Cookies & Tracking Technologies Policy
Last updated: September 9, 2025
This Cookies & Tracking Technologies Policy explains how Find Me LLC ("Find Me," "we," "our," or "us") uses cookies and similar technologies on our websites and apps. It also describes why we use them, the categories of cookies we rely on, and the choices available to you.
By using our services, you agree to the use of cookies as described in this policy.
By using our services, you agree to the use of cookies as described in this policy.
Categories of cookies we use and why
We classify cookies/SDKs into four categories. Examples are illustrative and may evolve as we improve the Service.
1. Strictly Necessary — Essential to run the Service: authentication, security, fraud prevention, load balancing, consent storage, routing. Disabling may break core features.
2. Preferences — Improve your experience: language, accessibility options (e.g., reduced motion), UI state (e.g., collapsed menus, active tab), content locale.
3. Analytics & Performance — Help us understand and improve: page/screen views, feature usage, diagnostics, A/B experiments, latency, crash logs, error traces.
4. Advertising & Measurement — Where allowed: ad delivery, anti-fraud, frequency capping, reach and performance measurement, and (where permitted by law and your settings) personalization and audience reporting.
Purpose granularity. Within each category we map specific purposes (e.g., "security incident detection," "feature adoption analytics," "frequency capping") to individual tags/SDKs to ensure least-privilege collection and clear consent prompts.
We classify cookies/SDKs into four categories. Examples are illustrative and may evolve as we improve the Service.
1. Strictly Necessary — Essential to run the Service: authentication, security, fraud prevention, load balancing, consent storage, routing. Disabling may break core features.
2. Preferences — Improve your experience: language, accessibility options (e.g., reduced motion), UI state (e.g., collapsed menus, active tab), content locale.
3. Analytics & Performance — Help us understand and improve: page/screen views, feature usage, diagnostics, A/B experiments, latency, crash logs, error traces.
4. Advertising & Measurement — Where allowed: ad delivery, anti-fraud, frequency capping, reach and performance measurement, and (where permitted by law and your settings) personalization and audience reporting.
Purpose granularity. Within each category we map specific purposes (e.g., "security incident detection," "feature adoption analytics," "frequency capping") to individual tags/SDKs to ensure least-privilege collection and clear consent prompts.
Regional rules at a glance
We apply different legal frameworks depending on where you use the Service and which property (web, mobile app, embedded surface) you're interacting with. The controls you see are tailored to your region, device, and whether you're signed in.
We apply different legal frameworks depending on where you use the Service and which property (web, mobile app, embedded surface) you're interacting with. The controls you see are tailored to your region, device, and whether you're signed in.
- EEA/UK (GDPR + ePrivacy): By default we set only Strictly Necessary technologies. Preferences, Analytics, and Advertising load only after opt-in. You can accept/reject by purpose in the banner or via the Privacy Center at any time. Where applicable, we support recognized frameworks (e.g., IAB TCF 2.2) to record and transmit consent strings to participating vendors. If you withdraw consent, we stop non-essential processing and propagate the change to our systems and vendors. Country guidance (e.g., CNIL/ICO) may drive additional disclosures or stricter defaults for sensitive contexts (e.g., minors).
- United States (state privacy laws): You may opt out of "sale"/"sharing" of personal information and targeted advertising at /do-not-sell-or-share. We honor Global Privacy Control (GPC) where required, treat it as a valid opt-out signal, and—if you're logged in—attempt to persist the choice to your account. State laws (e.g., CA/CO/CT/VA/UT and others) define terms differently; our in-product controls aim to meet or exceed the most privacy-protective applicable standard. Some states also provide rights to limit use of sensitive data; when those apply, we reflect them in defaults and prompts.
- Brazil (LGPD), Canada (PIPEDA/CPPA), India (DPDP), and others: We align to local laws and regulator guidance. Where a consent model applies, we obtain consent before setting non-essential technologies; where an opt-out model applies, we provide controls and honor valid signals. Examples: Brazil may require clear opt-in for sensitive categories; Canada emphasizes meaningful consent; India recognizes Consent Managers—we act on valid instructions they transmit.
- Additional examples: Japan (APPI) emphasizes purpose specification and cross-border notices; Australia (Privacy Act) reforms may tighten consent expectations; for B2B properties, we still apply the same user-centric choices where personal data is involved.
