Cookies Policy

Last Updated: 30 April 2025

1. Introduction

Alludium Ltd (Company No. 15062888), a company incorporated in England and Wales ("we," "us," or "our") uses cookies and similar tracking technologies on our website, applications, and services (collectively, the "Services") to enhance your user experience, analyse usage patterns, and provide personalized content.

Registered Office: International House, 36-38 Cornhill, London, United Kingdom, EC3V 3NG

This Cookie Policy explains what cookies are, how we use them, your choices regarding cookies, and how we manage consent in compliance with applicable privacy laws including:

  • EU General Data Protection Regulation (GDPR)

  • UK Data Protection Act 2018 and UK GDPR

  • Privacy and Electronic Communications Regulations 2003 (PECR) as amended

  • California Consumer Privacy Act (CCPA)

  • Other relevant regional regulations

UK PECR Compliance: We comply with the Privacy and Electronic Communications Regulations 2003 (PECR) as amended, which governs the storing of information and gaining access to information on users' devices. This policy follows ICO guidance on cookies and similar technologies.

By using our Services, you acknowledge that you have read and understood this Cookie Policy. Your consent to non-essential cookies will be obtained through our consent management system before such cookies are placed on your device, in accordance with PECR requirements.

Data Controller: Alludium Ltd is the data controller for all first-party cookies. For third-party cookies, the respective third-party providers act as independent data controllers (see Section 5 for details).

2. What Are Cookies

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit our website or use our applications. They help us recognize your device and store information about your preferences and activities.

Under PECR, storing information on your device or accessing information already stored requires your consent, except where such actions are strictly necessary for the provision of an information society service explicitly requested by you.

Similar Technologies

We also use similar technologies including:

  • Web Beacons/Pixels: Small graphic images that help us analyze website usage and email effectiveness

  • Local Storage: HTML5 local storage that allows websites to store data locally within your browser

  • Session Storage: Temporary storage that expires when you close your browser

  • SDKs: Software development kits in mobile applications that collect usage data

  • Fingerprinting: Techniques that collect information about your device configuration

3. Types of Cookies We Use

3.1 By Duration

Session Cookies: Temporary cookies that expire when you close your browser. These help maintain your session state while using our Services.

Persistent Cookies: Cookies that remain on your device for a set period or until you delete them. These remember your preferences across sessions.

3.2 By Origin

First-Party Cookies: Set directly by Alludium Ltd when you visit our website or use our applications.

Third-Party Cookies: Set by external services we integrate with. These third parties act as independent data controllers for their cookies.

4. Cookie Categories and Purposes

4.1 Strictly Necessary Cookies

These cookies are essential for our Services to function properly and cannot be disabled without affecting core functionality. Under PECR, these cookies are permitted without consent as they are strictly necessary for service provision.

Purposes:

  • User authentication and session management

  • Security features and fraud prevention

  • Load balancing and system stability

  • Remembering cookie consent preferences

  • Essential website functionality

Current Implementation:

Retention Justification: These cookies are retained only as long as necessary for their essential functions. Session cookies expire immediately upon browser closure. Persistent essential cookies have minimal retention periods aligned with their technical necessity.

4.2 Performance and Analytics Cookies

These cookies help us understand how visitors interact with our Services by collecting usage statistics. The data collected is anonymized, which significantly reduces privacy risks and supports extended retention for analytical comparison purposes.

Purposes:

  • Website traffic analysis

  • User behavior tracking (anonymized)

  • Performance monitoring

  • Error tracking and debugging

  • A/B testing for service improvements

Current Implementation:

Cookie Name

Provider

Purpose

Duration

Legal Basis

_ga

Google LLC

Anonymized visitor analytics

2 years

Consent required

_gid

Google LLC

Daily analytics differentiation

24 hours

Consent required

_gat or ga*

Google LLC

Request rate throttling

1 minute

Consent required

Legal Basis: Consent (required under PECR and GDPR)
Retention Justification: Analytics data is anonymized and retained for 26 months to enable year-over-year comparison and trend analysis. This extended period is necessary for meaningful business intelligence while anonymization reduces privacy risks.

Legitimate Interest Assessment: We have conducted a legitimate interest assessment for analytics cookies and determined that consent is the most appropriate legal basis given the privacy expectations of users and the availability of the service without these cookies.

4.3 Functional Cookies

These cookies enable enhanced functionality and personalization of our Services.

Purposes:

  • Remembering user preferences and settings

  • Language and region preferences

  • Customized user interface elements

  • Chat support functionality

  • Community forum preferences

Current Implementation:

Cookie Name

Provider

Purpose

Duration

Legal Basis

intercom-session-*

Intercom Inc.

Live chat support functionality

7 days

Consent required

Legal Basis: Consent (required under PECR)
Retention Justification: Support session data retained for 7 days to maintain conversation continuity and support quality.

4.4 Marketing and Advertising Cookies

These cookies are used to deliver relevant advertisements and measure marketing campaign effectiveness.

Purposes:

  • Targeted advertising

  • Marketing campaign tracking

  • Social media integration

  • Conversion tracking

  • Remarketing campaigns

Current Implementation:

Cookie Name

Provider

Purpose

Duration

Legal Basis

Facebook Pixel

Meta Platforms Inc.

Conversion tracking and retargeting

90 days

Consent required

LinkedIn Insight Tag

LinkedIn Corporation

B2B marketing analytics

90 days

Consent required

X/Twitter Pixel

X Corp.

Social media conversion tracking

30 days

Consent required

Legal Basis: Consent (always required under PECR and GDPR)
Retention Justification: Marketing attribution requires retention periods that align with typical customer decision cycles (30-90 days).

5. Third-Party Cookies

We work with trusted third-party partners who act as independent data controllers for their cookies. We have no control over how these third parties process data through their cookies.

5.1 Analytics and Performance

Google Analytics (Google LLC)

  • Purpose: Website usage analysis and reporting

  • Cookies: _ga, _gid, gat_gtag_UA*

  • Controller: Google LLC (independent controller)

  • Privacy Policy: https://policies.google.com/privacy

  • Opt-out: https://tools.google.com/dlpage/gaoptout

  • Data Processing: Google Analytics data is anonymized and processed under Google's standard terms

5.2 Customer Support and Communication

Intercom (Intercom Inc.)

  • Purpose: Live customer support functionality

  • Cookies: intercom-session-, intercom-id-

  • Controller: Intercom Inc. (independent controller)

  • Privacy Policy: https://www.intercom.com/legal/privacy

  • Data Processing: Support conversation data processed under Intercom's privacy policy

5.3 Infrastructure and Security

Cloudflare (Cloudflare Inc.)

  • Purpose: Content delivery network and security services

  • Cookies: __cf_bm (bot management)

  • Controller: Cloudflare Inc. (independent controller)

  • Privacy Policy: https://www.cloudflare.com/privacypolicy/

  • Data Processing: Security and performance data processed under Cloudflare's privacy policy

5.4 Marketing and Advertising

Meta/Facebook (Meta Platforms Inc.)

  • Purpose: Social media advertising and conversion tracking

  • Cookies: Facebook Pixel cookies

  • Controller: Meta Platforms Inc. (independent controller)

  • Privacy Policy: https://www.facebook.com/privacy/policy/

LinkedIn (LinkedIn Corporation)

  • Purpose: Professional network advertising and B2B analytics

  • Cookies: LinkedIn Insight Tag

  • Controller: LinkedIn Corporation (independent controller)

  • Privacy Policy: https://www.linkedin.com/legal/privacy-policy

X/Twitter (X Corp.)

  • Purpose: Social media conversion tracking

  • Cookies: Twitter conversion pixel

  • Controller: X Corp. (independent controller)

  • Privacy Policy: https://twitter.com/en/privacy

6. Consent Management

6.1 Consent Collection

We obtain your consent for non-essential cookies through our consent management system, which:

  • Presents clear information about cookie categories

  • Allows granular consent choices

  • Provides easy withdrawal mechanisms

  • Records consent preferences with timestamps

  • Handles geo-specific requirements

  • Ensures consent is freely given, specific, informed, and unambiguous

6.2 Consent Requirements by Region

EU/EEA and UK Users (PECR and GDPR):

  • Explicit consent required for non-essential cookies

  • Granular consent options provided for each category

  • Consent can be withdrawn at any time with immediate effect

  • No pre-ticked boxes or implied consent

  • Consent withdrawal must be as easy as giving consent

California Users (CCPA):

  • Right to opt-out of sale of personal information

  • Clear disclosure of data sharing practices

  • Easy opt-out mechanisms provided

  • Non-discrimination for privacy choices

6.3 Consent Management Technical Implementation

Consent Recording: All consent choices are recorded with:

  • User identifier (where applicable)

  • Timestamp of consent

  • Specific consents given/withdrawn

  • Consent mechanism used

  • User's IP address and user agent

  • Version of privacy policy/cookie policy

Consent Storage: Consent records are maintained for a minimum of 3 years to demonstrate compliance with regulatory requirements.

Consent Refresh: We may request renewed consent annually or when material changes occur to our cookie practices.

