

Non-Material Changes

Immediate Effect: Non-material changes take effect immediately:

• Clarifications of existing practices
• Corrections of typos or formatting
• Updates to third-party privacy policy links
• Organizational improvements

Last Updated Date: Always check the "Last Updated" date at the top for the most recent changes.

Review of Changes

Change Log: We maintain a log showing:

• Date of change
• Summary of modifications
• Reason for change
• Effective date

Comparison View: Side-by-side comparison available for material changes

Your Options After Changes

If you object to material changes:

1. Update Consent:

• Review new cookie practices
• Update consent preferences via cookie settings
• Withdraw consent for specific categories

2. Opt Out:

• Block cookies via browser settings
• Use third-party opt-out tools
• Contact support@hashedhorizon.com for assistance

3. Continue Using Services:

• Continued use after effective date constitutes acceptance
• You can always change cookie preferences later

Re-Consent for Material Changes

When Required: If we add new cookie purposes or providers that require consent, EU/EEA users will see the consent banner again.

Fresh Consent: Previous consent does not automatically extend to new purposes or providers.

Grandfathering: If changes are minor (e.g., updating third-party privacy policy links), we may grandfather existing consents.

Contact Us

Cookie Policy Questions

Email: support@hashedhorizon.com

Subject: "Cookie Policy Question"

Response Time: Within 5 business days

Common Questions:

• Which cookies are essential?
• How to opt out of specific cookies?
• Cookie data retention periods?
• Third-party cookie providers?

Withdraw Cookie Consent

Email: support@hashedhorizon.com

Subject: "Withdraw Cookie Consent"

Alternative Methods:

• Cookie Settings link in footer
• Clear browser cookies
• Browser privacy settings

Report Cookie Issues

Problems to Report:

• Cookies set without consent
• Consent banner not appearing
• Unable to opt out of cookies
• Cookies not respecting preferences

Contact: support@hashedhorizon.com with subject "Cookie Issue Report"

Last Updated: 2025-10-25

Effective Date: 2025-10-25

Version: 1.0

Cookie Policy Summary & Quick Reference

Quick Reference Table

Essential Cookies (Always Active)

Analytics Cookies (Requires Consent)

Key Takeaways

Your Privacy Rights

You Control Your Cookies:

• Accept or reject non-essential cookies
• Change preferences anytime via "Cookie Settings" link
• Clear cookies through browser settings
• Withdraw consent without penalty

We Respect Your Choices:

• Essential cookies only if you decline
• No cookie walls (Services work without non-essential cookies)
• 30-day advance notice for material changes
• Re-consent required for new cookie purposes

Cookie Categories Explained

Essential (Cannot Disable):

• Required for basic Services functionality
• Authentication and security
• Session management
• Legal basis: Legitimate interests (GDPR Art. 6(1)(f))

Analytics (Opt-In Required):

• Help us improve user experience
• Understand how Services are used
• Legal basis: Consent (GDPR Art. 6(1)(a))

Marketing (Opt-In Required):

• Personalized advertising
• Conversion tracking
• Legal basis: Consent (GDPR Art. 6(1)(a))

EU/EEA Users

ePrivacy Directive Compliance:

• Explicit consent before non-essential cookies
• Granular control (choose specific categories)
• Consent banner on first visit
• 12-month consent duration (then re-ask)

Your Consent is:

• Freely Given: No cookie walls
• Specific: Separate choices for each category
• Informed: Clear information about purposes
• Unambiguous: Requires active opt-in

How to Manage Cookies

Quick Links

On Our Website:

• Cookie Settings: Footer link on every page
• Privacy Policy
• Terms of Service

Browser Controls:

• Chrome: chrome://settings/content/cookies
• Firefox: Settings → Privacy & Security → Cookies
• Safari: Preferences → Privacy
• Edge: Settings → Cookies and site permissions

Third-Party Opt-Outs:

• Google Analytics: https://tools.google.com/dlpage/gaoptout

What Happens When You Block Cookies?