- GPC — Treated as a valid opt-out for "sale"/"sharing" and targeted advertising where applicable; we propagate the signal to partners within stated timelines and record it in your consent log.
- Platform permissions (iOS/Android) — We respect OS-level tracking choices (e.g., ATT prompts on iOS). If permission is denied or an ad ID is reset, we disable related SDK behaviors and rotate identifiers accordingly.
- Browser Do Not Track (DNT) — Not standardized; we prioritize GPC and applicable regional law. Where DNT is the only signal available, we reduce non-essential tracking where feasible.
Your choices & how to change them
We provide multiple ways to control cookies and similar technologies.
We provide multiple ways to control cookies and similar technologies.
- Cookie Banner — (EEA/UK and where required): Choose Accept All, Reject All, or Manage settings (granular by purpose). Accept and Reject have equal prominence and friction.
- Privacy Center — Change preferences at any time for this account/browser/app. Logged-in choices are applied to your account and sync across devices where feasible; logged-out choices are device browser-specific.
- /do-not-sell-or-share — US portal to opt out of targeted advertising and of the "sale"/"sharing" of personal information.
- Browser controls — You can block or delete cookies in your browser settings; some features may stop working.
- Mobile OS — Use OS settings to reset or limit ad identifiers and control app permissions.
- In-product changes are immediate; complete back-end and partner propagation typically occurs within 48 hours (some partners refresh on longer cycles, up to 30 days).
- When signals conflict (e.g., banner Accept but GPC enabled), we apply the more privacy-protective setting where required by law.
Cookie, storage & SDK inventory (illustrative)
We maintain an internal register reviewed quarterly. The examples below reflect common storage periods and may vary by feature and region.
Note: Partner/vendor cookies/SDKs can vary by region and feature. We cap retention to what's necessary, and partners must comply with our instructions and applicable law.
Lifecycle & retention. Wherever feasible, we prefer short-lived identifiers, rotate them regularly, and aggregate for analytics. We also assess whether a purpose can be met with on-device or server-side computation to reduce exposure.
We maintain an internal register reviewed quarterly. The examples below reflect common storage periods and may vary by feature and region.
| Name | Type | Purpose | Category | Typical Duration |
|---|---|---|---|---|
| session_id | First-party cookie | Maintain secure session after login | Strictly Necessary | Session |
| csrf_token | First-party cookie | Prevent cross-site request forgery | Strictly Necessary | Session |
| consent_state | First-party cookie/local storage | Remember per-purpose choices | Strictly Necessary | 12 months |
| lang_pref | First-party cookie/local storage | Remember language & accessibility prefs | Preferences | 6–12 months |
| ui_state | Local storage | Persist UI affordances (e.g., panel positions) | Preferences | 6–12 months |
| ab_variant | First-party cookie/local storage | Assign A/B experiment variant | Analytics & Performance | Session–90 days |
| perf_trace | Local storage | Store timing marks for UX diagnostics | Analytics & Performance | Session–30 days |
| error_log | Local storage | Preserve last error state for crash reports | Analytics & Performance | Session–7 days |
| ad_meas | First-party cookie/SDK | Measure ad reach frequency; anti-fraud | Advertising & Measurement | 30–180 days |
| capi_batch | Server-side tag queue | Batch measurement where allowed | Advertising & Measurement | Processed then purged |
| Mobile IDFA/AAID | Device identifier | Ads measurement consistent with OS settings | Advertising & Measurement | OS-controlled |
Lifecycle & retention. Wherever feasible, we prefer short-lived identifiers, rotate them regularly, and aggregate for analytics. We also assess whether a purpose can be met with on-device or server-side computation to reduce exposure.
Tagging & initialization logic (how we gate loaders)
To prevent non-essential technologies from loading prematurely, we use gating and sequencing.
• Strictly Necessary loads immediately to enable security and core functionality.
• Preferences, Analytics, Advertising load only after the relevant purpose is opted in (EEA/UK and other consent regions) or not opted out (US where applicable).
• Tag sequencing prevents Advertising tags from firing before consent in applicable regions; Analytics respects your per-purpose selection.
• Server-side tagging applies the same opt-in/opt-out logic and reduces exposure of third-party code.
