Cookie Policy
Last Updated: October 2025
Cookie Policy & Consent Framework
Version 1.0 — October 2025 Entity: Journey Bound Media, LLC dba DecodeIQ Jurisdiction: State of New Mexico, United States Contact: Privacy Email
1. Purpose
DecodeIQ uses cookies and equivalent tracking technologies to maintain platform functionality, measure performance, and—only with your consent—run analytics or marketing integrations. This policy explains each category, its function, and how you can control them.
All tracking follows a Source-First Transparency Model: each tag is explicitly declared, purpose-scoped, and activated only through recorded consent.
2. Cookie Categories
| Category | Examples | Purpose | Default State | Legal Basis |
|---|---|---|---|---|
| Strictly Necessary | Session token (supabase-auth), Stripe checkout cookies | Secure login, subscription and payment processing | Always On | Contract / Legitimate Interest |
| Functional | Language preference, cookie banner memory (decodeiq_cookie_prefs) | Improve user experience | On with consent banner | Consent |
| Analytics | PostHog, Google Analytics | Measure usage, latency, and feature adoption | Off until consent | Consent |
| Marketing | LinkedIn Insight Tag, Reddit Pixel, X Pixel, Meta (Facebook / Instagram) | Attribute campaigns and audiences | Off until consent | Consent |
No cookies are used for behavioral profiling or data sale.
3. Consent Management Logic
3.1 Storage Mechanism
User preferences are stored client-side in localStorage with key "decodeiq_cookie_prefs" containing JSON preferences, valid for 12 months.
3.2 Activation Flow
- Banner Display: shown on first visit or when consent is not recorded.
- User Choice: Accept All / Reject All / Customize.
- Execution:
- Necessary scripts load immediately.
- Other scripts load only if their key = true.
- Recordkeeping: preference JSON is mirrored (hash-only) in Supabase table consent_logs for audit compliance.
- Revocation: "Manage Cookies" link in footer resets localStorage and reloads banner.
3.3 Framework Compliance
- Conforms to GDPR Art. 7 (consent) and ePrivacy Directive Art. 5(3).
- Compatible with OneTrust / IAB TCF v2.0 schema if external CMP is added.
- Honors browser "Do Not Track" headers where technically detected.
4. Individual Tracker Details
4.1 Analytics
PostHog – in-app event telemetry (anonymous ID, feature usage, latency) Google Analytics 4 – page views and aggregate engagement metrics IP anonymization enabled (anonymize_ip=true)
4.2 Marketing Integrations
Loaded only when marketing:true:
- LinkedIn Insight Tag – conversion & audience analytics
- Reddit Pixel – campaign attribution
- X Pixel – ad reach & conversions
- Meta Pixel – cross-platform engagement tracking
All send hashed or pseudonymous IDs only; no personal content or brief data is transmitted.
5. Retention & Expiration
| Type | Lifespan | Controller |
|---|---|---|
| Session Cookies | Session | DecodeIQ / Stripe |
| Preference Cookie (decodeiq_cookie_prefs) | 12 months | DecodeIQ |
| Analytics Cookies | 26 months (Google Analytics default) | Google LLC |
| Marketing Pixels | 90–180 days | LinkedIn, Meta, X, Reddit |
Users may delete cookies manually at any time through browser settings.
6. Withdrawing Consent
At any time, select "Manage Cookies" in the site footer or clear browser storage. This resets preferences and halts all non-necessary cookies until re-consent.
7. Updates to This Policy
DecodeIQ reviews cookie usage quarterly or when a new tracker is added. Material changes trigger a renewed consent banner.
8. Contact
Journey Bound Media, LLC dba DecodeIQ Albuquerque, New Mexico, USA Privacy Email
Effective Date: October 18, 2025 Version: 1.0