Wishlist
0

Cookie Policy

Home / Cookie Policy

Cookie & Tracking Technologies Policy

Contents

  1. Purpose & Scope
  2. Who We Are
  3. Key Definitions
  4. Why We Use Cookies
  5. Legal Framework
  6. Categories of Cookies & Tracking Technologies
  7. Detailed Cookie Schedule (Master List)
  8. Cookie Consent Mechanism
  9. How to Withdraw or Modify Consent
  10. Managing Cookies in Your Browser (Step-by-Step Guides)
  11. Third-Party Cookies & SDKs
  12. Server Logs, Local Storage, and Device Finger-printing
  13. Advertising, Retargeting & Cross-Site Tracking
  14. Analytics & Performance Measurement
  15. Do-Not-Track Signals & Global Privacy Control
  16. International Data Transfers
  17. Security Measures for Cookie-Based Data
  18. Data Retention & Expiration Rules
  19. Special Provisions for Mobile Apps & Progressive Web Apps
  20. Children’s Data & Age Gating
  21. Region-Specific Disclosures (EEA/UK, California, Virginia, Quebec, Brazil, Australia)
  22. Changes to This Policy
  23. Contact Information
  1. Purpose & Scope

This Cookie & Tracking Technologies Policy (“Cookie Policy”) explains in exhaustive detail how Timeless Galaxy LLC (“Timeless Galaxy,” “we,” “us”) uses cookies, pixels, local storage objects, software development kits (SDKs), log files, and similar tracking technologies (collectively, “Cookies”) on www.timelessgalaxy.com, inclusive of all sub-domains, mobile sites, embedded learning-management platform pages, and email communications that link to this Policy (together, the “Services”).

The Policy applies to every visitor, account holder, student, or business partner (“you,” “your,” “user,” “Data Subject”) who accesses or interacts with the Services, regardless of device type (desktop, laptop, tablet, mobile phone, smart TV, voice-assist device, or wearable).

  1. Who We Are

Controller: Timeless Galaxy LLC
Registered Office:
Email (General): contact@timeless.wp-demo.co.in
Email (Privacy): privacy@timeless.wp-demo.co.in
Data Protection Officer (DPO):  dpo@timeless.wp-demo.co.in

  1. Key Definitions
Term Explanation (Plain-English)
Cookie A small text file—usually containing a string of letters & numbers—placed on your device by a website server.
First-Party Cookie Set directly by the domain you are visiting (timelessgalaxy.com).
Third-Party Cookie Set by a domain other than the one you are visiting (e.g., google.com, facebook.com).
Pixel / Web Beacon A 1×1 transparent image or code snippet used to record actions such as opens, clicks, or conversions.
Local Storage / HTML5 Storage Browser-based data store (key-value pairs) with no automatic expiration.
SDK Code library embedded in mobile / PWA versions to enable analytics or ads.
Strictly Necessary Cookies essential for the website or service to function. Cannot be disabled via the banner.
Personal Data Any information relating to an identified or identifiable natural person (GDPR Art.4).
  1. Why We Use Cookies

We deploy Cookies for a variety of lawful purposes, which can be grouped into the following overarching categories:

  1. Core Functionality & Security – enable log-in, cart, payment workflow, CSRF protection, load-balancing.
  2. Preferences – save language, region, dark-mode, currency.
  3. Analytics & Performance – measure traffic, diagnose latency, detect broken links.
  4. Personalisation – recommend mini-courses based on your browsing & purchase history.
  5. Marketing & Advertising – deliver relevant ads, limit ad frequency, perform attribution.
  6. Social Media Integration – facilitate “share” buttons and embedded content (e.g., Instagram feed).
  7. A/B Testing – experiment with UI layouts to improve user experience.
  8. Fraud Prevention – detect unusual patterns & bot activity.

 

  1. Legal Framework
Jurisdiction Applicable Law Lawful Basis
European Economic Area (EEA) ePrivacy Directive 2002/58/EC & GDPR (Art. 6 & 7) Consent for non-essential cookies; Legitimate Interests / Contract for strictly necessary.
United Kingdom Privacy & Electronic Communications Regulations 2003 (PECR), UK GDPR Same as above.
United States CCPA/CPRA (CA), VCDPA (VA), CPA (CO), CTDPA (CT), UCPA (UT) Opt-out & notice requirements.
Canada PIPEDA & CASL Express consent for installation of non-essential cookies.
Brazil LGPD Notice + specific, free, informed consent.
Australia Privacy Act 1988 & ACMA SPAM Act 2003 Opt-in for tracking that collects personal info; implied consent for strictly necessary.
  1. Categories of Cookies & Tracking Technologies

6.1 Strictly Necessary (Essential)

Purpose: Facilitate navigation, protect against data loss, process purchases, authenticate sessions.
Examples: __stripe_mid, __cf_bm, tg_session_id.

