Cookie Policy

Table of Contents

1. Scope of This Policy

This policy covers all tracking technologies deployed on abson.ai, including cookies, local storage, session storage, browser fingerprinting, pixel tags, web beacons, and server-side tracking mechanisms. References to “cookies” throughout this document should be read as encompassing all such technologies unless a distinction is explicitly drawn. The ePrivacy Directive applies to “similar technologies,” not only cookies in the narrow sense, and this policy reflects that broader scope.

2. Audience and Age Restrictions

This site is intended for users aged 18 and older. We do not knowingly deploy analytics, preference, or marketing tracking technologies for users below this age threshold. If you are a parent or guardian and believe your child has been tracked through our site, contact us using the details in Section 14 and we will delete the relevant data promptly.

3. What Are Cookies and Tracking Technologies

Cookies are small text files that a website places on your device (computer, tablet, or phone) when you visit. They allow the site to recognise your browser, remember your preferences, and collect information about how you interact with the site. Some cookies are deleted when you close your browser (session cookies); others remain on your device for a defined period (persistent cookies).

Beyond traditional cookies, websites may also use local storage and session storage (browser-based data stores that function similarly to cookies but can hold larger amounts of data), pixel tags and web beacons (small transparent images embedded in pages or emails that confirm whether content has been viewed), browser fingerprinting (collecting device and browser configuration details to identify a visitor without placing a file on their device), and server-side tracking (logging interactions on the server rather than through client-side scripts). Where we use any of these technologies, they are disclosed in the inventory table in Section 6 and governed by the same consent requirements described in this policy.

4. How We Use Cookies

We use tracking technologies for four purposes, each described below. Strictly necessary cookies operate without your consent because the site cannot function without them. All other categories require your affirmative opt-in through our consent banner before any such technologies are activated.

Retention periods for each technology are set to the minimum duration necessary for its stated purpose. Where a cookie persists beyond a single session, the specific duration and its justification are noted in the inventory table below.

4.1 Strictly Necessary Cookies

These cookies are essential for the website to operate. They enable core functions such as session management, security protections, and storing your consent preferences. Because the site cannot function without them, they are exempt from consent requirements under both the GDPR and CCPA/CPRA.

4.2 Analytics Cookies

Analytics cookies help us understand how visitors use the site by collecting information such as pages visited, time spent, and navigation paths. We process this data in aggregate form to improve site performance and content. These cookies are set only after you provide consent through our cookie banner.

4.3 Preference Cookies

Preference cookies remember settings you have chosen, such as your language, region, or display preferences. They improve your experience on return visits by recalling your choices so you do not need to re-enter them. These cookies are set only after you provide consent.

4.4 Marketing Cookies

Marketing cookies track your browsing activity to deliver advertisements relevant to your interests and to measure the effectiveness of advertising campaigns. These cookies may be placed by third-party advertising partners. They are set only after you provide consent. Under the CCPA/CPRA, the use of marketing cookies may constitute a “sale” or “sharing” of personal information as defined by the CCPA/CPRA; see Section 10 for your rights regarding this.

5. Automated Decision-Making and Profiling

Data collected through analytics and marketing cookies may be used by third-party providers to build interest-based profiles for advertising purposes. This constitutes profiling as defined under GDPR Article 4(4). Where such profiling occurs, it is carried out by the third-party provider in accordance with its own privacy policy and does not produce legal effects or similarly significant effects on you.

We do not use cookie-derived data to make automated decisions that produce legal effects or significantly affect you, such as personalised pricing, credit assessments, or access restrictions. If this changes in the future, we will update this policy, refresh the consent banner, and provide you with the right to obtain human intervention, express your point of view, and contest the decision, as required under GDPR Article 22.

6. Cookie and Tracking Technology Inventory

The table below lists the specific tracking technologies we use, their providers, purposes, types, and retention periods. We audit this inventory periodically and update it when our technology stack changes.

Website Cookies

These cookies are set on ABSON.ai's public marketing and informational pages.

ABSON Application Cookies

These cookies are set when you sign in and use the authenticated ABSON.ai application.

All Clerk-managed cookies are set as httpOnly (inaccessible to JavaScript) and transmitted only over HTTPS. None contain protected health information or personally identifiable information in human-readable form.