• SDK gating (mobile) — App SDKs initialize only after the appropriate purpose is granted; OS permission prompts appear where needed.
• Error handling — If a tag fails to load due to your settings, the page/app continues to function with diminished analytics/ads capability only.
Testing & quality. We stage changes behind feature flags, test in pre-production with synthetic data, and audit that consent gates are respected before rollout. We periodically run negative tests(simulated rejections) to ensure no non-essential loader starts early.
To prevent non-essential technologies from loading prematurely, we use gating and sequencing.
• Strictly Necessary loads immediately to enable security and core functionality.
• Preferences, Analytics, Advertising load only after the relevant purpose is opted in (EEA/UK and other consent regions) or not opted out (US where applicable).
• Tag sequencing prevents Advertising tags from firing before consent in applicable regions; Analytics respects your per-purpose selection.
• Server-side tagging applies the same opt-in/opt-out logic and reduces exposure of third-party code.
• SDK gating (mobile) — App SDKs initialize only after the appropriate purpose is granted; OS permission prompts appear where needed.
• Error handling — If a tag fails to load due to your settings, the page/app continues to function with diminished analytics/ads capability only.
Testing & quality. We stage changes behind feature flags, test in pre-production with synthetic data, and audit that consent gates are respected before rollout. We periodically run negative tests(simulated rejections) to ensure no non-essential loader starts early.
Data we process via cookies/SDKs
Depending on your settings and region, we may process:
• Identifiers: cookie IDs, device IDs, session tokens, pseudonymous IDs generated by our systems.
• Usage: pages/screens viewed, taps/clicks, scroll depth, time on page, referral URLs, search terms within the Service, crash logs and error codes.
• Ads/measurement: ad requests, impressions, clicks, conversions, reach/frequency, anti-fraud signals and aggregate performance metrics.
• Approximate location: derived from IP for fraud prevention, local content, aggregate analytics (we do not collect precise GPS without permission).
• Derived signals: experiment assignments, cohort membership, performance aggregates.
We do not use your private messages or non-public uploads to train external models beyond providing the Service unless you opt in.
Data minimization. We aim to collect only what's necessary for stated purposes and prefer aggregate or de-identified data where possible.
Depending on your settings and region, we may process:
• Identifiers: cookie IDs, device IDs, session tokens, pseudonymous IDs generated by our systems.
• Usage: pages/screens viewed, taps/clicks, scroll depth, time on page, referral URLs, search terms within the Service, crash logs and error codes.
• Ads/measurement: ad requests, impressions, clicks, conversions, reach/frequency, anti-fraud signals and aggregate performance metrics.
• Approximate location: derived from IP for fraud prevention, local content, aggregate analytics (we do not collect precise GPS without permission).
• Derived signals: experiment assignments, cohort membership, performance aggregates.
We do not use your private messages or non-public uploads to train external models beyond providing the Service unless you opt in.
Data minimization. We aim to collect only what's necessary for stated purposes and prefer aggregate or de-identified data where possible.
Legal bases: consent vs other grounds
• Consent — Non-essential cookies/SDKs in the EEA/UK and similar jurisdictions; personalized advertising where required; non-service marketing communications.
• Legitimate interests — Security, fraud prevention, service diagnostics, minimal aggregate analytics (balanced with your rights). We provide opt-out where required.
• Legal obligation — Storing proof of consent or opt-out; security logging; compliance with regulator inquiries.
We document our decisions (e.g., DPIAs/LIAs where applicable), keep records of consent (date, version, method), and review them periodically.
Consent state machine. Our systems record events such as Granted, Denied, Withdrawn, Not asked, and Expired per purpose along with timestamp, region, surface (web/app), and version of disclosures. Withdrawals propagate to downstream systems and partners.
• Consent — Non-essential cookies/SDKs in the EEA/UK and similar jurisdictions; personalized advertising where required; non-service marketing communications.
• Legitimate interests — Security, fraud prevention, service diagnostics, minimal aggregate analytics (balanced with your rights). We provide opt-out where required.
• Legal obligation — Storing proof of consent or opt-out; security logging; compliance with regulator inquiries.
We document our decisions (e.g., DPIAs/LIAs where applicable), keep records of consent (date, version, method), and review them periodically.