6.2 Functional (Preference)

Purpose: Remember choices (language, currency, video playback volume).
Examples: i18n_redirected, tg_currency.

6.3 Analytics / Performance

Purpose: Collect aggregated statistics (page views, bounce rate), measure loading times, identify errors.
Examples: _ga, _gid, _clck (Microsoft Clarity), plausible_event.

6.4 Personalisation

Purpose: Recommend relevant mini-courses, display “Recently Viewed.”
Examples: tg_recom_token, ab_test_variant.

6.5 Advertising / Targeting

Purpose: Show interest-based ads, run remarketing campaigns, perform conversion attribution.
Examples: _fbp, fr, _gcl_au, IDE.

6.6 Social Media

Purpose: Enable embedded social widgets (Instagram posts, Pinterest pins).
Examples: csrftoken (instagram.com), pinterest_ct.

6.7 Email & Cross-Device Pixels

Purpose: Detect newsletter opens (Mailerlite pixel), measure click-through rates, prevent phishing.
Examples: MailerliteEmailPixel.

  1. Detailed Cookie Schedule (Master List)

Below is a condensed view; the live master schedule in our on-site Cookie Banner includes real-time changes, auto-generated every 24 hours

Name Provider Category Purpose First/ Third Expiry
tg_session_id Timeless Galaxy Strictly Necessary Maintain authenticated session & cart state. First Session
__stripe_mid Stripe Strictly Necessary Fraud detection & payment processing. Third 1 yr
_ga Google Analytics Site usage stats (anonymised IP). Third 2 yrs
_clck Microsoft Clarity Analytics Heat-map & click-tracking. Third 1 yr
_fbp Meta Advertising Store & track visits across sites for remarketing. Third 90 days
tg_recom_token Timeless Galaxy Personalisation Token linking purchases to recommended courses. First 6 mos
i18n_redirected Timeless Galaxy Functional Save language preference (EN/FR). First 1 yr
  1. Cookie Consent Mechanism
  1. First Visit Banner – displays at the bottom of the viewport for EEA/UK users; centre-screen modal for mobile.
  2. Granular Controls – toggles for each category except Strictly Necessary.
  3. Double-Layer Notice – “Learn More” link opens this detailed policy.
  4. Prior Consent – non-essential scripts blocked until opt-in (IAB TCF v2.2 compatibility).
  5. Age Variable – if geo-location suggests user < 16 years in EEA, banner requests age confirmation.
  6. Consent Log – sha256-hashed to preserve anonymity; retained 5 years for audit.
  1. How to Withdraw or Modify Consent
  • On-Site Widget: Click “ ? Cookie Settings ” in the footer.
  • Browser Controls: Clear cookies or change preferences (see section 10).
  • Do-Not-Track & GPC: We treat DNT/GPC headers as an opt-out of all non-essential cookies.
    Withdrawal is applied immediately; we disable further sets and schedule deletion within 24 hours.
  1. Managing Cookies in Your Browser

10.1 Google Chrome (Desktop)

  1. Settings ? Privacy & Security ? Cookies & other site data.
  2. Choose “Block third-party cookies” or “See all site data & permissions” ? search “timelessgalaxy” ? “Remove.”

10.2 Firefox

  1. Menu ? Settings ? Privacy & Security.
  2. Enhanced Tracking Protection ? Select “Strict.”
  3. Cookies & Site Data ? “Manage Data” ? delete entries.

10.3 Safari (macOS/iOS)

  1. Preferences ? Privacy ? “Manage Website Data.”
  2. Search “timelessgalaxy.com” ? Remove.

10.4 Edge

  1. Settings ? Cookies & site permissions ? Manage and delete cookies.
  2. Toggle “Block third-party cookies.”
  1. Third-Party Cookies & SDKs

We integrate with selected partners who may set their own cookies or SDK identifiers:

Partner Function Opt-Out Links
Google Analytics 4 Site analytics https://tools.google.com/dlpage/gaoptout
Meta (Facebook/Instagram) Ad targeting https://www.facebook.com/adpreferences/
Pinterest “Save Pin” widget https://help.pinterest.com/en/article/personalized-ads-on-pinterest
Mailerlite Email pixel tracking Opt-out link in every email footer

All third-party vendors have signed a Data Processing Agreement (“DPA”) with us or otherwise provide GDPR-compliant SCCs.

