Privacy & Cookie Choices
Manage how we use non-essential technologies. You can change your choice at any time.
Current Status
Policy version
–
Last updated
–
GPC detected
–
Region mode
–
| Category | Status | Description |
|---|---|---|
| Essential | – | Security, session, load balancing. Always on. |
| Functional | – | reCAPTCHA/Turnstile, language preferences, UX helpers. |
| Analytics | – | Traffic/usage measurement (if enabled). |
| Marketing | – | Ad pixels / profiling (if used). |
Retention & Re-consent
- We store your consent choice for up to 12 months in a cookie (
tcm_consent_v1, SameSite=Lax). - You can change your choice anytime using “Privacy settings” (footer link).
- If our purposes/providers change, we will ask for consent again.
Compliance & Jurisdictional Notes
TCM Solutions is designed to help your site comply with major privacy frameworks by enforcing opt-in for non-essential technologies where required, honoring browser opt-out signals, and providing clear controls to grant, withdraw, or modify consent at any time. This page summarises how the mechanism aligns with key jurisdictions.
- EU/EEA & UK (GDPR + ePrivacy/PECR): non-essential technologies are blocked by default until you opt in. Essential cookies remain active. Withdrawal is as easy as consent via “Privacy settings”. The banner re-appears if purposes/providers materially change (policy versioning).
- United States (CPRA/CPA): clear opt-out for “sale/share/targeted advertising”. Honors GPC/UOOM signals automatically.
- Brazil (LGPD): specific, informed, freely given consent for non-essential purposes; revocable at any time.
- Canada / Québec (Law 25): transparency in banner/panel; explicit consent supported for sensitive uses.
- Singapore (PDPA): withdrawal at any time via the panel; consent-based processing stops unless another legal basis applies.
- Data minimisation & purpose limitation: third-party scripts/iframes are purpose-bound and gated by category.
- Record of consent: state stored on device up to 12 months; optional server log (no PII) for audit.
Third-Party Providers
| Provider | Category | Purpose | Storage & Duration | Policy |
|---|---|---|---|---|
| Stripe.js (Stripe) | Essential | Payment processing for purchasing courses; fraud prevention. | Session storage/cookies used by Stripe to complete transactions; retained as needed for security/compliance. | Privacy |
| Firebase (Google) | Essential | User authentication and real-time data needed to deliver purchased content. | Session tokens; account data retained while the account is active (see site policy). | Privacy |
| Google reCAPTCHA | Functional | Abuse prevention on forms (bot protection). | Short-lived cookies for the challenge; loaded only when needed/after consent in EU/UK. | Privacy |
This information describes how the CMP operates and is not legal advice. Your final compliance posture depends on your actual uses and local guidance.