Cookie Policy - THE PIVOTAL PROTOCOL Academy

Section 01Summary

THE PIVOTAL PROTOCOL Academy uses two cookies. One keeps you logged in. One remembers your privacy choices. We do not run advertising trackers, retargeting pixels, or third-party analytics that profile your behavior across the web.

Plain version. Two cookies, both first-party. No ads. No data sales. You can change your mind at any time using the button below or the link in the footer of every page.

Section 02What cookies we use

Name	Purpose	Type	Lifetime
`tpp_session`	Keeps you logged into the Academy. Required to access your dashboard, notes, bookmarks, and saved protocols.	Essential, first-party, HttpOnly, Secure	Session, or up to 30 days if you select "stay signed in"
`tpp_consent`	Remembers your cookie preferences so we do not show the banner on every visit and so the server knows what is allowed.	Essential, first-party	365 days

Both cookies are first-party. Neither cookie carries identifying information that another website could read.

Section 03What cookies we do not use

This list is intentionally long because the absence of these technologies is a feature, not an oversight.

No third-party advertising cookies. No Facebook Pixel, no Google Ads remarketing, no LinkedIn Insight Tag, no TikTok Pixel, no X Pixel.
No third-party analytics that track across sites. No Google Analytics, no Mixpanel, no Segment, no Heap, no Hotjar, no FullStory, no LogRocket.
No data brokers or audience networks. We do not sell, rent, or trade audience segments derived from your behavior.
No social-share tracking pixels. Share buttons, where they exist, are static links and do not call out to social platforms until you click.
No fingerprinting. We do not use canvas, audio, font, or device fingerprinting to identify you across sessions.
No session replay or screen recording. We do not capture mouse movement, scrolling, or keystrokes for replay.
No A/B testing platforms that drop persistent identifiers. When we test layout changes we use server-side cohorting that does not write to your browser.
No third-party chat widgets. Customer support is by email at [email protected].

Section 04Categories explained

Essential

Required for the Academy to function. Includes session authentication, security, and remembering your privacy preferences. These cannot be turned off because the Academy will not work without them. We rely on Article 6(1)(f) GDPR (legitimate interest) and the strictly necessary exemption under ePrivacy.

Analytics (opt-in)

First-party only. Anonymous. Helps us see which lessons readers complete and where they drop off so we can improve the curriculum. No third-party trackers. Off by default. Toggle on at any time using the cookie preferences button.

Marketing (opt-in)

Reserved category. We currently load no marketing or remarketing pixels. The toggle exists so that if we ever introduce one (we do not plan to) it remains an explicit, recorded opt-in rather than an assumed default.

Section 05How to manage your preferences

Inside the Academy

Use the Cookie Preferences link in the footer of every page, or click the button below. Your selections are remembered for 365 days.

In your browser

You can also block or delete cookies through your browser settings. Doing so for the tpp_session cookie will sign you out and require you to log in again.

Chrome. Settings then Privacy and security then Cookies and other site data.
Safari. Settings then Privacy then Manage Website Data.
Firefox. Settings then Privacy and Security then Cookies and Site Data.
Edge. Settings then Cookies and site permissions.

Global Privacy Control

If your browser sends a Global Privacy Control (GPC) signal, we treat it as an opt-out of analytics and marketing. You do not need to also click "Essential only" in the banner.

Section 06Third-party services

The Academy uses three categories of third-party infrastructure providers. These providers receive only the minimum data needed to deliver their service. None of them place tracking cookies on your behalf.

Provider	Purpose	What it sees
Cloudflare	Hosting, content delivery, DDoS protection, security WAF.	Standard request metadata (IP, user agent, request path). No tracking cookies. Cloudflare may set the `__cf_bm` bot-management cookie which is strictly necessary for security.
Stripe	Payment processing for paid courses and subscriptions.	Only data submitted on the checkout page (card details, billing address, email). Stripe uses its own cookies on its own domain to detect fraud. We never see your card number.
MailChannels and Resend	Transactional email delivery for receipts, password resets, and account notifications.	Your email address and the message body. No tracking pixels are embedded in our emails.

Section 07Changes to this policy

If we add or remove a cookie, we update this page and the "Last updated" date at the top. Material changes (a new category, a new third-party provider) are announced in the cookie banner so you can review your choices.

Section 08Contact

Questions about cookies, requests to exercise data rights, or anything privacy-adjacent: [email protected].

For broader privacy information including data export and account deletion, see our privacy policy.