Blocking All Cookies:

• Cannot log in to your Account
• Settings not remembered
• Some features unavailable
• Security features may not work

Blocking Non-Essential Only (Recommended):

• Core Services fully functional
• Can create Account and log in
• Security features work
• Analytics disabled (we can't improve UX)
• Personalized ads disabled

Related Policies

Privacy Policy: For comprehensive information about how we collect, use, and protect your Personal Data, see our Privacy Policy.

Terms of Service: For terms governing your use of our Services, see our Terms of Service.

Third-Party Privacy Policies:

• Google Privacy: https://policies.google.com/privacy

Contact & Support

Cookie Policy Questions

General Questions:

• Email: support@hashedhorizon.com
• Subject: "Cookie Policy Question"
• Response Time: Within 5 business days

Common Questions We Can Help With:

• Which cookies are essential vs optional?
• How to opt out of specific cookie providers?
• Cookie data retention periods?
• How third-party cookies work?
• GDPR consent requirements?

Withdraw Cookie Consent

Email: support@hashedhorizon.com

Subject: "Withdraw Cookie Consent"

Alternative Methods:

1. Click "Cookie Settings" in website footer
2. Clear browser cookies manually
3. Block cookies via browser privacy settings

Report Cookie Issues

Problems to Report:

• Cookies set without consent
• Consent banner not appearing
• Unable to opt out of cookies
• Cookies not respecting your preferences
• Third-party cookies after declining

Contact: support@hashedhorizon.com with subject "Cookie Issue Report"

Include in Your Report:

• Browser and version
• Device type (desktop/mobile)
• Steps to reproduce the issue
• Screenshot (if applicable)

Supervisory Authority

If you have concerns about our cookie practices that we cannot resolve, you have the right to lodge a complaint with your Data Protection Authority:

Your Local Authority: You can also contact the Data Protection Authority in your EU/EEA country of residence.

Accessibility

If you need this Cookie Policy in an alternative format (large print, audio, Braille), please contact support@hashedhorizon.com with subject "Accessibility Request - Cookie Policy".

Response Time: We will provide alternative formats within 10 business days.

Summary in Plain Language

What Are Cookies?: Small text files stored on your device when you visit websites.

Why We Use Them:

• Essential cookies keep you logged in and secure your session
• Analytics cookies help us improve the website
• Marketing cookies show you relevant ads

Your Choices:

• You control non-essential cookies via our consent banner
• Essential cookies cannot be disabled (Services won't work without them)
• You can change your mind anytime

Your Privacy:

• We follow GDPR and ePrivacy Directive
• No tracking without your consent (EU/EEA users)
• Transparent about what cookies we use and why

Questions?: Email support@hashedhorizon.com - we're here to help!

Order of Precedence

In the event of any conflict or inconsistency between legal documents, the following order of precedence applies (highest to lowest):

1. Enterprise Addendum - Controls enhanced terms for Enterprise Customers
2. Data Processing Agreement (DPA) - Controls data processing terms for Business Customers
3. Order Form (if any) - Controls service-specific terms and pricing
4. Privacy Policy - Controls personal data processing and privacy rights (for data protection matters)
5. Terms of Service - Controls general use, liability, and dispute resolution
6. Cookie Policy - Controls cookie use and consent management

Interpretation Rules:

• Specific Prevails Over General: More specific provisions prevail over general provisions
• Later Prevails Over Earlier: In case of amendments, the most recent version prevails
• Mandatory Law Prevails: Nothing in these documents limits rights granted by mandatory consumer protection, data protection, or other applicable laws

For Business Customers: The DPA and Enterprise Addendum (if applicable) take precedence over consumer-focused provisions in the Terms of Service and Privacy Policy.

For Consumer Customers: Consumer protection laws (GDPR, ePrivacy Directive, national consumer laws) prevail over any conflicting contractual terms.

Thank you for reviewing our Cookie Policy. Your privacy is important to us.

Effective: 2025-10-25 | Version: 5.0.0