  1. Server Logs, Local Storage, and Device Finger-printing

Cookies are not our only logging mechanism:

  • Server Logs – IP address, user-agent, timestamp, status code. Retained 12 months.
  • Local Storage / IndexedDB – We cache lesson-progress checkpoints offline. You can clear via browser settings.
  • Device Finger-printing – Minimal entropy (browser version, language, time-zone) used for fraud mitigation. No extended fingerprinting without consent.
  1. Advertising, Retargeting & Cross-Site Tracking

If you opt-in to the Advertising category:

  • Facebook Pixel & Google Ads Tag gather hashed identifiers & events (view content, initiate checkout).
  • Lookalike Audiences – compiled only on aggregated, de-identified basis.
  • Frequency Capping – ensures you do not see the same course ad > 10 times in 30 days.

You may disable these via the banner or via the platform self-regulatory programmes (NAI, DAA, EDAA).

  1. Analytics & Performance Measurement
  • Dual-Layer Data Minimisation: IP anonymisation at collection + 14-month retention cap.
  • Event Sampling: Only 70 % of page views are sent to GA4 to reduce identifiers.
  • Self-Hosted Plausible (EU Datacentre): runs cookieless; used as baseline if you refuse GA4 cookies.
  1. Do-Not-Track Signals & Global Privacy Control

We honour:

  • DNT: DNT: 1 header – treat as opt-out of non-essential cookies.
  • GPC: Sec-GPC: 1 – set all optional categories to “disabled.”
  1. International Data Transfers

Some Cookie-derived data is transferred to the United States (e.g., Meta, Google). We rely on:

  1. Standard Contractual Clauses (EU 2021/914 & UK IDTA);
  2. EU-US Data Privacy Framework certification (if self-certified partner);
  3. Supplementary Measures (end-to-end TLS 1.3, data-encryption at rest, access controls).
  1. Security Measures for Cookie-Based Data
  • Secure Flag: All first-party cookies set with Secure; SameSite=Lax.
  • HTTPOnly: Sensitive session identifiers are HTTPOnly to mitigate XSS.
  • Rotating Salts: Personalisation tokens re-keyed every 24 hours.
  • CSP & HSTS: Strict content-security and transport-security headers enforced.
  1. Data Retention & Expiration Rules
Cookie Category Typical Expiry Max Retention
Strictly Necessary Session / 1 yr 2 yrs
Functional 1 mo – 1 yr 2 yrs
Analytics 1 day – 2 yrs 2 yrs
Advertising 90 days – 2 yrs 2 yrs
Local Storage Until cleared N/A (manual deletion)

Anonymised, aggregated analytics may be kept longer for trend analysis.

  1. Special Provisions for Mobile Apps & PWAs

If you install our Progressive Web App:

  • Cookies function identically in the service-worker controlled scope.
  • Additional IndexedDB caching improves offline reading; no tracking beyond what’s outlined here.
  • Push Notifications require separate, explicit browser permission.
  1. Children’s Data & Age Gating

We do not knowingly deploy tracking cookies on users under 16 years in the EEA/UK without verifiable parental consent. Our age gate appears when analytics indicate a high likelihood (< 16) via protected inference (device type, usage pattern). Failing age verification disables all non-essential cookies.

  1. Region-Specific Disclosures

21.1 California (CCPA/CPRA)

  • We do not sell or “share” Personal Data for cross-context behavioural advertising unless you affirmatively allow Advertising cookies.
  • Use the “ Do Not Sell or Share My Info ” link in footer to record your opt-out.

21.2 Virginia, Colorado, Connecticut, Utah

Opt-out rights mirror California; see Cookie Settings widget.

21.3 Quebec (Law 25)

All non-essential cookies require clear, prior consent (“ON” toggles default to OFF).

21.4 Brazil (LGPD)

Consent (Art. 7 I) requested in Portuguese for Brazil-based IP addresses.

21.5 Australia (Privacy Act 1988)

Analytics data is de-identified before export; clickstream outside Australia is aggregated.

  1. Changes to This Policy

We may amend this Cookie Policy:

  • Minor Updates: Posted on-site without individual notice (e.g., adding a new analytics cookie).
  • Material Changes: Email notification + renewed consent if categories/purposes change in a meaningful way.
    An archive of historical versions is available upon request to the DPO.
  1. Contact Information

Questions, concerns, or data-subject requests relating to cookies should be directed to:

Data Protection Officer
Timeless Galaxy LLC
Email: dpo@timeless.wp-demo.co.in
Tel:
Address:

Complaints may also be lodged with your local supervisory authority (e.g., ICO in the UK, CNIL in France).

 

 

 

Menu
Wishlist
Popular search:
Business Backend Basics Branding Basics Mini Course Boosting Basics Mini Course
Back to Top
Product has been added to your cart