Cookie Policy

Effective date: April 15, 2026

This Cookie Policy explains how Orchestrate IQ, LLC ("Trazomo") uses cookies and similar storage technologies on our website and learning platform. It supplements our Privacy Policy.

1. What are cookies and similar technologies?

Cookies are small text files stored on your device when you visit a website. Similar technologies include localStorage, sessionStorage, and pixel tags. In this policy, we refer to all of these as "cookies" for simplicity.

2. Categories we use

We group cookies into three categories. You can accept or reject non-essential categories at any time through the Cookie Preferences control in our footer, which opens our consent manager.

• Strictly necessary — required to run the Services and keep you signed in. Cannot be disabled.
• Functional — remember your preferences and enable optional features such as in-app support.
• Analytics — help us understand how the Services are used so we can improve them. Off by default in the EU and UK until you opt in.

We do not use advertising or cross-site tracking cookies, and we do not sell or share personal information for cross-context behavioral advertising under US state privacy laws.

3. Consent mechanism (EU, UK, and other consent-required regions)

Where prior consent is required by law (including under the EU ePrivacy Directive and the UK Privacy and Electronic Communications Regulations), we do not set or read non-essential cookies until you opt in. Consent is managed through Cloudflare Zaraz, which records your choice and loads only the categories you have approved.

You can withdraw consent at any time by opening Cookie Preferences and changing your selections. We also honor the Global Privacy Control (GPC) signal: when GPC is detected, we treat it as an opt-out of non-essential analytics.

4. Cookie inventory

Strictly necessary

• Supabase Auth session cookies — maintain your signed-in state. Purpose: authentication and session continuity. Duration: session plus short refresh window. Provider: Supabase.
• Cloudflare security cookies (for example __cf_bm, cf_clearance) — bot management, traffic protection, and rate limiting. Duration: session to 30 days. Provider: Cloudflare.
• Consent state — remembers your cookie-category choices so we do not re-prompt on every page. Duration: up to 12 months. Provider: Cloudflare Zaraz.

Functional

• Featurebase Messenger device identifier — links your support chat session across pages and visits. Duration: as described in Featurebase's Cookie Policy. Provider: CORDNET OÜ (Featurebase).
• Theme and preference storage (localStorage) — remembers UI preferences such as light/dark mode. Duration: persistent until cleared. Provider: Trazomo (first-party).

Analytics (consent-gated)

• PostHog analytics (for example ph_<project_key>_posthog in localStorage) — pseudonymous event analytics, feature flags, experiments, surveys, and (if separately consented) session replay with aggressive input masking. Duration: up to 12 months for raw events; up to 30 days for replay recordings where enabled. Provider: PostHog, Inc. (EU Cloud, Frankfurt). See PostHog Privacy and GDPR compliance.

5. Session replay masking

If you consent to analytics, session replay is configured to mask all text inputs by default and to block recording of AI-evaluation input fields. This is designed to prevent the capture of any free-text you submit into exercises, reflections, or the in-app Messenger. See our Privacy Policy for details.

6. Browser controls

You can also manage cookies through your browser settings (for example, to clear cookies, block third-party cookies, or enable tracking-prevention features). Disabling strictly-necessary cookies will prevent login and core functionality.

7. Changes to this policy

We may update this Cookie Policy from time to time. Material changes will be posted with a new effective date.

8. Contact

Questions about this Cookie Policy:
Orchestrate IQ, LLC
643 N York St, Suite 70, Elmhurst, IL 60126, USA
salvador@trazomo.com