This Cookie Policy explains how InPolicy LLC ("InPolicy") uses cookies and similar technologies on our website and platform. It should be read together with our Privacy Policy at https://inpolicy.ai/legal/privacy-policy. This Cookie Policy applies to all visitors to InPolicy’s website and users of the Service, regardless of whether they hold an InPolicy account. By continuing to browse our website after being presented with cookie information, or by accepting cookies through our consent mechanism, you acknowledge that you have read and understood this Cookie Policy. Where we rely on your consent to place cookies, you have the right to withdraw that consent at any time as described in Section 4 below.
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They may be "session cookies" (deleted when you close your browser) or "persistent cookies" (stored until a set expiry or until you delete them). Similar technologies include web beacons, pixel tags, and local storage. Cookies may be set by InPolicy (“first-party cookies”) or by third-party services operating on our behalf (“third-party cookies”). The legal basis for the use of strictly necessary cookies is our legitimate interest in providing a functional and secure website and Service. The legal basis for analytics, performance, and functional cookies varies by jurisdiction and is described in Section 2 below.
2. What Cookies We Use
2.1 Strictly Necessary Cookies
Essential for the Service to function and cannot be disabled. These maintain your authenticated session, remember cookie consent preferences, enable security features (e.g. CSRF protection), and support core platform functionality. They do not track you for marketing purposes. Strictly necessary cookies do not require your consent under the GDPR, ePrivacy Directive, or any applicable data protection law because they are essential for the provision of the Service you have requested. These cookies are set as first-party cookies and are not shared with third parties. Strictly necessary cookies are typically session cookies that expire when you close your browser, although certain cookies related to security and consent preferences may persist for a limited period.
2.2 Analytics and Performance Cookies
Help us understand how the Service is used so we can improve it. They collect anonymized, aggregated information — such as session duration, page views, and feature interaction signals — with no personally identifiable information.
For users in the EEA and UK: Analytics cookies will only be placed following your prior opt-in consent, in accordance with the GDPR and ePrivacy Directive. Consent is obtained through an affirmative action (e.g., clicking an “Accept” or “Allow” button on our consent management interface) before any analytics cookies are set. No analytics cookies will be loaded or activated until valid consent has been recorded. Consent is freely given, specific, informed, and unambiguous, as required by Article 7 of the GDPR and applicable guidance from the European Data Protection Board. The legal basis for processing data collected through analytics cookies for EEA and UK users is consent (Article 6(1)(a) GDPR). Pre-checked boxes, implied consent through continued browsing, or cookie walls that condition access to the Service on acceptance of analytics cookies do not constitute valid consent. You will be asked for consent before these cookies are set, and you may withdraw consent at any time using the cookie preferences controls described in Section 4.
For all other users: You can opt out of analytics cookies at any time using the cookie preferences controls described in Section 4. For users outside the EEA and UK, the legal basis for analytics cookies is InPolicy’s legitimate interest in understanding how the Service is used and improving its performance. You may object to this processing at any time by opting out as described in Section 4. Analytics cookies set on an opt-out basis will be clearly identified in our consent management interface.
2.3 Functional Cookies
Allow the Service to remember choices you make (e.g. display preferences or language settings).
For users in the EEA and UK: Functional cookies (other than those strictly necessary) will only be placed following your prior opt-in consent. You may withdraw consent at any time, though doing so may affect Service functionality. Consent for functional cookies is obtained through the same affirmative consent mechanism described in Section 2.2 above. The legal basis for processing data collected through functional cookies for EEA and UK users is consent (Article 6(1)(a) GDPR). Upon withdrawal of consent, InPolicy will cease setting functional cookies on your device, and any existing functional cookies will expire in accordance with their normal lifecycle or may be deleted by you through your browser settings.
For all other users: You can opt out of functional cookies at any time, though doing so may affect Service functionality.
3. Advertising and Tracking Practices
InPolicy products are ad-free. We do not permit third-party advertising cookies within the InPolicy application. Some cookies or similar technologies used on our website may constitute a “sale” or “sharing” of personal information under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). California residents may opt out of such sale or sharing using the “Do Not Sell or Share My Personal Information” link in our website footer or through the cookie preferences described in Section 4. InPolicy honors Global Privacy Control signals as a valid opt-out request where required by applicable law. Visitors in the EEA and UK are covered by the opt-in consent mechanism described in Section 2. InPolicy does not use fingerprinting techniques (e.g., canvas fingerprinting, WebGL fingerprinting, or audio fingerprinting) to track or identify users across sessions or devices.
4. Your Cookie Choices
Cookie Preferences: Manage your preferences at any time by clicking "Cookie Preferences" in the footer of our website. Strictly necessary cookies cannot be disabled. InPolicy uses a consent management platform to allow you to manage your cookie preferences. The consent management interface provides granular control over each category of non-essential cookies (analytics and functional), allowing you to accept or reject each category independently. Your consent preferences are stored in a cookie on your device and are respected on subsequent visits. You may change your preferences at any time.
