One platform, priced by sites. Every module included. Docs All systems operational
Build it freeNo card · no time limit Start free
Legal

Cookie Policy

Last updated: June 2026

Draft pending legal review. This document is a working draft provided for product-preview purposes and is being finalized with legal counsel. It is not yet a binding agreement.

This policy explains what cookies are and how SGEN handles them across our marketing site, the dashboard you log into, and the websites built and hosted on the platform. Whether a given cookie category requires consent where your visitors live is a question for your legal advisor. SGEN provides the banner, the script-gating, and the audit log to act on that guidance.

This policy describes the tools SGEN provides. It does not promise that using them makes any site compliant with the GDPR, the ePrivacy Directive or PECR, the CCPA or CPRA, or any other law. Compliance is the site operator's responsibility, determined with their own legal advisor. [placeholder: this capability-not-a-guarantee characterization is pending counsel confirmation.]

1. Who this policy is for, and who "we" are

This Cookie Policy explains how cookies and similar technologies are used on sgen.com (our marketing site) and within the SGEN platform, which includes the dashboard you log into and the websites built and hosted on it.

In this policy, "SGEN," "we," "us," and "our" mean [placeholder: full legal entity name and entity type], with its registered address at [placeholder: registered address]. These values are placeholders and must be supplied by the business before publication.

Two different roles, and they change who is responsible. For cookies on sgen.com and the SGEN dashboard, SGEN is the party that decides what cookies are set, so this policy governs them directly. For cookies set on a website a customer builds and hosts on SGEN, the customer is the controller of that site and decides which cookies and tracking scripts run on it; SGEN acts as the data processor, providing the hosting and the consent tooling. Where this policy describes behavior on customer sites, it describes the tools and defaults SGEN provides, not choices SGEN makes on the customer's behalf. [placeholder: counsel must confirm this controller and processor split and its wording.]


2. What cookies and similar technologies are

A cookie is a small text file a website stores in your browser so it can recognize your device on later visits or remember actions you took during a visit. Similar technologies include browser local storage and session storage, which hold data in the browser rather than sending it back to a server with each request, and tracking pixels or tags, which are small embedded resources used to record that a page or email was loaded.

Cookies can be first-party (set by the site you are visiting) or third-party (set by another domain whose content is embedded on the page). They can be session cookies, deleted when you close the browser, or persistent cookies, kept for a set period or until you delete them. This section is descriptive only and states no legal conclusion.


3. The two surfaces this policy covers

This policy covers three distinct surfaces, which differ in who controls the cookies set on them:

  • sgen.com (marketing site). Controlled by SGEN. This policy tells you the categories SGEN sets and why.
  • SGEN dashboard (the app you log into). Controlled by SGEN. Covers the sign-in, session, security, and preference cookies needed to run the app.
  • Sites built and hosted on SGEN. Controlled by the customer (the site operator); SGEN provides the tooling as processor. This policy describes the default cookie behavior and the consent tools available to the operator.

[placeholder: counsel must confirm this three-surface framing, and whether a single policy should cover all three or whether customer sites need the operator's own cookie notice rendered through the platform.]


4. The cookie categories we use

We group cookies and similar technologies by purpose, not by vendor. The categories below describe SGEN's surfaces and the platform defaults. The exact inventory, every cookie name, the party that sets it, what it does, and how long it lasts, is maintained in the table at the end of this section.

  • Strictly necessary. Required for the site, dashboard, or hosted platform to work at all, for example: keeping you signed in, maintaining your session, balancing load across our servers, and the security layer (a WAF and related protections) that ships in the Foundation Pack on every plan, including the free Sandbox tier. Without these, the service cannot function. [placeholder: if this policy states that strictly necessary cookies do not require consent, present that only as a standard interpretation of the ePrivacy framework, to be confirmed by counsel for each jurisdiction, not as settled law.]
  • Analytics. Used to understand traffic and behavior. SGEN's dashboard analytics are first-party and run without a third-party tracking tag by default (see clause 5).
  • Marketing and advertising. Where used, for attribution and advertising measurement, for example SGEN's native Attribution module, which captures multi-touch attribution and call tracking. On customer sites these are gated behind consent via the consent banner and are not loaded until the visitor accepts.
  • Preference. Used to remember choices, such as language or display settings. Note distinctly: the visitor-facing accessibility menu preferences are stored in the visitor's session, not as a tracking cookie.

Cookie inventory (the binding detail). The complete inventory below is a placeholder template, not real data. Names, setting party, purpose, and duration for sgen.com, the dashboard, and the platform defaults must be populated from a real audit before publish.

  • [placeholder: cookie name] | [category] | set by [SGEN or vendor] | [purpose] | [duration]

[placeholder: the legal characterization of each category, which are exempt, which require consent, and the lawful basis, requires counsel and is jurisdiction-specific.]


