Cookie Policy
Last updated: 12 May 2026 · Version 1.0
1. What are cookies?
Cookies are small text files stored on your device by your browser when you visit a website. They allow the site to remember information about your visit — your preferred language, whether you are signed in, and how you arrived. Similar technologies (local storage, session storage, pixels) work in comparable ways.
2. Categories we use
| Category | Purpose | Examples | Consent required? |
|---|---|---|---|
| Strictly necessary | Sign-in session, security, CSRF protection, region detection (Cloudflare CF-IPCountry → cf_country cookie) | session, cf_country, refresh token in localStorage | No — exempt under GDPR Art. 5(3) |
| Functional | Remember your locale, theme, last-used filters in the HR portal | locale, region in localStorage | No — first-party, no profiling |
| Analytics | Aggregated page-view + traffic-source data so we can improve the marketing site | Google Analytics 4 (_ga, _ga_*) | Yes in EU/UK/EEA; opt-out elsewhere |
| Marketing / advertising | Not used. We do not run remarketing pixels, no Meta Pixel, no LinkedIn Insight Tag. | — | — |
3. Managing your preferences
When you first visit the marketing site from an EU/UK/EEA IP, a consent banner asks you to accept or reject non-essential cookies. You can change your decision at any time by clicking “Cookie preferences”in the footer. Strictly necessary cookies cannot be disabled — without them the portal cannot keep you signed in.
You can also block or delete cookies through your browser settings. Doing so may impair functionality (you will be signed out, preferences will reset).
4. Third-party cookies
The marketing site loads Google Analytics 4 (googletagmanager.com), Google Fonts (fonts.gstatic.com), Google Maps (maps.googleapis.com on the Contact page), and Cloudflare CDN (no tracking cookie). The signed-in portal additionally loads Razorpay (checkout.razorpay.com) during paid signup. These third parties may set their own cookies; their privacy policies govern those.
5. Do Not Track
We respect the Sec-GPC: 1 Global Privacy Control header — when present, we treat your visit as a rejection of all non-essential cookies, regardless of the banner state. We do not respond to the legacyDNT header because it has been deprecated.
6. Contact
Cookie questions: privacy@staffixhr.com.