1. About this policy
This Cookie Policy explains how Clarista Inc. and its affiliates ("Clarista", "we", "us", "our") use cookies, web beacons, pixels, tags, software development kits (SDKs), local storage, fingerprinting techniques, and other similar tracking technologies (collectively, "Cookies" or "Tracking Technologies") on our websites at www.clarista.io, our subdomains, our applications, our Platform Services, our marketing emails, and any other digital property we own or operate (collectively, the "Sites").
This policy should be read together with our Privacy Notice, which describes how we process personal information generally.
By using our Sites, you consent to our use of Cookies as described in this Cookie Policy and as configured through any consent banner or preference center we may make available to you, except for strictly necessary Cookies which do not require consent.
2. What are Cookies and Tracking Technologies?
Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites work, improve performance, remember preferences, deliver advertising, and provide information to the site owner.
In addition to cookies, we may also use the following Tracking Technologies, each of which may collect data about you, your device, your behaviour, and your interactions with our Sites and emails:
- HTTP cookies (first-party and third-party, session and persistent)
- Web beacons / clear GIFs / tracking pixels in pages and emails
- JavaScript tags, snippets, and tag managers (e.g., Google Tag Manager)
- HTML5 local storage and session storage
- IndexedDB and browser cache storage
- Service workers and Progressive Web App (PWA) storage
- Software Development Kits (SDKs) in mobile apps
- Server log files, request headers, and IP-based identifiers
- Device fingerprinting using attributes such as user agent, screen resolution, fonts, plugins, time zone, language, hardware concurrency, canvas/WebGL rendering
- Network signals including IP address, connection type, ISP, and approximate geolocation
- Customer Data Platform (CDP) identifiers and persistent user IDs
- Cross-device and cross-domain identifiers, including hashed email and phone identifiers used for marketing matching
- Session replay, heatmaps, scroll maps, click maps, and rage-click recording
- Form analytics and field-level interaction telemetry
- A/B testing and experimentation identifiers
- Email tracking via open pixels, click trackers, and unique unsubscribe links
- Server-side conversion APIs (e.g., Meta CAPI, Google Enhanced Conversions, LinkedIn CAPI, TikTok Events API, Snap Conversion API, Pinterest Conversions API, Reddit Conversions API, X / Twitter CAPI)
- UTM and click ID parameters in URLs (e.g., gclid, fbclid, msclkid, li_fat_id, ttclid)
- Consent management platform (CMP) state
3. Cookies we use (by category)
We use Cookies and Tracking Technologies for the categories of purposes listed below. Where required by law, we obtain your consent through our consent banner before deploying any non-essential Cookies, and you may withdraw consent at any time using our cookie preference center.
3.1 Strictly necessary Always on
These Cookies are essential to operate our Sites and provide core features you have requested. They cannot be disabled. Examples include session management, authentication, security tokens, load balancing, fraud prevention, and your consent preferences.
Legal basis: Legitimate interest / contractual necessity. Consent not required.
3.2 Functional / preferences Consent
These Cookies remember choices you make to provide a personalized experience — language, region, time zone, theme, recently viewed pages, saved filters, accessibility preferences. Disabling them may degrade your experience but the Sites will still function.
3.3 Analytics & performance Consent
These Cookies help us understand how visitors interact with our Sites — page views, navigation paths, time on page, exit pages, scroll depth, click patterns, errors encountered, page load performance, and aggregate usage trends. We may also use session replay tools to record anonymized interactions for debugging and UX improvement.
Vendors used (may include): Google Analytics 4, Vercel Web Analytics, Vercel Speed Insights, Plausible, Fathom, Microsoft Clarity (session replay and heatmaps), Hotjar, Mouseflow, FullStory, Ahrefs Web Analytics.
3.4 Marketing, advertising & retargeting Consent
These Cookies and Tracking Technologies are used to deliver advertising relevant to you on our Sites and across the internet, measure the effectiveness of our advertising, perform retargeting, attribute conversions, build lookalike audiences, and prevent ad fraud. They may be set by us or by third-party advertising partners.
Vendors used (may include): Google Ads, Google Floodlight, Google DV360, Microsoft Advertising (Bing Ads), Meta (Facebook & Instagram), LinkedIn Insight Tag, X / Twitter Ads, TikTok Pixel, Reddit Pixel, Pinterest Tag, Snap Pixel, Quora Pixel, StackAdapt, AdRoll, RollWorks, Demandbase, 6sense, Triblio, ZoomInfo MarketingOS, Bombora, Outbrain, Taboola.
