Online Tracking Policy
Technical Supplement // Infrastructure Tracking Vector Controls
1. Scope and Purpose
This Online Tracking Technologies Policy supplements the epikerdis LLC Website Privacy Policy. It provides the exact technical specifications, architectural data flows, and persistence parameters of the cookies, scripts, and tracking mechanisms deployed on our public-facing marketing domains (epikerdis.ai, helmos.ai, and talentwix.ai). This document is designed to provide complete technical transparency for enterprise procurement teams, Chief Information Security Officers (CISOs), and data privacy regulators.
2. Tagging Architecture and Data Flow Reality
epikerdis LLC employs a Client-Side Tagging architecture. We do not utilize Server-Side Tag Manager (sGTM) containers or data-stripping proxies at the edge for marketing telemetry.
When a user explicitly grants consent via our consent management platform, the React state immediately mounts the required <Script> components into the Document Object Model (DOM). At this exact moment, the user's browser executes direct HTTP network requests to external load balancers:
- https://www.googletagmanager.com (Google Analytics 4)
- https://js.hs-scripts.com (HubSpot)
IP Exposure & Anonymization: Because we use client-side tagging, the user's raw IP address is exposed to these external networks during the initial TLS handshake. However, Google Analytics 4 automatically drops and anonymizes IP addresses by default before logging data into their databases. epikerdis LLC relies on Google Consent Mode v2 payload flags (e.g., 'analytics_storage': 'granted') to statelessly dictate how third-party vendors process this data.
4.0 Regulatory Cookie Disclosure Tables
The following matrices catalogue the precise runtime behaviors, lifespans, and identity resolution metrics of data tracking tokens executing within our unified marketing ecosystem.
Category A: Strictly Necessary / Essential Cookies
These cookies are critical to the underlying security and legal compliance of the website. Under the GDPR, CCPA, and ePrivacy Directive, user consent is not required to deploy these technologies, as they do not track, profile, or collect behavioral analytics.
| Cookie Name | Provider | Lifespan | Technical Purpose |
|---|---|---|---|
| cc_cookie | epikerdis LLC (First-Party) | 182 Days (Strict) | Consent State Memory:A strictly first-party token used by our Vanilla CookieConsent engine to record the user's legal privacy choices. It ensures the privacy banner does not reappear on every page and enforces "Zero-Data Retention" requests. If a user returns after 183 days, the cookie self-deletes and consent must be re-acquired. |
| Google Cloud Armor (various) | Google Cloud Platform | Session / Transient | Network Security: Edge-level load-balancing tokens required for DDoS mitigation and Web Application Firewall (WAF) execution to ensure network availability and security. |
Category B: Analytics and Performance Telemetry
These cookies are deployed only if the user explicitly authorizes telemetry (or if Global Privacy Control is disabled). We retain the vendor-default expiration timelines. These cookies utilize a Rolling Expiration behavior, meaning their expiration timestamps reset upon each subsequent visit to the site.
| Cookie Name | Provider | Lifespan | Technical Purpose |
|---|---|---|---|
| _ga | Google Analytics 4 | 2 Years (Rolling)* | Core analytics token used to distinguish unique users and aggregate traffic metrics. (Note: Limited to 400 days or less by browsers enforcing Intelligent Tracking Prevention like Safari/Brave). |
| _gid | Google Analytics 4 | 24 Hours (Rolling) | Identifies discrete browsing sessions and groups user interactions over a 24-hour window. |
Category C: CRM and Lead Routing Telemetry
These cookies integrate with our B2B Customer Relationship Management architecture. They are deployed only upon explicit user consent and utilize a Rolling Expiration behavior.
| Cookie Name | Provider | Lifespan | Technical Purpose |
|---|---|---|---|
| __hstc | HubSpot | 180 Days (Rolling) | The main tracking cookie used to track visitors over time. It contains the domain, user token (utk), initial timestamp, last timestamp, current timestamp, and session number. |
| hubspotutk | HubSpot | 180 Days (Rolling) | An identity tracking token. If the user subsequently submits a secure Next.js Server Action form, this token is used to statelessly append their browsing history to their CRM contact record. |
3. The "Zero-Data Retention" Termination Switch
While our analytics providers set default persistent expiration dates (detailed in the tables below), epikerdis LLC mandates a strict "Zero-Data Retention" policy governed entirely by user control.
Users maintain absolute control over their local browser state. At any time, a user can click the "Telemetry Protocols" link located in the website footer to review or revoke their consent. Upon revocation, our systems are engineered to immediately and forcefully purge the ga, gid, hubspotutk, and __hstc cookies from the user's browser, instantly terminating the tracking lifecycle regardless of the original persistent expiration date.
5. Global Privacy Control (GPC) Enforcement
epikerdis LLC actively listens for the Sec-GPC header transmitted by modern privacy-centric browsers. If a GPC signal is detected, the website defaults to a hard "Deny" state. The cc_cookie is instantly written to block Categories B and C, ensuring zero third-party telemetry is injected into the DOM, satisfying opt-out requirements under the CCPA/CPRA.