Cookie Policy
Last updated: October 16, 2025
Jurisdictions covered: KSA (PDPL), EU/EEA (ePrivacy + GDPR), UK (PECR + UK GDPR), California (CPRA)
1. Scope
This Cookie Policy explains how Altaius uses cookies and similar technologies on our websites, platform, and mobile applications. It should be read together with our Privacy Notice. In some regions, additional rights and choices apply (see Section 6).
This policy also applies to Altaius SI (System Integration & Digital Transformation) service pages and any related web properties.
2. What are cookies and similar technologies?
Cookies are small text files placed on your device when you visit a website. We also use similar technologies including local storage, session storage, software development kits (SDKs), web beacons/pixels, and device identifiers.
These technologies may store or access information on your device to provide core functionality, remember preferences, measure usage, secure our services, and support program analytics.
3. Categories we use and why
We use the following categories of cookies/technologies:
Strictly Necessary
Purpose: Required to deliver the service, maintain security, load balancing, session management, and consent storage. These cannot be switched off in our systems.
Examples: Session ID, load balancer cookie, consent state
Preferences (Functionality)
Purpose: Remember choices such as language, UI settings, cohort/program selections, and accessibility preferences.
Examples: Language code, UI layout, saved filters
Performance & Analytics
Purpose: Help us understand usage, reliability, and performance (e.g., page load times, feature adoption, crash logs). We use aggregated insights to improve learning outcomes and platform quality.
Examples: Page views, feature usage counts, error codes
Product Telemetry (Simulation/Coaching)
Purpose: Measure scenario flows, in-simulation events, and coaching interactions to personalize learning and provide dashboards to admins. Pseudonymized where possible.
Examples: Scenario step IDs, time‑to‑decision markers, recommendation feedback flags
Marketing & Communications
Purpose: Support event registrations, measure campaign effectiveness, and, where applicable, tailor content to professional audiences. We do not run third‑party behavioral advertising on learners' simulation content.
Examples: UTM parameters, event registration ID, email engagement token
4. Consent, opt‑out and regional requirements
We deploy strictly necessary cookies by default. In jurisdictions that require prior consent (e.g., the EEA/UK), we request consent before setting non‑essential cookies and you may change your choices at any time via the Cookie Settings link in the footer.
In the Kingdom of Saudi Arabia, consent is the default lawful basis for processing personal data unless an exemption applies under the PDPL and its Implementing Regulations.
In California, you may opt out of 'sale' or 'sharing' of personal information for cross‑context behavioral advertising; we honor browser‑based opt‑out preference signals (e.g., Global Privacy Control).
5. How to manage your preferences
You can manage your cookie and technology preferences at any time using our Cookie Banner or the Cookie Settings link (available in the website footer and within the platform profile menu). Most browsers also allow you to block or delete cookies via settings. If you block strictly necessary cookies, parts of the service may not function.
You may also control interest‑based communications by:
- Using the in‑product notifications controls to opt out of non‑essential messages.
- Following 'unsubscribe' links in marketing emails (or emailing privacy@altaius.com).
- Enabling a supported opt‑out preference signal in your browser (e.g., Global Privacy Control).
6. Regional specifics
Key regional rules we follow include:
- EU/EEA: Prior consent for non‑essential cookies and similar technologies under the ePrivacy Directive; GDPR standards for consent (freely given, specific, informed, and unambiguous). Cookie walls and implied consent (e.g., scrolling) are not valid.
- UK: Prior consent for non‑essential cookies under PECR; consent must be as easy to refuse as to accept (e.g., a clearly visible 'Reject All' alongside 'Accept All').
- KSA (PDPL): Consent is the default lawful basis unless an exemption applies; we apply privacy‑by‑design and data minimization to tracking technologies and provide clear notices and choice.
- California (CPRA): We do not 'sell' personal information in the conventional sense. Where our use of analytics/advertising could be considered 'sale' or 'sharing,' we provide opt‑out mechanisms and honor Global Privacy Control signals.
7. Cookie and SDK details (dynamic inventory)
Our cookie/SDK inventory is maintained dynamically and may vary by site, product area, and environment (web vs. mobile). The following table is an example; the live list in our Cookie Settings controls is authoritative.
| Name | Provider | Purpose/Category | Retention | Type |
|---|---|---|---|---|
altaius_session |
Altaius | Strictly necessary - session management | Session | HTTP cookie |
altaius_consent |
Altaius | Strictly necessary - stores consent state | 12 months | HTTP/local storage |
_analytics_id |
Analytics Provider | Performance - usage analytics | 13 months | HTTP/SDK |
sim_telemetry |
Altaius | Product telemetry - simulation events | 24 months (pseudonymized) | Local storage |
mkt_campaign |
Marketing Platform | Marketing - campaign attribution | 90 days | HTTP cookie |
8. What data is collected via these technologies?
Identifiers (e.g., session IDs, device IDs), usage data (pages viewed, clicks, time stamps), telemetry (scenario step IDs, error codes), and preference data (language, accessibility). We avoid using non‑essential technologies unless necessary for the stated purpose and we pseudonymize or aggregate analytics where feasible.
9. Retention
Retention depends on the cookie/technology and its purpose. Typical ranges: session‑cookies (session), preference cookies (6-24 months), analytics (up to 13 months), product telemetry (up to 24 months, then aggregated/pseudonymized). Retention may be shorter where required by local law or client policy.
10. Changes to this Policy
We may update this Policy from time to time, for example to reflect regulatory guidance or changes to our technologies. Material changes will be communicated via the platform or email. The 'Last updated' date indicates the effective date.
11. Contact
Questions? Contact us at:
Email: privacy@altaius.com
Address: Altaius, RGNA5176, 5176 Imam Saud Bin Abdulaziz Bin Mohammed Rd, 6764, An Nakheel, Riyadh 12381, Saudi Arabia
