[MENU]

Online Tracking Policy

Technical Supplement // Infrastructure Tracking Vector Controls

1. Scope and Purpose

This Online Tracking Technologies Policy supplements the epikerdis LLC Website Privacy Policy. It provides the exact technical specifications, architectural data flows, and persistence parameters of the cookies, scripts, and tracking mechanisms deployed on our public-facing marketing domains (epikerdis.ai, helmos.ai, and talentwix.ai). This document is designed to provide complete technical transparency for enterprise procurement teams, Chief Information Security Officers (CISOs), and data privacy regulators.

2. Tagging Architecture and Data Flow Reality

epikerdis LLC employs a Client-Side Tagging architecture. We do not utilize Server-Side Tag Manager (sGTM) containers or data-stripping proxies at the edge for marketing telemetry.

When a user explicitly grants consent via our consent management platform, the React state immediately mounts the required <Script> components into the Document Object Model (DOM). At this exact moment, the user's browser executes direct HTTP network requests to external load balancers:

  • https://www.googletagmanager.com (Google Analytics 4)
  • https://js.hs-scripts.com (HubSpot)

IP Exposure & Anonymization: Because we use client-side tagging, the user's raw IP address is exposed to these external networks during the initial TLS handshake. However, Google Analytics 4 automatically drops and anonymizes IP addresses by default before logging data into their databases. epikerdis LLC relies on Google Consent Mode v2 payload flags (e.g., 'analytics_storage': 'granted') to statelessly dictate how third-party vendors process this data.

3. The "Zero-Data Retention" Termination Switch

While our analytics providers set default persistent expiration dates (detailed in the tables below), epikerdis LLC mandates a strict "Zero-Data Retention" policy governed entirely by user control.

Users maintain absolute control over their local browser state. At any time, a user can click the "Telemetry Protocols" link located in the website footer to review or revoke their consent. Upon revocation, our systems are engineered to immediately and forcefully purge the ga, gid, hubspotutk, and __hstc cookies from the user's browser, instantly terminating the tracking lifecycle regardless of the original persistent expiration date.

4.0 Regulatory Cookie Disclosure Tables

The following matrices catalogue the precise runtime behaviors, lifespans, and identity resolution metrics of data tracking tokens executing within our unified marketing ecosystem.

Category A: Strictly Necessary / Essential Cookies

These cookies are critical to the underlying security and legal compliance of the website. Under the GDPR, CCPA, and ePrivacy Directive, user consent is not required to deploy these technologies, as they do not track, profile, or collect behavioral analytics.

Cookie NameProviderLifespanTechnical Purpose
cc_cookieepikerdis LLC (First-Party)182 Days (Strict)Consent State Memory: A strictly first-party token used by our Vanilla CookieConsent engine to record the user's legal privacy choices. It ensures the privacy banner does not reappear on every page and enforces "Zero-Data Retention" requests. If a user returns after 183 days, the cookie self-deletes and consent must be re-acquired.
Google Cloud Armor (various)Google Cloud PlatformSession / TransientNetwork Security: Edge-level load-balancing tokens required for DDoS mitigation and Web Application Firewall (WAF) execution to ensure network availability and security.
Note on Authentication and CSRF Architecture:epikerdis LLC utilizes a modern App Router architecture operating as a stateless "Control Plane." We do not deploy local frontend authentication session cookies. Furthermore, we do not utilize legacy persistent CSRF cookies; our Next.js Server Actions enforce CSRF protection statelessly via encrypted HTTP headers (specifically x-action-csrf-token).

Category B: Analytics and Performance Telemetry

These cookies are deployed only if the user explicitly authorizes telemetry (or if Global Privacy Control is disabled). We retain the vendor-default expiration timelines. These cookies utilize a Rolling Expiration behavior, meaning their expiration timestamps reset upon each subsequent visit to the site.

Cookie NameProviderLifespanTechnical Purpose
_gaGoogle Analytics 42 Years (Rolling)*Core analytics token used to distinguish unique users and aggregate traffic metrics. (Note: Limited to 400 days or less by browsers enforcing Intelligent Tracking Prevention like Safari/Brave).
_gidGoogle Analytics 424 Hours (Rolling)Identifies discrete browsing sessions and groups user interactions over a 24-hour window.

Category C: CRM and Lead Routing Telemetry

These cookies integrate with our B2B Customer Relationship Management architecture. They are deployed only upon explicit user consent and utilize a Rolling Expiration behavior.

Cookie NameProviderLifespanTechnical Purpose
__hstcHubSpot180 Days (Rolling)The main tracking cookie used to track visitors over time. It contains the domain, user token (utk), initial timestamp, last timestamp, current timestamp, and session number.
hubspotutkHubSpot180 Days (Rolling)An identity tracking token. If the user subsequently submits a secure Next.js Server Action form, this token is used to statelessly append their browsing history to their CRM contact record.

5. Global Privacy Control (GPC) Enforcement

epikerdis LLC actively listens for the Sec-GPC header transmitted by modern privacy-centric browsers. If a GPC signal is detected, the website defaults to a hard "Deny" state. The cc_cookie is instantly written to block Categories B and C, ensuring zero third-party telemetry is injected into the DOM, satisfying opt-out requirements under the CCPA/CPRA.