7. How to Manage Your Cookie Preferences

7.1 Cookie Preference Center

You can manage your cookie preferences through our Preference Center accessible at https://www.alludium.ai/cookie-preferences:

  1. Access: Click the "Cookie Preferences" link in our website footer or contact our user/customer request portal

  2. Categories: Review and modify settings for each cookie category

  3. Third-Party: Manage third-party cookie permissions

  4. Save: Confirm your preferences (applies immediately across all our services)

7.2 Consent Withdrawal Process

Multiple Withdrawal Methods:

  • Cookie Preference Center (immediate effect)

  • User/customer request portal

  • Email to privacy@alludium.ai

  • Written request to our registered office

Withdrawal Effects:

  • Immediate cessation of non-essential cookie placement

  • Existing cookies will be blocked from transmitting data

  • Service functionality may be reduced for some features

  • Withdrawal does not affect lawfulness of processing before withdrawal

Response Time: All withdrawal requests processed within 24 hours of receipt.

7.3 Browser Settings

You can also control cookies through your browser settings:

Chrome:

  1. Settings → Privacy and Security → Cookies and other site data

  2. Choose your preferred cookie handling option

Firefox:

  1. Settings → Privacy & Security → Cookies and Site Data

  2. Configure custom settings as needed

Safari:

  1. Preferences → Privacy → Manage Website Data

  2. Select cookie management preferences

Edge:

  1. Settings → Cookies and site permissions → Cookies and site data

  2. Configure cookie settings

7.4 Mobile Applications

For mobile app cookies and tracking:

iOS:

  • Settings → Privacy & Security → Tracking

  • Individual app settings for tracking permissions

Android:

  • Settings → Privacy → Ads

  • App-specific permission management

8. Geo-Specific Cookie Handling

8.1 United Kingdom (PECR and UK GDPR)

PECR Compliance:

  • Consent obtained before storing information on user devices

  • Clear information provided about cookies and their purposes

  • Easy consent withdrawal mechanisms

  • Strictly necessary cookies exemption applied appropriately

  • ICO guidance followed for implementation

Implementation:

  • UK visitors see PECR-compliant consent banners

  • Granular consent options for all non-essential cookies

  • "Reject All" and "Accept All" options clearly provided

  • Consent preferences respected across all Alludium services

8.2 European Union (GDPR and ePrivacy)

GDPR/ePrivacy Compliance:

  • Consent banners displayed to EU/EEA visitors

  • Granular consent options for all non-essential cookies

  • Data subject rights clearly explained and facilitated

  • Cross-border data transfer safeguards implemented

8.3 California and United States (CCPA)

CCPA Compliance:

  • "Do Not Sell My Personal Information" links provided

  • Clear disclosure of data sharing practices

  • Opt-out mechanisms for data sales

  • Non-discrimination for privacy choices

Implementation:

  • California residents can opt-out of data sales through cookie preferences

  • Clear identification of data sharing purposes

  • Respect for browser-based privacy signals where technically feasible

9. AI-Specific Cookie Usage

9.1 AI Model Performance Tracking

Purpose: Monitor and improve our AI agent services Data Collected:

  • AI agent usage patterns (anonymized)

  • Response quality metrics

  • Feature utilization statistics

  • Performance optimization data

Legal Basis: Consent required for non-essential AI improvement tracking EU AI Act Compliance: All AI-related data processing complies with EU AI Act requirements for transparency and user rights Data Usage: Data is aggregated and anonymized for model enhancement

9.2 Personalization and Recommendations

Purpose: Provide personalized AI agent recommendations Data Collected:

  • User preferences and settings

  • Historical usage patterns (anonymized)

  • Community engagement metrics

  • Feature adoption rates

Legal Basis: Consent required for personalization features User Control: Can be disabled through preference center Automated Decision-Making: Users have the right to object to automated decision-making under Article 22 GDPR

9.3 AI Training and Development

Cookie Data in AI Training: We do not use cookie data for training AI models without explicit user consent. Any use of cookie data for AI development:

  • Requires separate, specific consent

  • Is limited to anonymized, aggregated data

  • Complies with AI Act transparency requirements

  • Provides clear opt-out mechanisms

10. Cookie Retention Periods

10.1 Retention Schedule and Justification

Cookie Category

Retention Period

Business Justification

Strictly Necessary

Session to 12 months

Essential for service functionality; minimal periods for technical requirements

Performance/Analytics

14 days to 26 months

Anonymized data requires longer retention for meaningful year-over-year analysis and business intelligence

Functional

30 days to 12 months

User preference persistence requires moderate retention for user experience

Marketing

30 days to 90 days

Campaign attribution windows align with typical customer decision cycles

10.2 Data Minimization Principles

  • Collect only necessary cookie data for specified purposes

  • Use shortest retention periods feasible for business requirements

  • Regularly review and update retention schedules

  • Anonymize data where possible to reduce privacy risks

  • Automatic deletion upon purpose fulfillment

10.3 Retention Review Process

  • Quarterly review of all cookie retention periods

  • Annual assessment of business justification for extended retention

  • Immediate deletion when business purpose no longer exists

  • Documentation of retention decisions for regulatory compliance

11. International Data Transfers

11.1 Transfer Identification

The following cookies involve transfers to countries outside the UK/EEA:

United States Transfers:

  • Google Analytics (_ga, _gid, _gat): Google LLC (US)

  • Intercom support cookies: Intercom Inc. (US)

  • Cloudflare security cookies: Cloudflare Inc. (US)

  • Meta/Facebook pixels: Meta Platforms Inc. (US)

  • LinkedIn tracking: LinkedIn Corporation (US)

  • X/Twitter pixels: X Corp. (US)

11.2 Transfer Safeguards

Google LLC: EU-US Data Privacy Framework adequacy decision (when applicable) and Standard Contractual Clauses

Intercom Inc.: Standard Contractual Clauses and additional safeguards including encryption and access controls

Cloudflare Inc.: EU-US Data Privacy Framework (when applicable) and Standard Contractual Clauses

Meta Platforms Inc.: Standard Contractual Clauses and Meta's additional privacy safeguards

LinkedIn Corporation: Standard Contractual Clauses and LinkedIn's privacy framework

X Corp.: Standard Contractual Clauses and platform-specific privacy measures

11.3 User Rights for International Transfers

  • Right to object to international transfers

  • Right to request information about safeguards in place

  • Right to withdraw consent for transfers (may affect service functionality)

  • Right to lodge complaints with supervisory authorities

12. Children's Privacy Protection

12.1 Age Restrictions

Platform Eligibility: Our Terms of Service prohibit use by individuals under 18 years of age.

Age Verification: We implement age verification measures including:

  • Terms of Service acknowledgment of age requirements

  • Account creation restrictions for underage users

  • Proactive detection and removal of underage accounts

12.2 Enhanced Protections

If Underage Use Detected:

  • Immediate account suspension

  • Deletion of all associated data including cookies

  • Parental notification where contact information available

  • Enhanced monitoring for compliance

Cookie Handling for Minors:

  • No cookie placement for verified underage users

  • Enhanced consent requirements for users 16-18 in EU

  • Parental consent mechanisms where legally required

13. Data Subject Rights

13.1 Your Rights Regarding Cookie Data

Under GDPR, UK GDPR, and other applicable laws, you have the following rights:

Right of Access: Request information about cookie data we hold about you Right to Rectification: Correct inaccurate cookie preference data Right to Erasure: Request deletion of cookie data (beyond consent withdrawal) Right to Data Portability: Receive your cookie preference data in portable format Right to Object: Object to processing based on legitimate interests Right to Restriction: Limit processing of your cookie data

13.2 Exercising Your Rights

Request Methods:

  • User/customer request portal (primary method)

  • Email to privacy@alludium.ai

  • Written request to: Data Protection Team, Alludium Ltd, International House, 36-38 Cornhill, London, EC3V 3NG

Response Timeframes:

  • Initial acknowledgment: 48 hours

  • Full response: 30 days (extendable to 60 days for complex requests)

  • Urgent requests (e.g., data breaches): 24 hours

Identity Verification: We may request additional information to verify your identity before processing requests.

13.3 Cookie-Specific Rights

Access to Cookie Data: We will provide:

  • List of cookies currently active for your account

  • Purposes of each cookie

  • Third parties with access to cookie data

  • Retention periods for each cookie type

Cookie Data Portability: Available in JSON or CSV format upon request

14. Compliance Monitoring and Records

14.1 Compliance Monitoring Procedures

Regular Audits:

  • Monthly cookie inventory audits

  • Quarterly consent mechanism testing

  • Semi-annual third-party compliance reviews

  • Annual comprehensive privacy impact assessments

Monitoring Systems:

  • Automated consent recording verification

  • Real-time cookie deployment monitoring

  • Compliance dashboard for ongoing oversight

  • Alert systems for potential compliance issues

14.2 Record Keeping

Consent Records: Maintained for minimum 3 years including:

  • User identifier and timestamp

  • Specific consents given/withdrawn

  • Method of consent collection

  • IP address and user agent information

  • Cookie policy version at time of consent

Compliance Documentation:

  • Cookie audit logs

  • Third-party data processing agreements

  • Impact assessments and legal basis documentation

  • Training records for staff handling cookie data

  • Incident response records

Data Protection Impact Assessments: Conducted for:

  • New cookie deployments

  • Changes to existing cookie purposes

  • Introduction of new third-party providers

  • Material changes to data processing

14.3 Regulatory Relationship Management

Supervisory Authority Cooperation:

  • Designated point of contact for regulatory inquiries

  • Response protocols for formal investigations

  • Regular compliance reporting where required

  • Proactive notification of material compliance issues

Industry Standards: We maintain compliance with:

  • ICO guidance on cookies and similar technologies

  • European Data Protection Board (EDPB) guidelines

  • Industry best practices for consent management

  • Technical standards for privacy-preserving technologies