Cookie Policy

This Cookie Policy applies to the Surfacedd marketing website at surfacedd.com and its logged-in dashboard. It does not apply to sponsored content delivered by Surfacedd inside publisher AI applications, which is contextual and does not involve cookies or cross-site identifiers. For the complete description of how Surfacedd processes personal data, see the Privacy Policy.

A cookie is a small text file that a website stores on your device when you visit. Cookies let a site remember information about your visit — whether you are signed in, what language you prefer, whether you accepted the site\u2019s notices — and allow the site to measure how it is being used. Similar technologies such as local storage, session storage, and pixels serve related purposes and are covered under the same rules where applicable law requires.

Surfacedd groups cookies set on the marketing website into three categories.

• Strictly necessary — required for the website to function (authentication, cross-site request forgery protection, callback routing during sign-in). These cannot be disabled; disabling them would break core features.
• Analytics — help Surfacedd understand how the marketing website is used, at an aggregate level. Loaded only after consent (where required by law).
• Preference — remember settings you choose (for example, the dashboard\u2019s theme or your cookie consent decision itself). Loaded only after consent for non-strictly-necessary preferences.

Surfacedd does not set advertising cookies, retargeting pixels, third-party behavioral-advertising tags, or cross-site tracking identifiers on surfacedd.com.

The table below lists every first-party and third-party cookie Surfacedd may set on the marketing website. If Surfacedd adds or removes a cookie, this table is updated.

Additional vendor-set cookies may be introduced if and when Surfacedd integrates a new service that requires them (for example, a chat-support widget or a video player). Material changes are reflected in this table and communicated via the cookie consent banner before a new non-strictly-necessary cookie is set.

For visitors in the European Economic Area, the United Kingdom, Switzerland, and other jurisdictions that require prior consent for non-strictly-necessary cookies, Surfacedd presents a consent banner on first visit and on any subsequent visit where consent has expired or been withdrawn. The banner complies with the EU ePrivacy Directive Article 5(3), the UK Privacy and Electronic Communications Regulations, and national implementations referenced in Section 11.

• Equal prominence. The first layer of the banner provides an "Accept all" and a "Reject all" control with equivalent visual weight.
• Granular control. A second layer lets visitors toggle analytics and preference categories independently.
• No pre-ticked boxes. Non-strictly-necessary categories are off by default.
• No cookie walls. Access to the website is not conditioned on consent.
• Easy withdrawal. A persistent "Cookie preferences" link in the footer reopens the consent panel at any time.
• Continued browsing is not consent. Scrolling, link-clicking, or dismissing the banner without an explicit choice does not count as consent and no non-strictly-necessary cookie is set.
• Re-ask cycle. Consent is re-solicited at most every 12 months, or sooner if the purposes change materially.

Where the visitor\u2019s jurisdiction does not require prior consent (for example, many US states for most cookie categories), Surfacedd provides an equivalent opt-out mechanism via the same footer link and honors Global Privacy Control as described in Section 7.

Surfacedd uses Google Consent Mode v2 in advanced mode for visitors subject to EEA and UK consent requirements. This means the Google Analytics tag loads with the following default signals set to "denied" — ad_storage, analytics_storage, ad_user_data, and ad_personalization — and only updates to "granted" after the visitor has accepted the relevant category in the consent banner. Google receives cookieless pings for aggregate modeling until consent is granted; those pings do not include personal data or cross-site identifiers. When consent is denied and not later granted, no GA4 cookies are set on the visitor\u2019s device.

Surfacedd recognizes the Global Privacy Control (GPC) browser signal on surfacedd.com as a valid opt-out of sale, share, and targeted advertising under US state privacy laws that require recognition of a universal opt-out mechanism, including California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, and Texas. A confirmation signal is displayed when the opt-out has been registered. Because Surfacedd does not sell or share personal information for cross-context behavioral advertising, the GPC opt-out primarily affects analytics loading and consent-cookie treatment.

The legacy Do Not Track (DNT) header does not carry a uniform meaning across browsers and is not recognized by US state privacy laws or the GDPR. Surfacedd does not respond to DNT separately; GPC supersedes it for opt-out purposes.

Surfacedd treats local storage, session storage, and first-party pixels as equivalent to cookies for the purposes of this policy and the consent obligations above. The Surfacedd SDK that runs inside publisher AI applications does not drop cookies, read cookies, or read device advertising identifiers; see the Publisher Terms Addendum for the full technical representation.

Independent of Surfacedd\u2019s own controls, you can:

• Install the Google Analytics Opt-out Browser Add-on to prevent GA4 tracking across all sites.
• Enable Global Privacy Control in supporting browsers (globalprivacycontrol.org).
• Configure your browser to block all cookies or to prompt on each cookie set. This may prevent authentication from working.
• Control mobile OS-level ad and tracking settings, which affect the Surfacedd SDK inside publisher apps indirectly (for example, App Tracking Transparency on iOS and Play Data Safety controls on Android).

Surfacedd is a business-to-business service and its marketing website is not directed at children. Surfacedd does not knowingly collect personal data from children under the age thresholds described in Section 11 of the Privacy Policy.

The consent model described in Section 5 is calibrated to the stricter regimes. Country-specific clarifications:

• Germany (TTDSG §25). Consent is required for analytics cookies including GA4. Surfacedd does not treat analytics as strictly necessary.
• France (CNIL guidance). An explicit "Reject all" control is shown at first layer; consent logs are retained for audit; consent is re-asked at least every six months where CNIL requires.
• Italy (Garante guidance, 2021). Continued scrolling or link-clicks do not constitute consent; a first-layer reject button is provided.
• United Kingdom (ICO, updated December 2024). Equivalent prominence of accept and reject; clear opt-in for analytics.
• California and other US states with universal-opt-out recognition. Surfacedd honors Global Privacy Control and provides the "Do Not Sell or Share My Personal Information" link described in the Privacy Policy.

Surfacedd updates this Cookie Policy when the cookie inventory or consent model changes. The "Last updated" date at the top reflects the current revision. Material changes are communicated through the cookie consent banner and, for signed-in users, via the product dashboard. For questions about cookies or consent, contact [email protected].