Cookie Policy
- Version
- v0.4
- Status
- founder_draft
- Effective date
- TBD
- Last updated
- 2026-06-20
Full legal content
Cookie Policy
Closed-beta legal boundary: Founder-prepared draft for closed-beta readiness. Lawyer/CA review required before paid/public production. PGI Hub has no approved live payments, GST invoicing, vendor payouts, escrow, public marketplace launch, automated supplier award, or production legal approval under this pack.
1. Master Overview and Cookie Boundary
This Cookie Policy governs cookies, browser storage, local/session storage, consent records, security tokens, and third-party scripts used by PGI Hub — Procurement Global Intelligence in its no-payment closed-beta procurement intelligence and RFQ workflow environment.
PGI may load strictly necessary technologies for login, CSRF protection, closed-beta access, cookie preference storage, security, and core workflows. PGI must not load non-essential analytics, marketing, advertising, tracking, heatmap, or pixel scripts before applicable consent.
2. Cookie Definitions
| Term | PGI meaning |
|---|---|
| Cookie | Browser-stored value for session, security, settings, consent, or product operation. |
| Browser storage | Local/session storage used for UI state, consent state, or non-sensitive preferences. |
| Essential cookie | Required for service operation, login, CSRF, consent storage, security, or closed-beta access. |
| Non-essential cookie | Analytics, marketing, ads, tracking, heatmaps, pixels, session replay, or optional personalization. |
| Provider script | First-party or third-party script that provides product, security, analytics, support, or marketing functionality. |
| Consent record | Record of Accept All, Reject Non-Essential, Manage Settings, withdrawal, or later preference change. |
3. Cookie Categories
| category | purpose | examples | required for service | user choice available | loaded before consent yes/no | retention/expiry placeholder | linked policy |
|---|---|---|---|---|---|---|---|
| Essential | Run login, sessions, routing, CSRF, consent storage, closed-beta access, and core workflows. | session token; CSRF token; auth redirect state; consent ID | Yes | Limited | Yes | [ACTION REQUIRED: expiry per item] | Privacy Policy; Terms |
| Security | Protect accounts, admin actions, rate limits, abuse controls, and audit correlation. | device risk token; rate-limit marker; security event ID | Yes where configured | Limited | Yes only where security-required | [ACTION REQUIRED] | Security Disclosure; AUP |
| Preference | Remember non-sensitive UI choices and category preferences. | language; display setting; dismissed informational banner | No | Yes | No unless strictly necessary | [ACTION REQUIRED] | Privacy Policy |
| Analytics | Measure aggregate route usage, performance, errors, and closed-beta adoption. | page event; referrer; aggregate usage signal | No | Yes | No | [ACTION REQUIRED] | Privacy Policy |
| Marketing/Advertising | Campaign attribution, remarketing, ads, pixels, tracking audiences. | ad pixel; campaign cookie; tracking parameter | No | Yes | No | [ACTION REQUIRED] | Privacy Policy |
| Support/Feedback | Support/grievance widgets or feedback form state where enabled. | support widget state; ticket form state | No unless essential to support intake | Yes where non-essential | No unless essential | [ACTION REQUIRED] | Grievance Support Policy |
4. Essential Cookies
Essential cookies may load before consent only to operate PGI’s closed-beta service: authentication, session continuity, CSRF protection, consent preference storage, invitation/access control, basic routing, and required security. Essential cookies must not be used as hidden analytics or marketing tools.
5. Security Cookies
Security cookies and storage may support abuse prevention, rate limiting, admin access protection, audit correlation, and session integrity. They do not guarantee account safety, supplier legitimacy, quote accuracy, payment safety, or fraud prevention.
6. Preference Cookies
Preference cookies may remember non-sensitive UI choices. They must not store BOM contents, drawings, vendor contact data, RFQ commercial terms, quotes, certifications, or hidden contact information.
7. Analytics Cookies
Analytics cookies are non-essential unless separately classified and documented as operationally necessary. They may measure aggregate usage, product friction, route performance, and errors. They must not expose buyer confidential files, RFQ messages, quote details, hidden contacts, or commercially sensitive procurement data.
8. Marketing/Advertising Cookies
Marketing, advertising, remarketing, pixels, campaign attribution, heatmaps, and session replay are disabled by default in closed beta unless explicitly enabled after founder and legal/privacy review. They must not load before consent.