Consent state machine. Our systems record events such as Granted, Denied, Withdrawn, Not asked, and Expired per purpose along with timestamp, region, surface (web/app), and version of disclosures. Withdrawals propagate to downstream systems and partners.
How to withdraw, fix issues, or appeal
• Change settings in the banner or Privacy Center at any time.
• Use /do-not-sell-or-share for US opt-outs related to targeted ads and “sale/ sharing.”
• If a setting appears to “stick” incorrectly, clear site data for our domain, reload, and re-set preferences.
• Still stuck? Email contact@fyndme.net with device, OS/browser/app version, screenshots, and steps to reproduce. We acknowledge and aim to resolve most issues within 5–10 business days.
Conflicts & precedence. Where both account-level and device-level choices exist, we apply the more privacy-protective option where required by law.
• Change settings in the banner or Privacy Center at any time.
• Use /do-not-sell-or-share for US opt-outs related to targeted ads and “sale/ sharing.”
• If a setting appears to “stick” incorrectly, clear site data for our domain, reload, and re-set preferences.
• Still stuck? Email contact@fyndme.net with device, OS/browser/app version, screenshots, and steps to reproduce. We acknowledge and aim to resolve most issues within 5–10 business days.
Conflicts & precedence. Where both account-level and device-level choices exist, we apply the more privacy-protective option where required by law.
Children & teens
Our services are not directed to children under the local age where consent is required. Where teen accounts are permitted, stricter defaults apply and certain categories (e.g., personalized advertising) may be off by default or unavailable. Parents or guardians with questions can contact contact@fyndme.net.
Parental involvement. In regions that require verifiable parental consent for certain processing, we design flows to obtain and respect that consent; where consent is withdrawn, the corresponding purposes are disabled.
Our services are not directed to children under the local age where consent is required. Where teen accounts are permitted, stricter defaults apply and certain categories (e.g., personalized advertising) may be off by default or unavailable. Parents or guardians with questions can contact contact@fyndme.net.
Parental involvement. In regions that require verifiable parental consent for certain processing, we design flows to obtain and respect that consent; where consent is withdrawn, the corresponding purposes are disabled.
Data retention, security & integrity
• We retain cookie/SDK data only as long as needed for the stated purposes, then aggregate, de-identify, or delete it. Typical ranges appear in the inventory above.
• Transport uses HTTPS; cookies carrying sensitive tokens are set with Secure and HttpOnly flags where applicable and with appropriate SameSite attributes.
• We minimize data shared with partners to what’s necessary, require contractual protections, and periodically review partner practices.
• We monitor for abnormal tag behavior and disable misbehaving tags/SDKs until remediated.
• We periodically rotate secrets/keys for server-side tagging and limit access via least privilege.
• We maintain immutable logs of consent events and loader decisions for auditability.
• We retain cookie/SDK data only as long as needed for the stated purposes, then aggregate, de-identify, or delete it. Typical ranges appear in the inventory above.
• Transport uses HTTPS; cookies carrying sensitive tokens are set with Secure and HttpOnly flags where applicable and with appropriate SameSite attributes.
• We minimize data shared with partners to what’s necessary, require contractual protections, and periodically review partner practices.
• We monitor for abnormal tag behavior and disable misbehaving tags/SDKs until remediated.
• We periodically rotate secrets/keys for server-side tagging and limit access via least privilege.
• We maintain immutable logs of consent events and loader decisions for auditability.
Third-party tools & partners
We may use third-party tools for analytics, performance monitoring, crash reporting, ad delivery/measurement, social sign-in, or content embeds. These providers process data under their privacy terms and our instructions. Where contractually feasible and lawful, we restrict providers from using collected data for their own independent purposes and require deletion on termination or at your request where applicable.
Embeds. When you interact with third-party embeds (e.g., maps, media players, social widgets), those providers may set their own cookies. Your interactions are governed by their policies. We surface context where possible and respect your choices when we can control embed behavior.
Vendor taxonomy. We categorize partners (e.g., analytics, ads delivery, measurement, fraud prevention, performance monitoring) and assign owners internally. Each vendor must have a purpose mapping and retention cap aligned to this policy
We may use third-party tools for analytics, performance monitoring, crash reporting, ad delivery/measurement, social sign-in, or content embeds. These providers process data under their privacy terms and our instructions. Where contractually feasible and lawful, we restrict providers from using collected data for their own independent purposes and require deletion on termination or at your request where applicable.