EEA and UK Users: Non-essential cookies (analytics and functional) will not be set without your prior consent. You will be presented with a consent banner on first visit and may update your preferences at any time via the "Cookie Preferences" link. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal. The consent banner will clearly identify each category of cookies for which consent is being requested, the purposes of each category, and the identities of any third parties that may set cookies. Consent is recorded and logged for compliance and audit purposes. The consent banner is designed to comply with the requirements of the GDPR (including Article 7 and Recital 32), the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC), and applicable guidance from the European Data Protection Board, including its Guidelines 05/2020 on consent. For users accessing the website from the United Kingdom, the consent mechanism also complies with the UK Privacy and Electronic Communications Regulations 2003 (PECR). Refusing non-essential cookies will not affect your ability to access or use the core functionality of the Service.
Browser Controls: Most browsers allow you to view, manage, delete, and block cookies. Note that blocking all cookies may affect Service functionality. For more information on how to manage cookies in your specific browser, please visit your browser’s help documentation. Common browsers include: Google Chrome (chrome://settings/cookies), Mozilla Firefox (about:preferences#privacy), Apple Safari (Preferences > Privacy), and Microsoft Edge (edge://settings/privacy). Please note that if you use different devices or browsers, you will need to manage your cookie preferences separately on each.
Analytics Opt-Out: Adjust analytics preferences using our cookie preferences controls or, where applicable, the opt-out mechanisms provided by our analytics providers.
5. Third-Party Cookies
Where third-party services are used in connection with the Service, those third parties may set their own cookies subject to their own privacy policies. Our current third-party service providers are listed in our Privacy Policy under the Subprocessors section. InPolicy does not control the cookies set by third-party services and is not responsible for the content or privacy practices of those third parties. Third-party cookies used in connection with the Service are limited to those necessary for the operation of the Service (such as infrastructure and analytics providers) and are subject to the same consent requirements described in Section 2 above. InPolicy conducts due diligence on third-party service providers to ensure their cookie practices are consistent with this Cookie Policy and applicable data protection law. InPolicy will update the list of third-party service providers in our Privacy Policy as changes occur and will provide at least thirty (30) days’ advance notice before engaging any new third-party service provider that sets cookies.
6. Do Not Track
InPolicy currently does not respond to browser Do Not Track (DNT) signals, as there is no consistent industry standard. We will update this policy if a standard is established. InPolicy does recognize and honor Global Privacy Control (GPC) signals where required by applicable law, including the CCPA. When InPolicy detects a GPC signal from your browser, InPolicy will treat it as a valid opt-out of the sale or sharing of personal data (as those terms are defined under the CCPA), to the extent applicable. InPolicy will ensure that no analytics or tracking cookies are set for users transmitting a GPC signal in jurisdictions where GPC signals are legally recognized.
7. Changes to This Policy
We may update this Cookie Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last updated" date. Material changes include, without limitation, the introduction of new cookie categories, changes to the purposes for which cookies are used, or changes to the third parties that set cookies in connection with the Service. Where a material change requires renewed consent under applicable data protection law (for example, the introduction of a new category of non-essential cookies), InPolicy will seek such consent through its consent management interface before the new cookies are set. InPolicy will use commercially reasonable efforts to provide advance notice of material changes via the consent management interface or by other reasonable means.
7A. Cookie Retention
The retention period for cookies set by InPolicy varies depending on the type and purpose of the cookie. Session cookies are automatically deleted when you close your browser. Persistent cookies are retained for a maximum of thirteen (13) months from the date they are set, in accordance with the guidance of the French Data Protection Authority (CNIL) and European Data Protection Board best practices. InPolicy periodically reviews its cookie retention periods to ensure they remain proportionate and necessary. Consent preferences cookies are retained for twelve (12) months, after which you will be asked to renew your consent. You may delete any cookie at any time through your browser settings.
7B. Legal Basis Summary
The following summarizes the legal basis for each category of cookies used by InPolicy: (a) Strictly Necessary Cookies: legitimate interest (no consent required) under Article 5(3) of the ePrivacy Directive and equivalent provisions under PECR; (b) Analytics and Performance Cookies (EEA/UK): consent (Article 6(1)(a) GDPR); (c) Analytics and Performance Cookies (all other users): legitimate interest, with opt-out available; (d) Functional Cookies (EEA/UK): consent (Article 6(1)(a) GDPR); (e) Functional Cookies (all other users): legitimate interest, with opt-out available. InPolicy does not rely on the “soft opt-in” exception for any cookies.
8. Contact Us
InPolicy LLC
Email: privacy@inpolicy.ai
If you are located in the EEA or the UK and have questions or concerns about our use of cookies that we have not been able to resolve, you have the right to lodge a complaint with your local data protection Supervisory Authority. For the UK, you may contact the Information Commissioner’s Office (ICO). For the EEA, a list of Supervisory Authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.