Draft — review with qualified counsel before publishing. This document describes PubSentry's actual cookie practices in plain language so a lawyer can adapt it into a binding notice. It is not legal advice and is not the final policy. Bracketed placeholders must be completed before this page goes live.
This Cookie Policy explains how [LEGAL ENTITY NAME] ("PubSentry," "we," "us") uses cookies and similar technologies across the PubSentry marketing website (pubsentry.com) and the authenticated dashboard (app.pubsentry.com). It complements our Privacy Policy and should be read alongside it.
Effective date: [EFFECTIVE DATE] Controller / contact: [LEGAL ENTITY NAME], [REGISTERED ADDRESS] — questions to [DPO/CONTACT EMAIL]. Governing law: This policy is governed by the laws of [GOVERNING JURISDICTION].
What a cookie is
A cookie is a small text file a website stores in your browser. Cookies can be first-party (set by the site you are visiting) or third-party (set by another domain, often for cross-site advertising). The categories below describe exactly which cookies PubSentry sets and why.
We deliberately keep our cookie footprint small. The honest summary is: one strictly-necessary cookie keeps you logged into the dashboard, the marketing site uses Google Analytics for aggregate measurement, and our detection tag sets no third-party tracking cookies at all.
Cookies we use
1. Strictly necessary — dashboard session cookie
When you sign in to the dashboard at app.pubsentry.com, we set a session cookie containing an opaque session identifier — a random token that maps to your authenticated session on our server. It carries no personal data in itself; it is the key that lets the server recognise your already-established login.
- Purpose: authentication. Without it, the product cannot keep you logged in or scope your requests to the sites your account owns.
- Type: first-party, set on
app.pubsentry.com, same-origin to the dashboard. - Security attributes: the cookie is sent over HTTPS and is intended to be
HttpOnly(not readable by page JavaScript) andSecure. [Confirm the exactSameSite,Secure, and expiry attributes with counsel against the live implementation inapps/insights/src/auth.ts.] - Consent: this cookie is strictly necessary to deliver a service you have explicitly requested (logging in), so under the ePrivacy Directive / PECR and equivalent rules it does not require prior consent.
You cannot opt out of the session cookie while using the dashboard, because the dashboard cannot function without it. If you block it, you simply will not be able to log in. Logging out, or letting the session expire, ends it.
2. Analytics — Google Analytics 4 on the marketing site
Our public marketing site (pubsentry.com) uses Google Analytics 4 (GA4) to understand aggregate traffic — which pages are visited, roughly where visitors come from, and how the site performs. GA4 may set its own cookies (for example _ga and _ga_<id>) to distinguish visitors and sessions.
- Purpose: aggregate, non-identifying website analytics and performance measurement.
- Type: set in connection with Google's analytics service; persistent.
- Data: usage signals and an analytics identifier, processed by Google under its own terms.
- Scope: the marketing site only. We do not run GA4 or third-party marketing analytics inside the authenticated dashboard.
- Consent: these are non-essential cookies. Where the law of [GOVERNING JURISDICTION] requires it (for example under the EU/UK ePrivacy rules), we will obtain consent before they are set, and you may decline or withdraw consent without losing access to the site's content.
3. The PubSentry detection tag — no third-party tracking cookies
This is the point most likely to be misunderstood, so we state it plainly: the PubSentry detection tag (/t.js) that publishers install on their own sites does not set advertising or cross-site tracking cookies, and does not build a profile of an individual across sites.
The tag's job is to score a single page view for invalid traffic and send a fraud-scoring beacon to our ingest endpoint. It collects only client-knowable signals (timing, automation/environment/behavioral indicators, and a non-PII device fingerprint hashed locally). On our servers, the raw IP address and User-Agent used to enrich that beacon are hashed with HMAC-SHA256 and then dropped — never stored raw, never used to track you across the web. There is no third-party ad cookie, no remarketing pixel, and no cross-site identifier in this flow.
If the tag uses any browser storage on a publisher's domain, it is first-party and functional (for example, to make fraud detection work on that one site). A publisher who installs PubSentry remains responsible for the cookie and consent notices on their own website, since they are the controller of their visitors' data; we provide this clause so they can describe our tag accurately.
Summary table
| Cookie / technology | Category | Set on | Purpose | Consent required |
|---|---|---|---|---|
| Dashboard session cookie | Strictly necessary | app.pubsentry.com | Keep you authenticated | No (essential) |
Google Analytics 4 (_ga, _ga_*) | Analytics | pubsentry.com (marketing) | Aggregate traffic measurement | Yes, where law requires |
| PubSentry detection tag beacon | Functional / first-party | Publisher's own site | Fraud / invalid-traffic scoring | Governed by publisher's notice |
How to control or opt out of cookies
You have several ways to manage cookies:
- Marketing-site analytics (GA4): decline or withdraw consent via our cookie banner / preferences control where one is shown for your region. You can also install Google's official opt-out browser add-on, which prevents GA data collection across sites that use it.
- Browser controls: every major browser (Chrome, Firefox, Safari, Edge) lets you view, block, or delete cookies in its settings, and offers a "block third-party cookies" option. Blocking strictly-necessary cookies will break dashboard login; blocking analytics cookies will not affect your ability to read the site.
- Do Not Track / Global Privacy Control: [Confirm with counsel whether [LEGAL ENTITY NAME] honours browser DNT / GPC signals, and state the position here.]
- The dashboard session cookie: you cannot use the dashboard without it, but you can end it at any time by logging out, and it does not persist beyond your session as configured.
Disabling cookies is your choice. Be aware that disabling strictly-necessary cookies will prevent parts of the service from working.
Other tracking technologies
Beyond the cookies above, we do not use third-party advertising pixels, social media tracking widgets, fingerprinting-for-advertising, or cross-site data brokers on our own properties. The only "fingerprint" anywhere in the product is the locally hashed, non-PII device signal used inside the fraud-detection beacon described above, which is a security signal, not an advertising identifier.
Changes to this policy
We may update this Cookie Policy as the product, our analytics setup, or our sub-processors change. Material changes will be reflected by a new effective date and, where appropriate, an updated cookie banner.
Contact
Questions about cookies or your choices: [DPO/CONTACT EMAIL] — [LEGAL ENTITY NAME], [REGISTERED ADDRESS]. For the fuller picture of how we handle data, see our Privacy Policy.
Draft for internal review. Do not treat any statement here as final or as legal advice until [LEGAL ENTITY NAME] has had it reviewed by qualified counsel.