Cookie & Similar Technologies Policy

Table of contents

1. Scope
2. Definitions
3. First-party vs third-party technologies
4. Categories we use
5. Mobile applications and device identifiers
6. Consent management and signals
7. Retention
8. Managing your preferences
9. Children
10. Changes to this Policy
11. Contact

1. Scope

This Policy explains how PickOS Inc. (“PickOS,” “we,” “us”) uses cookies and similar technologies on pickos.com, on platforms we operate (including MyPick at MyPick.com), and inside our mobile and desktop applications. It complements our Privacy Policy, which describes our broader privacy practices.

2. Definitions

• Cookie — a small text file stored by your browser when you visit a website, used to remember information across pages and visits.
• Pixel / tag — an invisible image or short snippet of code that loads when you view a page or open an email, allowing collection of basic interaction data.
• Local storage / IndexedDB — storage areas inside your browser or app that persist data on your device.
• Software development kit (SDK) — a library embedded in our mobile or desktop apps that may read device-level signals subject to operating-system permissions and your choices.
• Session — a period of activity on the Service; “session cookies” expire when you close the browser, while “persistent cookies” remain until they expire or are deleted.

3. First-party vs third-party technologies

First-party technologies are set by domains we operate (for example, pickos.com or mypick.com). They power core functionality such as authentication, security, and saved preferences.

Third-party technologies are set by trusted vendors whose code we load on the Service for a defined purpose (for example, error monitoring, customer-support widgets, analytics, fraud prevention, content delivery, or — only with consent where required — advertising and measurement). Each third party is described below by category and is bound by our contracts and by their own published policies.

4. Categories we use

4.1 Strictly necessary

These technologies are required to operate the Service. They include the session cookie that keeps you signed in, anti-CSRF tokens that protect form submissions, load-balancer affinity cookies that route you to the correct backend, and the cookie that records your consent choices. Strictly-necessary cookies cannot be turned off in our consent tool because turning them off would break the Service.

4.2 Functional

Functional cookies and storage remember choices that personalise your experience: language, region, currency, accessibility preferences, the dismissed state of one-off banners, the visibility of optional onboarding prompts, and similar settings. We use these only for purposes that benefit you directly.

4.3 Analytics and performance

Analytics technologies help us understand how the Service is used so we can fix bugs, improve reliability, and prioritise features. Examples include logged page views, navigation paths, error events, and performance timings. Where required by law, analytics in this category load only after you grant consent. Where used, our analytics partners are configured for IP minimisation, no cross-site identity, and contractual restrictions on further use of the data.

4.4 Advertising and conversion measurement

With your consent where required, we may use measurement and remarketing technologies provided by reputable advertising and social-media partners. These technologies can record visits, sign-ups, or conversions for the purpose of evaluating campaign performance and — where you have agreed — supporting relevant advertising off-site. We honour the operating-system tracking-permission prompt on mobile, the consent frameworks that apply in your region, and the Global Privacy Control where supported.

4.5 Security and abuse prevention

We use technologies that help us detect and mitigate fraud, brute-force attacks, scraping, account takeover, and other abuse. These include device fingerprinting signals, bot-management challenges (such as a one-time JavaScript challenge), and risk scoring used during authentication. These technologies are necessary for protecting users and the Service.

4.6 Customer support

Where we operate live chat or in-product support widgets, the supporting vendor may set cookies to maintain session continuity, queue position, and conversation history. Where required, support widgets load only after consent.

5. Mobile applications and device identifiers

Mobile and desktop applications use technologies that are similar in function to web cookies but are governed by your operating-system rules. Common categories include:

• Per-vendor identifiers issued by your operating system, used for crash and performance attribution.
• Advertising or measurement identifiers, accessed only where the operating system permits and only after you have granted any required tracking permission. You can reset or limit these identifiers from your device settings at any time.
• Push notification tokens issued by your platform’s push service, used to deliver in-app and account notifications you have opted into.
• Diagnostic data as configured by your operating system’s privacy settings.

Inside the apps, in-app preferences supplement operating-system controls — for example, you can disable analytics or revoke notification permissions from within the app even if your OS still allows them.

6. Consent management and signals

Where the law requires consent — most notably under the EU/UK ePrivacy regime — we will request your choice through a consent banner before non-essential cookies and SDKs activate. Your choice is stored and respected for a reasonable period; you can change it at any time using the “Cookie preferences” link in our footer (where deployed). We honour the Global Privacy Control (GPC) where applicable law requires it, and we respect any operating-system-level tracking-permission prompt for our mobile applications.

7. Retention

Session cookies are deleted when you close your browser. Persistent cookies expire after a defined period that varies by purpose — typically up to 24 months for functional and analytics cookies, and up to 13 months for advertising cookies. Local storage and IndexedDB persist until you clear them or until the application clears them. Mobile identifiers persist according to your device settings until you reset them. The detailed list of cookies, pixels, and SDKs we deploy is maintained in our consent tool, where it is updated as vendors change.

8. Managing your preferences

You have multiple ways to control cookies and similar technologies:

• Our consent tool: use the “Cookie preferences” link in the footer (where deployed) to accept or reject non-essential categories.
• Your browser: all major browsers let you block or delete cookies via their privacy or site-data settings. Blocking cookies may break parts of the Service.
• Your device: use your operating system’s privacy settings to manage tracking permissions, advertising identifiers, push notifications, and diagnostic data sharing.
• Industry programmes: regional and international self-regulatory bodies offer bulk opt-outs for interest-based advertising; you can use these programmes to express opt-outs across many participating networks at once.
• Advertising partner dashboards: the major social-media and advertising platforms offer ad-personalisation controls tied to your account on those platforms; consult the privacy or ad-settings page of each platform you use.
• “Do Not Track” / Global Privacy Control: we honour the Global Privacy Control where required by law. We do not currently respond to Do Not Track signals because no industry standard for them has emerged.

9. Children

The Service is not directed to children below the age of digital consent in their country. We do not knowingly serve advertising or analytics that profile such children.

10. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date and, where the change is material, present a new consent prompt or notice in the Service. Continued use after the effective date of the updated Policy constitutes acceptance of changes that do not require renewed consent.

11. Contact

For questions about cookies or similar technologies, contact privacy@pickos.com or use the Contact page (topic: “Legal / privacy”).

This Policy is written by PickOS Inc. and reflects our actual practices. It is not legal advice; for jurisdiction-specific questions, please consult your own counsel.