Embeds. When you interact with third-party embeds (e.g., maps, media players, social widgets), those providers may set their own cookies. Your interactions are governed by their policies. We surface context where possible and respect your choices when we can control embed behavior.
Vendor taxonomy. We categorize partners (e.g., analytics, ads delivery, measurement, fraud prevention, performance monitoring) and assign owners internally. Each vendor must have a purpose mapping and retention cap aligned to this policy
Global Privacy Control (GPC) details
When a compatible browser sends a GPC signal, we treat it as:
• An opt-out of targeted advertising and of the “sale”/“sharing” of personal information where required by law.
• A browser-level request; if you are logged in, we also attempt to apply the signal to your account so it persists across devices where feasible.
• A control that we propagate to our partners within the timelines described above (typically within 48 hours, with partner refresh cycles up to 30 days).
Verification. We periodically test that GPC is recognized and overrides conflicting signals where mandated.
When a compatible browser sends a GPC signal, we treat it as:
• An opt-out of targeted advertising and of the “sale”/“sharing” of personal information where required by law.
• A browser-level request; if you are logged in, we also attempt to apply the signal to your account so it persists across devices where feasible.
• A control that we propagate to our partners within the timelines described above (typically within 48 hours, with partner refresh cycles up to 30 days).
Verification. We periodically test that GPC is recognized and overrides conflicting signals where mandated.
Accessibility & usability of consent UX
We design consent experiences to be accessible and understandable:
• Clear headings, legible typography, and sufficient color contrast.
• Keyboard-navigable controls with visible focus states.
• Screen-reader friendly structure with ARIA roles where appropriate.
• Plain-language explanations for each purpose, with links to details.
• No “dark patterns”: no pre-ticked boxes, no deceptive sizing or color, and parity of effort between Accept and Reject.
• Localized text where the app/site is localized.
If you encounter barriers, email contact@fyndme.net with details.
We design consent experiences to be accessible and understandable:
• Clear headings, legible typography, and sufficient color contrast.
• Keyboard-navigable controls with visible focus states.
• Screen-reader friendly structure with ARIA roles where appropriate.
• Plain-language explanations for each purpose, with links to details.
• No “dark patterns”: no pre-ticked boxes, no deceptive sizing or color, and parity of effort between Accept and Reject.
• Localized text where the app/site is localized.
If you encounter barriers, email contact@fyndme.net with details.
Governance, audits & incident handling
• Inventory & reviews — We maintain a living register of cookies/SDKs, owners, purposes, data categories, and retention periods; reviewed at least quarterly.
• Change management — New tags/SDKs require internal approval and testing behind consent gates before production; major changes include a risk review.
• Partner attestations — We request periodic attestations from partners that they honor user choices and delete or de-identify data as required.
• Incidents — If a tag/SDK misbehaves (e.g., loads before consent or collects beyond scope), we disable it and prioritize a fix. Where required by law, we notify affected users/regulators.
• Training — Teams that implement tags/SDKs complete periodic training on consent, security, and privacy by design.
• Audits — We may conduct internal audits and vendor spot checks to verify adherence to this policy and applicable law.
• Record-keeping — We store consent decisions, related disclosures/versioning, and vendor load outcomes for defensibility.
• Inventory & reviews — We maintain a living register of cookies/SDKs, owners, purposes, data categories, and retention periods; reviewed at least quarterly.
• Change management — New tags/SDKs require internal approval and testing behind consent gates before production; major changes include a risk review.
• Partner attestations — We request periodic attestations from partners that they honor user choices and delete or de-identify data as required.
• Incidents — If a tag/SDK misbehaves (e.g., loads before consent or collects beyond scope), we disable it and prioritize a fix. Where required by law, we notify affected users/regulators.
• Training — Teams that implement tags/SDKs complete periodic training on consent, security, and privacy by design.
• Audits — We may conduct internal audits and vendor spot checks to verify adherence to this policy and applicable law.
• Record-keeping — We store consent decisions, related disclosures/versioning, and vendor load outcomes for defensibility.
FAQs
Q1: Why do I still see ads after opting out?
Opting out reduces personalized/targeted ads and “sale/sharing,” but you may still see contextual ads based on the page or non-personal signals.
