Cookie Policy

Canada — CASL. Canada's Anti-Spam Legislation (CASL), SC 2010, c. 23, governs electronic tracking tools, including cookies that access a user's device. Tracking cookies that are not strictly necessary for the operation of a requested service require your express consent under CASL section 8 before being installed on your device. Strictly necessary and functional cookies that are essential to the operation of the Service you have explicitly requested may rely on implied consent, but must be clearly disclosed. You may withdraw consent at any time as described in Section 5.

Alberta PIPA and federal PIPEDA. Where cookies collect information that identifies or could identify an individual — such as an IP address or a persistent device identifier — that information constitutes personal information under Alberta's Personal Information Protection Act (PIPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The consent and purpose-limitation principles of those statutes apply to our cookie practices.

Future markets — EU/EEA and UK (GDPR and ePrivacy). When Evalystar begins operating in the European Economic Area or the United Kingdom, our cookie banner will provide a GDPR-compliant consent mechanism offering granular opt-in by cookie category, as required by the ePrivacy Directive (2002/58/EC, as amended). You will have the right to withdraw consent at any time without detriment. Until Evalystar operates in those jurisdictions, this section is provided for transparency only.

Future markets — United States. Certain US state privacy laws — including California's CCPA/CPRA, Colorado's CPA, and Connecticut's CTDPA — require disclosure of cookies used for targeted advertising and provide residents with opt-out rights. Evalystar does not use cookies to build advertising profiles, retarget users across third-party websites, or sell cookie-derived data to advertisers. When Evalystar enters US markets, this policy will be updated to reflect applicable state law requirements.

We use four categories of cookies, described below. For each category we identify what it is, why we use it, whether it requires your consent, and what happens if you disable it.

2.1 Strictly Necessary Cookies

Strictly necessary cookies are required for the Service to function. Without them, core features such as logging in, navigating between pages, and submitting forms would not work. Because these cookies are essential to a service you have explicitly requested, they do not require your consent under CASL and cannot be disabled through our cookie preference centre. Disabling them via your browser settings will prevent you from using the Service.

Examples include: your session authentication token (which keeps you logged in during a session), a CSRF protection token (which prevents cross-site request forgery attacks), load balancer routing cookies (which direct your requests to the correct server), and security cookies that detect and respond to fraudulent activity.

2.2 Functional / Preference Cookies

Functional cookies enhance your experience by remembering choices you make but are not required for the Service to operate. They allow us to personalize content and remember your preferences across sessions. These cookies require your express consent in Canada and can be disabled without preventing access to core features.

Examples include: a cookie that remembers your preferred language or region, a cookie that stores your UI display preferences (such as table column layout or sidebar state), and a "remember me" token that keeps you logged in across browser sessions without re-entering your credentials.

2.3 Analytics and Performance Cookies

Analytics cookies help us understand how visitors interact with the Service — which features are used most, how long pages take to load, and where errors occur. This information is used in aggregate to improve the product and diagnose technical issues. Where technically feasible, IP addresses collected by analytics tools are anonymized so that individual users cannot be identified from analytics data alone. These cookies require your express consent in Canada. If you disable them, we will have a reduced ability to identify performance issues and improve the Service, but your access to features will not be affected.

Tools we may use include Google Analytics, Mixpanel, Segment, Sentry, or similar analytics and error-tracking platforms. Each operates under its own privacy policy; see Section 6 for further details.

2.4 Marketing and Advertising Cookies

Evalystar may use a limited set of marketing cookies on the public-facing website (not inside the authenticated application) to measure the effectiveness of marketing campaigns and partner referrals. For example, we may track whether a visitor arrived from a specific advertisement or partner link in order to assess the return on our marketing spend. Evalystar does not use cookies to build advertising profiles, retarget users across third-party websites, or sell cookie-derived data to any third party. Authenticated users of the B2B application are not subject to marketing cookies within the app.

Examples include: UTM parameter persistence cookies (which preserve campaign source data from a link through to a conversion), LinkedIn Insight Tag (on the public website only, to measure LinkedIn campaign performance), and Google Ads conversion tracking (on the public website only, to measure whether a visitor who clicked an ad subsequently signed up). These cookies require your express consent.

The table below sets out specific cookies we use or may use. Durations reflect the cookie's maximum lifespan; session cookies expire when you close your browser.

Session cookies expire automatically when you close your browser. Persistent cookies remain on your device for the duration shown in the cookie table above, which ranges from 30 days to 24 months depending on the cookie's purpose. You can delete any cookie at any time using your browser settings; see Section 5 for instructions. Deleting strictly necessary cookies will prevent you from using the Service until a new session is established.

Cookie consent banner. On your first visit to the Evalystar website, a consent banner will appear allowing you to accept or decline non-essential cookies by category. You can update your preferences at any time by clicking the "Cookie Settings" link in the website footer.

Browser settings. Most browsers allow you to block, delete, or receive warnings before cookies are stored. The links below take you to the cookie management instructions for major browsers:

• Google Chrome: Settings → Privacy and security → Cookies and other site data
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
• Apple Safari: Preferences → Privacy → Manage Website Data
• Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data

Please note that blocking or deleting strictly necessary cookies will prevent you from using core features of the Service, including logging in.

Industry opt-out tools. For any future interest-based advertising scenarios, you may use the Network Advertising Initiative (NAI) opt-out tool at optout.networkadvertising.org and the Digital Advertising Alliance (DAA) opt-out tool at optout.aboutads.info. As noted above, Evalystar does not currently use cookies for interest-based advertising or cross-site retargeting.

Some cookies on our website are set by third-party service providers — such as analytics platforms and marketing measurement tools — rather than by Evalystar directly. These providers operate under their own privacy policies, which we encourage you to review. Evalystar is not responsible for the cookie practices of third parties.

Key third-party privacy policies relevant to our cookie use include those of Google (covering Google Analytics and Google Ads) and LinkedIn (covering LinkedIn Insight Tag). You can find those policies on the respective providers' websites. Our payment processor, Stripe, may also set cookies during the checkout process; Stripe's privacy policy is available on Stripe's website.

This Cookie Policy supplements and should be read together with Evalystar's Privacy Policy. Personal information collected through cookies — such as IP addresses and device identifiers — is processed in accordance with that policy and applicable Canadian privacy law. Your rights in relation to personal information collected through cookies (including the right of access, correction, and withdrawal of consent) are described in the Privacy Policy.

Evalystar may update this Cookie Policy from time to time to reflect changes in our cookie usage, the tools and platforms we use, or applicable legal requirements. When we make a material change, we will update the "Last updated" date below and communicate the change through the cookie consent banner on your next visit to our website, or by email if the change materially affects how we collect or use your personal information. Your continued use of the website or Service after the effective date of any change constitutes acceptance of the updated policy.

If you have any questions about this Cookie Policy or our use of cookies, or if you wish to exercise any of your privacy rights in relation to cookie data, please contact us: