2. The categories of cookies we use
| Category | Purpose | Examples | Consent required? |
|---|---|---|---|
| Strictly necessary | Sign-in, session management, security (CSRF tokens), load-balancing, locale and theme preferences | aria_session, aria_csrf, aria_locale, aria_theme | No (legitimate interest / contract) |
| Functional | Remember your cookie-banner choice, the brand you last selected in a multi-brand workspace, your customised layout | aria_cookie_consent, aria_active_brand | No (strictly necessary to honour your choice) |
| Analytics | Understand aggregated traffic patterns, which pages convert, where visitors drop off | Vercel Analytics (first-party, IP-anonymised), GA4 via Google Tag Manager (when enabled) | Yes |
| Marketing | Measure the success of campaigns that brought you to ARIA; conversion-attribution for partners | _fbp (only if you click a paid social ad), partner affiliate cookies | Yes |
3. Per-jurisdiction defaults
Different laws set different defaults for non-essential cookies. We honour the rule that applies where you are reading this from:
- EU, EEA, UK, Switzerland — GDPR-strict. No analytics or marketing cookies are set until you explicitly opt in through the banner. Strictly-necessary cookies are set unconditionally because they are required for the site to work. You can decline non-essential cookies and still use the site.
- United States — opt-out-default. Analytics and marketing cookies are set on first visit; the banner offers a single click to withdraw. California residents have a CCPA right to opt out of the “sale or sharing” of personal information; we do not sell or share, and the opt-out is honoured by default.
- Canada and other jurisdictions — opt-out-default unless local law requires opt-in. Quebec residents under Law 25 see a strict-by-default banner consistent with EU treatment.
The jurisdiction is determined from the country your IP address resolves to at first visit, written to a short-lived first-party cookie (aria_jurisdiction) for the rest of the session, and never shared with third parties. If you would like to override the default for any reason, change your preference below.
4. Manage your cookie preferences
You can change your preferences at any time on this page. The settings are stored in aria_cookie_consent on your browser; clearing your browser storage resets the banner.
5. Third-party cookies and tracking
Some embedded content — for example a YouTube product video or a public Loom recording — sets its own cookies. We try to use privacy-respecting embeds (no-cookie YouTube, anonymised players) where possible, and we list any third-party tracker that could be set on our public pages here:
- Vercel Analytics (first-party, IP-anonymised at edge before storage). Disabled if you decline analytics in your jurisdiction.
- Google Tag Manager + Google Analytics 4 — only loaded if the customer organisation has provided container IDs in production env and you have consented (where consent is required).
- Cloudflare bot-management tokens — strictly necessary for DDoS-protection and the security of the site.
8. Changes to this Policy
We will update this Policy whenever we add, remove, or change a cookie category. Material changes are notified at the top of the banner the next time you visit. Prior versions are accessible through the “View previous versions” link at the top of this page.
9. Contact
For cookie or privacy questions, email privacy@simplification.io. For complaints we cannot resolve, EU/EEA/UK residents may contact their local data protection authority; California residents may contact the California Privacy Protection Agency.