Q2: Will clearing cookies reset my preferences?
If you delete all site data, your cookie-stored choices may be removed. When logged in, we attempt to sync account-level choices back to the device; otherwise you may need to set them again.
Q3: Do you use fingerprinting?
No, not for user-level identification, unless explicitly permitted by law and your settings. We prefer consented, revocable identifiers.
Q4: What happens if I use multiple browsers/devices?
Logged-in choices sync to your account when feasible. Logged-out choices are per-device/per-browser.
Q5: Do partners get my precise location?
No, not unless you’ve granted separate permission for precise location. Analytics/ads typically receive approximate IP-derived location for measurement and fraud control.
Q6: Why does Analytics still show some traffic after I rejected it?
We aggregate de-identified network-level telemetry needed for security/availability. Purpose-scoped Analytics tags do not fire where you rejected them; residual baseline telemetry may still exist for Strictly Necessary purposes (e.g., load balancing).
Q7: How long does it take for partners to reflect my choice?
We propagate within 48 hours; some partners refresh configurations or erase identifiers on weekly/monthly cycles, so full effect can take up to 30 days.
Q8: Can I block all cookies?
You can use browser controls to block cookies. Strictly Necessary cookies are required for sign-in and security; blocking them may prevent the Service from working properly.
Q9: Do you sell my personal information?
We don’t “sell” personal information in the everyday sense. Where laws define “sale” or “sharing,” you can exercise your rights at /do-not-sell-or-share and via GPC.
Q1: Why do I still see ads after opting out?
Opting out reduces personalized/targeted ads and “sale/sharing,” but you may still see contextual ads based on the page or non-personal signals.
Q2: Will clearing cookies reset my preferences?
If you delete all site data, your cookie-stored choices may be removed. When logged in, we attempt to sync account-level choices back to the device; otherwise you may need to set them again.
Q3: Do you use fingerprinting?
No, not for user-level identification, unless explicitly permitted by law and your settings. We prefer consented, revocable identifiers.
Q4: What happens if I use multiple browsers/devices?
Logged-in choices sync to your account when feasible. Logged-out choices are per-device/per-browser.
Q5: Do partners get my precise location?
No, not unless you’ve granted separate permission for precise location. Analytics/ads typically receive approximate IP-derived location for measurement and fraud control.
Q6: Why does Analytics still show some traffic after I rejected it?
We aggregate de-identified network-level telemetry needed for security/availability. Purpose-scoped Analytics tags do not fire where you rejected them; residual baseline telemetry may still exist for Strictly Necessary purposes (e.g., load balancing).
Q7: How long does it take for partners to reflect my choice?
We propagate within 48 hours; some partners refresh configurations or erase identifiers on weekly/monthly cycles, so full effect can take up to 30 days.
Q8: Can I block all cookies?
You can use browser controls to block cookies. Strictly Necessary cookies are required for sign-in and security; blocking them may prevent the Service from working properly.
Q9: Do you sell my personal information?
We don’t “sell” personal information in the everyday sense. Where laws define “sale” or “sharing,” you can exercise your rights at /do-not-sell-or-share and via GPC.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated via banner or in-product notice. The “Last updated” date reflects the most recent revision.
We may update this policy from time to time. Material changes will be communicated via banner or in-product notice. The “Last updated” date reflects the most recent revision.
Contact
Questions or concerns? Email contact@fyndme.net.
Postal: Find Me LLC, 4111 Rose Lake Dr, Charlotte, NC 28217, USA
Questions or concerns? Email contact@fyndme.net.
Postal: Find Me LLC, 4111 Rose Lake Dr, Charlotte, NC 28217, USA
Change log
2025-09-09: Initial standalone Cookies & Tracking Policy created; expanded inventory, gating logic, accessibility standards, governance, FAQs, GPC details, and regional consent/opt-out models with propagation timelines.
© 2026 Find Me LLC. All rights reserved.
2025-09-09: Initial standalone Cookies & Tracking Policy created; expanded inventory, gating logic, accessibility standards, governance, FAQs, GPC details, and regional consent/opt-out models with propagation timelines.
© 2026 Find Me LLC. All rights reserved.
Build, customize, and share your professional portfolio with Find Me.
Take control of your online presence with Find Me. Highlight your talents, connect with the right people, and manage your digital identity with ease and security!