Cookie Policy
1. Overview
This Cookie Policy explains how AffixIO uses cookies and similar technologies on our public website, customer dashboards, and documentation portals. It should be read together with our Privacy Policy.
2. What Are Cookies and Similar Technologies
Cookies are small text files placed on your device when you visit a website. We also use local storage, session storage, and pixel tags where appropriate for the same purposes. In this policy, “cookies” refers to all such technologies unless stated otherwise.
2.1 First-party vs third-party
- First-party cookies are set by AffixIO domains.
- Third-party cookies are set by service providers we engage for analytics, embedded content, or payment pages.
2.2 Session vs persistent
Session cookies expire when you close the browser. Persistent cookies remain until they expire or you delete them.
5. Strictly Necessary Cookies
These cookies are essential for security and basic operation. They cannot be switched off in our systems. They are usually set in response to actions you take, such as logging in or setting privacy preferences.
- Authentication session: maintains your logged-in state in the dashboard.
- CSRF and security tokens: protect forms and administrative actions.
- Load balancing: routes traffic to healthy servers.
- affix_zk_consent: stores your YES/NO choice and a browser-minted
proof_ref(SHA-256, no circuits) for 365 days on.affix-io.com.
Legal basis (UK/EU): legitimate interests and, where applicable, contract performance for account holders.
6. Functional Cookies
Functional cookies enable enhanced features such as remembering display preferences, locale, or recently viewed documentation sections. Without them, some convenience features may be unavailable.
Legal basis: consent where required; otherwise legitimate interests for account holders configuring the console.
7. Analytics Cookies
Analytics cookies help us understand how visitors use our website (pages viewed, referrers, approximate geography at country level, device type). We use aggregated statistics to improve content and performance. Analytics cookies on the marketing site are deployed only after consent where mandated.
We configure analytics providers to:
- mask or truncate IP addresses where supported;
- disable advertising features unless separately consented;
- retain event data for limited periods aligned with our Privacy Policy.
Legal basis: consent for non-essential analytics on public pages; legitimate interests for product telemetry on authenticated consoles where disclosed in the Privacy Policy.
8. Marketing Cookies
We may use marketing cookies to measure campaign effectiveness or deliver relevant AffixIO content on third-party platforms. These cookies are optional and off by default where a consent banner is shown. We do not use marketing cookies to perform eligibility verification or to profile payment applicants.
Legal basis: consent.
9. Third-Party Cookies
Some pages include content or services from third parties, which may set their own cookies:
- payment processors on checkout flows;
- embedded video or webinar platforms on event pages;
- customer support widgets, if enabled.
We require vendors to provide contractual privacy commitments, but their use of cookies is governed by their policies. Review those policies before interacting with embedded services.
11. Consent and Regions
Visitors from the UK, EEA, and other jurisdictions requiring opt-in consent will see a cookie banner allowing acceptance, rejection, or granular choice. You may withdraw consent at any time through the banner settings link or browser controls.
Where only notice is required, we provide this policy and continue to honor opt-out signals supported by our configuration.
12. How to Manage Cookies
You can control cookies through:
- our on-site preference center (where displayed);
- browser settings to block or delete cookies;
- industry opt-out tools for certain advertising networks.
Blocking strictly necessary cookies may prevent login or secure use of the dashboard. Instructions for major browsers are available in browser help documentation.
12.1 Cookie retention
Retention periods vary by cookie type: session cookies expire on browser close; analytics cookies typically persist 1 to 26 months depending on provider settings; consent records persist up to 12 months before re-prompting.
13. Do Not Track and Global Privacy Control
There is no uniform standard for Do Not Track signals. AffixIO treats supported Global Privacy Control signals as an opt-out of non-essential cookie processing where legally required. API traffic is unaffected.
15. Local Storage and SDK Storage
Some dashboard features store preferences in browser local storage rather than cookies. Local storage persists until cleared by the user and is used for UI state, draft policy editors, and consent timestamps. AffixIO SDKs distributed for mobile or embedded WebViews may use platform secure storage for device-bound SDK instance identifiers. These identifiers are not used to retain eligibility inputs or PII from verification calls.
15.1 Difference from verifier processing
Cookie and local storage practices on AffixIO-operated websites are separate from the Verifier Boundary described in our Privacy Policy. Server-side API calls do not set browser cookies on end-user devices unless your integration explicitly combines our dashboard scripts with your consumer-facing application, in which case you must disclose that combined behaviour.
16. Regional Requirements
United Kingdom and EEA: Non-essential cookies require prior consent. Our banner records consent version and timestamp.
United States: Where state privacy laws apply to our website operations, we honour opt-out preference signals for targeted advertising cookies where technically feasible.
Other regions: We apply the strictest applicable standard when conflicts arise for visitors we can reasonably geolocate at country level without storing precise location in marketing cookies.