5. Our first-party analytics

SGEN includes Analytics in the dashboard: first-party site analytics that report traffic and visitor behavior without relying on a third-party tracking tag by default. Because the data is collected and stored within SGEN rather than sent to an external analytics vendor, there is no third-party analytics cookie loaded by default for this feature.

A site operator may still choose to add an external analytics or tag-management tool, for example Google Tag Manager or Microsoft Clarity, to their own site. When they do, those tools' cookies are subject to the consent banner described in clause 6 and are held until the visitor accepts.

[placeholder: counsel must confirm whether SGEN's first-party analytics, as actually implemented, qualifies for any no-consent treatment in a given jurisdiction, or whether it still requires consent or notice. Do not assert an exemption without that confirmation.]


6. How we collect and log your consent: the Consent and Tracking module

This is the genuine mechanism, described as the product actually behaves:

  • A consent banner shown to visitors. Operators configure its message, its position (top, center, or bottom of the page), and the Accept and Decline buttons. An optional require-a-checkbox mode can be enabled where explicit, affirmative consent is wanted.
  • Script gating. Tracking scripts, for example Google Tag Manager, Microsoft Clarity, the Session Attributer, Draft Form Entries, and others matched by a configurable rule, are held until the visitor accepts. On decline, they do not load.
  • A per-session, read-only consent log. Every decision is recorded, with a timestamp, the page, and the accept or decline outcome, as a read-only audit trail.
  • Page exemptions. Operators can exempt specific pages (for instance the privacy, cookie, and terms pages) from the banner so visitors can read those pages unobstructed.

Because consent capture and the audit log are native to SGEN, there is no separate third-party consent tool to license and no outside vendor holding your visitors' consent records.

A capability, not a compliance guarantee. The Consent and Tracking module gives operators a banner, script-gating, and an audit log. Providing these tools does not itself make any site compliant with the GDPR, the ePrivacy Directive or PECR, the CCPA or CPRA, or any other law. Whether a particular configuration meets a particular law is for the operator and their legal advisor to determine.

[placeholder: counsel must confirm the persistence and expiry of a recorded consent decision and the wording around re-prompting.]


7. Managing your preferences

You have several ways to control cookies:

  • The SGEN consent banner. Use Accept or Decline when the banner appears. Where the operator has enabled the require-a-checkbox mode, you must tick the box to grant consent.
  • Re-deciding. When a prior decision expires, the banner is shown again so you can change your choice. [placeholder: state the exact period after which a decision expires and a visitor is re-prompted; counsel must confirm the withdrawal-of-consent wording and that re-prompting on expiry is sufficient for withdrawal.]
  • Browser controls. All major browsers let you block or delete cookies and clear local storage in their settings. Blocking strictly necessary cookies may stop parts of the site or dashboard from working.
  • Reading policy pages unobstructed. Operators can exempt the privacy, cookie, and terms pages from the banner so you can read them before deciding.

8. Third-party cookies

Some cookies may be set by third parties rather than by SGEN directly. These can arise from:

  • Payment processing. SGEN facilitates payments and integrates with Stripe and PayPal as the payment processors; their cookies may be set during a checkout or payment flow. SGEN does not act as the payment processor itself.
  • Embedded content. Embedded video, maps, or social content that an operator places on their site may set its own cookies from the provider's domain.
  • Operator-enabled integrations. Analytics or marketing tools an operator adds to their own site (see clause 5) may set third-party cookies, subject to the consent banner.

[placeholder: the actual list of third-party cookies set on sgen.com and the dashboard depends on the integrations enabled there and must be confirmed from a real audit; on customer sites the set depends on the operator's own choices. Counsel must not assert "we set no third-party cookies" or any equivalent without verification against the live audit.]


9. Changes to this policy

We may update this Cookie Policy from time to time, for example when we add a feature, change a vendor, or reflect legal or regulatory developments. When we make a material change, we will update the Last updated date at the top of this page and [placeholder: describe the real notification practice, for example an in-product notice, an email to account owners, or a banner]. The version in effect is the one published here as of the effective date shown at the top.


10. Contact us

Questions about this Cookie Policy, or about cookies and consent on SGEN, can be directed to:

  • [placeholder: privacy or cookies contact email, for example privacy@sgen.com]
  • [placeholder: postal contact address]
  • [placeholder: whether SGEN is required to name a Data Protection Officer and/or an EU or UK representative, and if so their contact details, is pending owner and counsel input.]

For how SGEN handles personal data generally, see the Privacy Policy. If you are an agency or enterprise buyer, the processor terms are in the Data Processing Agreement.

Questions about cookies or consent? Email [placeholder: privacy@sgen.com] or contact our team.