3.5 Conversion tracking & attribution Consent
To measure the performance of our marketing and understand how visitors become customers, we deploy server-side and client-side conversion tracking and use first-party and hashed identifiers to attribute conversions across devices and channels. This includes UTM tracking, click ID propagation, and server-side conversion APIs.
Vendors used (may include): Google Tag Manager, Segment, RudderStack, mParticle, Customer.io, HubSpot, Salesforce Marketing Cloud, Marketo, Pardot, Iterable, Braze, Mixpanel, Amplitude, Heap, June.
3.6 CRM, sales intelligence & form enrichment Consent
When you submit forms (demo requests, contact, content downloads), we may enrich the data with information from third-party business data providers and combine it with your interaction history in our CRM. This helps our sales team prepare for conversations and tailor follow-up.
Vendors used (may include): HubSpot, Salesforce, Apollo.io, ZoomInfo, Clearbit (Reveal), 6sense, Demandbase, RB2B, Common Room, Leadfeeder, Albacross, Vector, Visitor Queue.
3.7 A/B testing & personalization Consent
We may run experiments to test different page variants, headlines, layouts, and offers. These technologies assign you to a variant and record which version you saw and how you interacted with it.
Vendors used (may include): Vercel Edge Config, GrowthBook, Optimizely, VWO, Google Optimize successor tools, Statsig, LaunchDarkly.
3.8 Social media & embedded content Consent
Our Sites may embed content from third-party platforms such as YouTube videos, LinkedIn posts, X / Twitter embeds, social share buttons, or social login. These embeds may set their own Cookies and collect data about you according to their own privacy policies.
3.9 Customer support & live chat Consent
If you use chat, support widgets, or scheduling tools on our Sites, those vendors may set Cookies to maintain your support session and track resolution.
Vendors used (may include): Intercom, Drift, Zendesk, Crisp, HelpScout, Chili Piper, Calendly, SavvyCal.
3.10 Error monitoring & security Always on
We use error and security monitoring to detect malicious behavior, prevent fraud, debug application errors, and harden our platform.
Vendors used (may include): Sentry, Datadog, Cloudflare (security, bot management, WAF, rate limiting), reCAPTCHA, hCaptcha, Vercel security monitoring.
4. Sample of specific Cookies we may set
The table below lists representative Cookies that may be set during your visit. The exact list varies based on your consent choices, the pages you visit, and changes to our vendors over time. A live, up-to-date inventory is available in the cookie preference center accessible at the bottom of each page.
| Cookie / Technology | Provider | Purpose | Category | Typical lifespan |
|---|---|---|---|---|
_clarista_session | Clarista (first party) | Maintains your session | Strictly necessary | Session |
cc_consent | Clarista (first party) | Stores your cookie consent choices | Strictly necessary | 12 months |
__cf_bm | Cloudflare | Bot protection | Strictly necessary | 30 minutes |
cf_clearance | Cloudflare | Bot management / challenge solved | Strictly necessary | 1 year |
_ga, _ga_* | Google Analytics 4 | Distinguishes users, sessions, and events | Analytics | 2 years |
_gid | Google Analytics | User distinction over 24h | Analytics | 24 hours |
_clck, _clsk | Microsoft Clarity | Heatmaps and session replay | Analytics | 1 year / session |
_fbp | Meta (Facebook) | Conversion tracking and retargeting | Advertising | 3 months |
fr | Meta (Facebook) | Ad delivery and measurement | Advertising | 3 months |
_gcl_au | Google Ads | Conversion linker | Advertising | 3 months |
li_gc, li_sugr, AnalyticsSyncHistory, UserMatchHistory, bcookie, bscookie, lidc | Insight Tag, retargeting, ad measurement | Advertising | 3 months – 2 years | |
MUID | Microsoft Advertising / Bing | User identifier across MS properties | Advertising | 1 year |
_uetsid, _uetvid | Microsoft Advertising / Bing UET | Conversion tracking | Advertising | 30 days / 16 months |
_tt_enable_cookie, _ttp | TikTok | Pixel conversion tracking | Advertising | 13 months |
_rdt_uuid | Conversion tracking | Advertising | 3 months | |
_pin_unauth, _pinterest_ct_* | Conversion tracking | Advertising | 1 year | |
twq_* | X / Twitter | Conversion tracking | Advertising | 30 days |
__hssc, __hssrc, __hstc, hubspotutk | HubSpot | CRM, attribution, conversion tracking | CRM / Analytics | Session – 13 months |
ajs_anonymous_id, ajs_user_id | Segment / RudderStack | Event collection and CDP routing | Analytics | 1 year |