9. Third-Party Cookies and Provider Scripts
Third-party scripts require provider registration, category classification, data category, consent status, cross-border note, DPA/terms review, and owner. Codex must use an allowlist/gating pattern so non-essential scripts cannot initialize before consent.
10. Cookie Banner Operation
First website visit must show a banner unless valid consent exists. Required choices: Accept All, Reject Non-Essential, and Manage Settings. Required banner text:
PGI uses essential cookies to operate closed-beta access, security, and core workflows. With your choice, PGI may also use non-essential analytics or preference cookies to improve the product. Non-essential cookies are optional. Rejecting them will not block essential closed-beta functionality. PGI is a founder-prepared closed-beta platform and is not approved for paid/public production.
11. Cookie Preference Center Operation
The preference center must show categories, allow non-essential categories to be enabled/disabled, save preferences, and permit later withdrawal/change. Essential cookies may be shown as always active with service necessity. Closed-beta default should be essential-only until the user chooses otherwise.
12. Accept All / Reject Non-Essential / Manage Settings
| Action | Required behavior | Required record |
|---|---|---|
| Accept All | Enable essential and approved non-essential categories. | cookie_consent_accept_all, version, timestamp, categories. |
| Reject Non-Essential | Enable essential only; block analytics, marketing, advertising, heatmap, pixel, tracking. | cookie_consent_reject_non_essential, version, timestamp, disabled categories. |
| Manage Settings | Open category controls and save selected categories. | cookie_consent_manage_settings, selected categories. |
| Withdraw/Change | Replace prior choice and stop future loading for disabled categories. | cookie_consent_update, prior/new state hashes. |
13. Logged-Out Visitor Consent
Logged-out choices may be stored in a browser value or anonymous server consent log. PGI must not treat logged-out consent as verified identity. Clearing cookies may cause the banner to reappear.
14. Logged-In User Consent
Logged-in consent may be associated with account/workspace after review. User preference must not override stricter organization controls. When logged-out consent and logged-in consent conflict, PGI should apply the more conservative state until reconciled.
15. Consent Storage
Consent records should include document version, content hash, selected categories, timestamp, UI source, authenticated user ID where applicable, anonymous visitor ID where applicable, and withdrawal/update history.
16. Withdrawal and Preference Changes
Users must be able to change preferences through a footer link or account/privacy settings. Withdrawal affects future non-essential loading. Previously collected analytics may remain in logs or aggregated/anonymized records subject to retention and legal/audit exceptions.
17. Script-Gating Rule
Non-essential analytics, marketing, advertising, tracking, heatmap, or pixel scripts must not load before the user gives the applicable cookie consent. Rejection of non-essential cookies must not block access to essential PGI closed-beta functionality.
Implementation rule: consent state must be evaluated before any non-essential script tag, tag manager, pixel, heatmap, marketing SDK, session replay tool, or analytics SDK initializes.
18. Cookie Duration / Expiry Table
| cookie or storage item placeholder | category | purpose | duration | user control | deletion method | review status |
|---|---|---|---|---|---|---|
| [SESSION_COOKIE_NAME] | Essential | Authenticated session continuity | [ACTION REQUIRED: session or N days] | Logout/session expiry | Logout, expiry, browser clearing | Needs security/legal review |
| [CSRF_COOKIE_NAME] | Essential/Security | CSRF protection | [ACTION REQUIRED] | Limited | Expiry/browser clearing | Needs security review |
| [COOKIE_CONSENT_ID] | Essential | Store cookie choice and prevent repeated banner | [ACTION REQUIRED] | Yes | Preference center, browser clearing | Needs privacy review |
| [CLOSED_BETA_ACCESS_TOKEN] | Essential/Security | Invitation/access control where used | [ACTION REQUIRED] | Limited | Revocation/expiry | Needs closed-beta review |
| [ANALYTICS_CLIENT_ID] | Analytics | Measure aggregate usage | [ACTION REQUIRED] | Yes | Reject/withdraw non-essential; browser clearing | Disabled until reviewed |
| [ERROR_MONITORING_ID] | Security/Analytics | Diagnose product errors without confidential payloads | [ACTION REQUIRED] | Depends on classification | Provider deletion process | Needs provider review |
