Cookie Policy
Effective: 14 May 2026
This Cookie Policy explains how Hotreloads Digital (“Hotreloads”, “we”) uses cookies and similar technologies (such as localStorage, sessionStorage, browser fingerprinting signals, and pixels) when you visit hotreloads.com. It supplements our Privacy Policy, which describes our wider data-protection practices, and our Terms of Service, which govern your use of the Website.
This policy applies to the public Website only. Cookies used in connection with a paid engagement are governed by the engagement-specific agreement and Data Processing Agreement signed with the client.
1. What cookies are
A cookie is a small text file that a website asks your browser to store on your device, so that the website can remember information about you between requests. First-party cookies are set by the website you are visiting. Third-party cookies are set by other domains (typically tools or services embedded in the page).
Cookies are not the only technology that can store information on your device or identify your session. Most modern websites also use localStorage, sessionStorage, and JavaScript-based identifiers. When we talk about “cookies” in this policy, we mean cookies and these similar technologies collectively, unless we say otherwise.
2. The categories we use
We classify everything that stores or reads information on your device into three categories: strictly necessary, analytics, and marketing. We default to setting only strictly-necessary technologies. Everything else is held back behind a consent banner until you have made an explicit choice.
2.1 Strictly necessary
These are required for the Website to function. You cannot disable them through our consent banner, although you can block them through your browser settings (which will likely break parts of the site). We rely on the “strictly necessary” exemption under the European ePrivacy framework and on legitimate interests under the GDPR for these.
| Name | Set by | Purpose | Duration |
|---|---|---|---|
hr-consent-v1 | Hotreloads (first-party localStorage) | Remembers your consent choice so we do not re-prompt on every page | 13 months |
cf_clearance | Cloudflare | Records that you have completed a Turnstile bot-protection challenge during a form submission | Up to 30 days |
__cf_bm | Cloudflare | Bot-management session token to distinguish automated traffic from human visitors | 30 minutes |
ASTRO_SESSION_ID | Cloudflare KV via Astro session middleware | Anonymous per-session identifier used for CSRF protection on forms and for rate-limiting | Session |
These technologies do not identify you outside the session in which they were set. They are not used for analytics, profiling, or advertising.
2.2 Analytics (consent required)
These help us understand how the Website is used in aggregate. They are loaded only after you click “Accept analytics” or “Accept all” in the consent banner. You can withdraw consent at any time using the Cookie preferences link in the footer.
| Name | Set by | Purpose | Duration |
|---|---|---|---|
| (no cookies) | Plausible Insights OÜ | Cookieless, IP-anonymising aggregate analytics. Plausible does not store cookies or use cross-site identifiers. We disclose it here for transparency even though it does not technically require consent under the ePrivacy framework. | n/a |
_ga | Google LLC (Google Analytics 4) | Distinguishes unique visitors | 2 years |
_ga_<container-id> | Google LLC (Google Analytics 4) | Persists session state for Google Analytics | 2 years |
_gid | Google LLC | Distinguishes unique visitors (legacy GA4) | 24 hours |
We have configured Google Analytics 4 with IP-anonymisation, no ad-personalisation signals, and no Google Signals. Data is retained in Google Analytics for the minimum period the product allows (currently 2 months).
2.3 Marketing (consent required)
These would be used to support marketing communications and remarketing. They are loaded only after you click “Accept marketing” or “Accept all”.
| Name | Set by | Purpose | Duration |
|---|---|---|---|
__hssc, __hssrc, __hstc, hubspotutk | HubSpot, Inc. | Records a visitor’s session and journey on the Website to attribute eventual form submissions back to source, when the HubSpot tracking pixel is loaded | Up to 13 months |
We do not currently run third-party advertising tags (such as Meta Pixel, LinkedIn Insight, or Google Ads conversion) on the Website. If we ever introduce them, we will update this section, prompt you again for consent before they load, and respect a “marketing: rejected” choice already on file.
3. Lawful basis
For cookies and similar technologies that are strictly necessary for the Website to function (Section 2.1), we rely on the ePrivacy exemption (where you are in the EEA, the UK, or Switzerland) and on legitimate interests under the GDPR. Under the DPDP Act, these are processed on the basis of legitimate use, namely providing the service you have requested.
For all non-necessary cookies and similar technologies (Sections 2.2 and 2.3), we rely on your consent, freely given, specific, informed, and unambiguous. You can withdraw consent at any time without explaining why. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
4. Third-party cookies
Some of the cookies described above are set by third parties on their own domains (for example, Cloudflare on cloudflare.com or Google Analytics on google-analytics.com). When this happens, the third party is operating as a data controller in its own right for that cookie, and its own privacy policy applies. Links to the relevant policies:
- Cloudflare, Inc. — https://www.cloudflare.com/privacypolicy/
- Google LLC — https://policies.google.com/privacy
- HubSpot, Inc. — https://legal.hubspot.com/privacy-policy
- Plausible Insights OÜ — https://plausible.io/privacy
We do not control these third parties, and we do not warrant the accuracy or completeness of their policies.
5. How to manage your preferences
You have several ways to control cookies on the Website.
Through our consent banner. When you first visit the site (or after a material change to this policy), a banner asks you to accept or reject non-necessary cookies, with the option to make a granular choice between analytics and marketing. Your choice is stored in your browser and persists for thirteen months, after which we ask again. You can revisit your preferences at any time by clicking the Cookie preferences link in the site footer.
Through your browser. All modern browsers let you view, delete, and block cookies on a per-site basis. Each browser handles this slightly differently:
- Chrome — Settings → Privacy and security → Cookies and other site data
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Safari — Settings → Privacy → Manage Website Data
- Edge — Settings → Cookies and site permissions → Cookies and site data
Blocking cookies through your browser is more aggressive than withdrawing consent through our banner: it may also block strictly-necessary cookies and break parts of the site (for example, the bot-protection challenge on form submissions).
Do Not Track and Global Privacy Control. We treat a Global Privacy Control (GPC) signal as a withdrawal of consent for non-essential cookies. The older “Do Not Track” header is not standardised and is not honoured automatically; we recommend using GPC where supported.
6. Mobile and offline considerations
We do not currently operate a mobile application. If you reach the Website through an in-app browser (for example, the LinkedIn or Slack in-app browser), cookies set on the Website may be isolated to that in-app browser’s environment and may not persist when you return through your default browser. The cookie banner will reappear in that case.
7. Children
The Website is intended for an adult professional audience. We do not knowingly use cookies to profile or target children under 18.
8. Changes to this policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, the law, or our practices. The “Effective” date at the top of this page reflects the most recent update. When a change is material — for example, a new category of cookie, or a new third-party tool — we will:
- update this page;
- highlight the change on the Website; and
- re-prompt for consent through the banner, so your earlier choice is not silently extended to a new use.
9. Contact
For any question about this Cookie Policy or our use of cookies, please contact:
Sunny Sharma — Privacy contact Hotreloads Digital Bangalore, Karnataka, India hello@hotreloads.com
If you are not satisfied with our response, you have the right to escalate to the Data Protection Board of India (under the DPDP Act) or to your local supervisory authority (under the GDPR).