intercom-id-*, intercom-session-* | Intercom | Support chat session | Functional | 9 months / week |
drift_* | Drift | Support chat session | Functional | 9 months |
YSC, VISITOR_INFO1_LIVE, PREF | YouTube (Google) | Embedded video tracking | Advertising / Functional | Session – 8 months |
__stripe_mid, __stripe_sid | Stripe | Payment fraud prevention | Strictly necessary | 1 year / 30 min |
vercel-analytics | Vercel | Privacy-friendly analytics | Analytics | 1 year |
vercel-speed-insights | Vercel | Real user performance monitoring | Strictly necessary | Session |
_six_* | 6sense | Account intelligence / intent | Advertising / CRM | 1 year |
_dbase | Demandbase | Account-based marketing | Advertising / CRM | 1 year |
fpestid | Bombora | Intent data | Advertising | 1 year |
__rb2b | RB2B / similar | Visitor identification (B2B) | CRM / Advertising | 1 year |
5. Where we use these technologies
- Our website: marketing pages, blog, documentation, support pages, the consent banner itself.
- Our Platform Services and authenticated app: limited to strictly necessary, functional, security, and error-monitoring categories.
- Our marketing emails: open and click tracking pixels, unique links for attribution and personalization. You can opt out of marketing emails using the unsubscribe link in any email.
- Mobile apps (if any): equivalent technologies including SDKs from analytics, attribution, and crash-reporting vendors.
- Server-side: log files, IP address records, request headers, and server-side conversion APIs that operate without writing to your device.
6. Legal basis for using Cookies
Where required by GDPR, ePrivacy Directive, UK GDPR, Swiss FADP, or equivalent laws, we deploy non-essential Cookies only after obtaining your consent through our cookie banner. Strictly necessary Cookies are deployed without consent on the basis of legitimate interest and contractual necessity.
For California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other US-state residents, you may opt out of "sale" and "sharing" of personal information (including via Cookies used for cross-context behavioral advertising) using the cookie preference center and via Global Privacy Control (GPC) signals which we honor.
7. Managing your Cookie preferences
You have several ways to control Cookies and Tracking Technologies:
- Our cookie preference center — accessible at any time via the "Cookie Preferences" link in the footer of every page. You can grant or withdraw consent by category.
- Global Privacy Control (GPC) — we honor the GPC browser-level opt-out signal as a "Do Not Sell or Share" request under applicable US state laws.
- Browser settings — most browsers allow you to block or delete Cookies. Note that blocking strictly necessary Cookies will impair the Sites.
- Industry opt-outs — Network Advertising Initiative (optout.networkadvertising.org), Digital Advertising Alliance (optout.aboutads.info), Your Online Choices (EU: youronlinechoices.eu).
- Marketing emails — unsubscribe link in every email.
If you opt out of advertising cookies, you will still see ads but they will be less relevant to you.
8. International transfers
Data collected via Cookies may be transferred outside your country of residence to the United States or other countries where our vendors operate. Such transfers are protected by Standard Contractual Clauses, the EU-U.S. Data Privacy Framework where applicable, and supplementary technical measures. For details, see our Privacy Notice.
9. Retention
Each Cookie has a lifespan as listed in the inventory above. Once expired, it is no longer used. We periodically review the inventory and shorten retention where possible.
10. Children
Our Sites are not directed to children under 18. We do not knowingly use Cookies to collect personal information from children. If you believe we have done so, please contact us at privacy@clarista.io.
11. Changes to this policy
We may update this Cookie Policy from time to time to reflect new tools, vendors, regulations, or business practices. We will post any changes here and update the "Last updated" date. For material changes we may also notify you via banner or email.
12. Contact
Questions about this Cookie Policy can be sent to:
Clarista Inc. – Attn: Privacy
20 McGuire Ct, Ridgewood NJ 07450, USA
Email: privacy@clarista.io
Data Subject Requests: dsr@clarista.io
Last updated: May 19, 2026