| [MARKETING_PIXEL_ID] | Marketing/Advertising | Campaign attribution or remarketing | [ACTION REQUIRED] | Yes | Reject/withdraw non-essential | Disabled in closed beta unless approved |
| [SUPPORT_WIDGET_STATE] | Support/Preference | Preserve support form/widget state | [ACTION REQUIRED] | Yes where non-essential | Preference center/browser clearing | Needs support review |
19. Provider Placeholder Table
| provider name placeholder | cookie/script purpose | category | data processed | loaded before consent yes/no | provider policy link placeholder | enabled in closed beta yes/no | review status |
|---|---|---|---|---|---|---|---|
| [HOSTING_PROVIDER] | Website/app delivery and security logs | Essential/Security | IP, request metadata, route, error data | Yes where necessary | [ACTION REQUIRED] | Yes, if selected | Terms/DPA/security review required |
| [AUTH_PROVIDER] | SSO/login and session handling | Essential/Security | Identity, email, login metadata | Yes where required | [ACTION REQUIRED] | Yes, if SSO enabled | Terms/DPA/security review required |
| [ANALYTICS_PROVIDER] | Website/product analytics | Analytics | Event metadata, route usage, device/browser data | No | [ACTION REQUIRED] | No until gated/reviewed | Privacy review required |
| [ERROR_MONITORING_PROVIDER] | Error monitoring and reliability | Security/Analytics | Error metadata, route, device/browser, possible payload snippets | Only if classified essential and minimized | [ACTION REQUIRED] | Pending review | Minimize confidential payloads |
| [MARKETING_PROVIDER] | Ads, pixels, campaign attribution | Marketing/Advertising | Campaign/referrer/device identifiers | No | [ACTION REQUIRED] | No by default | Disabled pending legal/privacy review |
| [SUPPORT_PROVIDER] | Support/grievance ticketing or widget | Support | Contact details, ticket text, metadata | No unless essential to intake | [ACTION REQUIRED] | Pending review | DPA/terms review required |
20. Cookie Names Placeholder Table
| cookie or storage item placeholder | category | required action before closed beta | notes |
|---|---|---|---|
| [COOKIE_CONSENT_ID] | Essential | Replace with real key name and retention. | Must store version/hash or reference. |
| [PGI_SESSION] | Essential | Replace with real auth/session cookie name. | Secure, HTTPOnly where applicable, SameSite configured. |
| [PGI_CSRF] | Essential/Security | Replace with real CSRF token name. | Must not store confidential BOM/vendor data. |
| [PGI_PREFS] | Preference | Confirm non-sensitive content only. | User-controllable if non-essential. |
| [PGI_ANALYTICS] | Analytics | Keep disabled until consent gating is proven. | Must not load before consent. |
| [PGI_MARKETING] | Marketing | Keep disabled in closed beta unless reviewed. | Must not load before consent. |
21. Security and Fraud Prevention Cookies
Security items may protect sessions, rate limits, admin actions, invitation enforcement, and audit correlation. They must be minimized and documented. They do not guarantee supplier identity, capability, stock, pricing, delivery, tax treatment, quality, or performance.
22. Cross-Device Limitation
Cookie choices may not apply across devices, browsers, private sessions, or cleared-cookie environments. Account-level syncing requires review.
23. Browser Controls
Users may block/delete cookies in browser settings. Blocking essential cookies may break login, RFQ workflows, vendor profile management, support forms, and security controls. Blocking non-essential cookies must not block essential closed-beta functionality.
24. Relationship to Privacy Policy
This policy supplements the Privacy Policy, Data Retention Policy, Data Usage Policy, and Grievance Support Policy. Conflicts should be resolved using the stricter privacy-protective closed-beta interpretation pending review.
25. Codex Implementation Requirements
| Requirement | Implementation expectation | Evidence |
|---|---|---|
| Cookie banner | Show on first visit unless valid consent exists. | Browser test and screenshot. |
| Preference center | Category controls for non-essential cookies. | UI route/modal test. |
| Reject Non-Essential | Blocks analytics, marketing, ads, heatmap, pixel, tracking. | Network/script inspection. |
| Script allowlist | Non-essential providers behind consent gate. | Code review and automated test. |
| Consent record | Stores version/hash/category/timestamp. | Backend or documented intake evidence. |
| Withdrawal | User can change or withdraw preferences. | UI and record test. |
26. Review Status
Founder-prepared closed-beta draft. Provider inventory, names, durations, DPA/terms, legal basis, consent UX, and lawyer/privacy review are required before paid/public production.