7. Consent Mechanism

When you first visit our site, a consent banner presents you with the tracking technology categories described above. No analytics, preference, or marketing technologies are activated until you make an affirmative selection. You may accept all optional categories, select specific categories, or reject all optional tracking. Strictly necessary cookies cannot be disabled.

The consent banner is accessible via keyboard navigation and compatible with screen readers in accordance with WCAG 2.1 Level AA. The published version of this policy, including the inventory table, uses proper semantic HTML markup to ensure accessibility for assistive technologies.

Your consent preferences are stored in the cookie_consent cookie (see the inventory above) and persist for 12 months. You may change your preferences at any time by clicking the “Cookie Settings” link in the site footer, which reopens the consent banner. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Do Not Track Signals

Some browsers transmit a Do Not Track (DNT) header with each request. We do not currently respond to DNT signals because there is no industry-wide standard for how to interpret them. Instead, we rely on our consent mechanism described in Section 7 to respect your tracking preferences. You may manage your preferences at any time through the Cookie Settings link.

9. Third-Party Cookies and Providers

The only third-party cookies on the Platform are set by Clerk, our authentication provider. Clerk is SOC 2 Type II certified and maintains a HIPAA Business Associate Agreement. Clerk processes session data solely to provide authentication services; it does not use your session data for advertising or analytics. You can review Clerk’s privacy practices at clerk.com/legal/privacy.

We do not integrate any advertising networks, social media pixels, or third-party analytics services that would set cookies on your device.

10. Your Rights

10.1 Under the GDPR (EEA, UK, Switzerland)

You have the right to access, rectify, erase, restrict processing of, and port the personal data collected through tracking technologies. You also have the right to withdraw consent at any time via the Cookie Settings link. Our lawful basis for processing data through strictly necessary cookies is legitimate interest (Article 6(1)(f) GDPR); for all other categories, the basis is your consent (Article 6(1)(a) GDPR). If tracking data is used for profiling, you have additional rights under Article 22 as described in Section 5. To exercise your rights, contact us using the details in Section 14.

10.2 Under the CCPA/CPRA (California Residents)

California residents have the right to know what personal information is collected, to delete it, to correct inaccurate personal information, to opt out of its sale or sharing, and to non-discrimination for exercising these rights. The use of marketing cookies on our site may constitute a “sale” or “sharing” of personal information as defined by the CCPA/CPRA. You can opt out by declining marketing cookies in our consent banner or by clicking the “Do Not Sell or Share My Personal Information” link in the site footer.

11. International Data Transfers

Some of the third-party tracking technology providers listed above are based in the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, this means your data may be transferred to a country that the European Commission has not recognised as providing an adequate level of data protection. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organisational safeguards where necessary, to provide a lawful basis for these transfers.

12. Data Security and Breach Notification

Data collected through cookies and tracking technologies is covered by our organisational information security measures and our incident response procedures. In the event that tracking-related personal data is compromised — for example, through a session hijack, a third-party analytics breach, or unauthorised access to cookie-derived data — we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly and without undue delay, as required by GDPR Article 34.

13. Managing Cookies via Your Browser

Independent of our consent mechanism, you can control or delete cookies through your browser settings. Most browsers allow you to block all cookies, block only third-party cookies, or delete cookies when you close the browser. Be aware that disabling strictly necessary cookies may prevent the site from functioning correctly. Instructions for managing cookies are available in the help documentation for your browser:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge

14. Contact

If you have questions about this policy or wish to exercise your rights regarding personal data collected through tracking technologies, contact us at:

• ABSON.ai
• Info@abson.ai

15. Changes to This Policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. The version number and “Last updated” date at the top of this document indicate the most recent revision. Where changes are material — such as the addition of new third-party tracking technologies, changes to retention periods, or new categories of data processing — we will notify you through a prominent notice on our site and refresh the consent banner so you can review and update your preferences.

15.1 Changelog

16. Accessibility

We are committed to making this policy and our consent mechanism accessible to all users. The published version of this policy meets WCAG 2.1 Level AA standards, including proper heading hierarchy, semantic table markup with labelled headers, sufficient colour contrast, and compatibility with screen readers. The consent banner supports full keyboard navigation and provides focus indicators for all interactive elements. If you experience any accessibility barriers when reviewing this policy or managing your cookie preferences, please contact us using the details in Section 14.

This policy is available in English. If you require it in an additional language, contact us and we will make reasonable efforts to accommodate your request.