1. Scope and service context
This Cookie Policy explains how Index-Rank uses cookies and similar tracking technologies on index-rank.com. It describes what each category does, how consent is applied, and how you can control optional tracking.
Service operator / controller context: Index-Rank is operated in the Republic of Korea. For cookie and privacy matters, you can contact [email protected]. Jurisdictional baseline is Seoul, Republic of Korea, as described in our Privacy Policy.
This policy should be read together with our Privacy Policy, which explains how personal data is processed more broadly.
2. Cookie categories and legal basis
We use three categories of cookies and similar technologies:
- Strictly necessary: Always active. Required for security, authentication/session continuity, payment and service operation. These are used only where needed to deliver requested service functions and cannot be turned off in Cookie Settings.
- Analytics: Optional. Used to measure product usage and performance so we can improve user experience and product quality. Analytics runs only when analytics consent is enabled.
- Marketing performance: Optional. Used to measure campaign effectiveness and support marketing optimization. Marketing-related storage and personalization controls remain disabled unless marketing consent is enabled.
Important: if any third-party provider uses storage/access beyond the requested service operation (for example, analytics, profiling, or advertising purposes), that processing is treated as non-essential and must be governed by the corresponding optional consent category.
3. Technologies and data flow used in this product
Index-Rank uses a consent-aware tracking architecture:
- Consent-gated GTM bootstrap: In consent-required regions, Google Tag Manager is not loaded until optional consent is present (or already stored). This prevents optional tag bootstrap prior to consent.
- Google Tag / GA4 Consent Mode: We apply consent state updates for
analytics_storage,ad_storage,ad_user_data, andad_personalizationaccording to your category choices. - Product analytics events: Analytics-tagged events (including
ir_*event flows) are sent only when analytics consent is granted. Current examples include ranking share measurement events such asir_ranking_share_clickandir_ranking_share_visit. - Product telemetry APIs: Product telemetry endpoints for ranking and genesis experience metrics are gated by analytics consent.
- Essential operational logs: Security, abuse-prevention, payment, and operational reliability logs remain active as strictly necessary processing.
- Consent-aware CSP controls: Content Security Policy directives are adjusted by consent state so optional analytics origins are not allowed before optional consent is available in consent-required traffic.
4. Consent behavior by region
For traffic identified as EU, EEA, UK, or country-unknown, optional tracking is disabled by default and the cookie banner is shown before optional tracking can run. For other regions, baseline behavior follows our configured consent mode and available controls in Cookie Settings.
5. Your choices and withdrawal
You can choose one of the following at any time:
- Accept all optional categories.
- Reject non-essential categories.
- Open Cookie Settings and select Analytics and Marketing performance individually.
You can reopen Cookie Settings from the footer at any time. Strictly necessary cookies remain active because they are required to provide core service functionality.
On the initial banner, Accept all and Reject non-essential are presented with equal interaction weight so withdrawal remains as easy as consent.
6. Consent records, retention, and audit evidence
We keep a minimal consent record to demonstrate compliance, including consent version, selected categories, locale, and timestamp. We do not add extra personally identifying fields solely for consent evidence.
Consent preferences are stored in client-side consent storage and cookie data with versioned format, and consent decision events are recorded through a dedicated privacy consent audit endpoint.
7. Cookie and storage lifespan
Current retention/lifespan configuration is as follows:
- index_rank_consent_v3 (cookie): up to 365 days.
- index_rank_consent_v3 (local storage snapshot): up to 365 days, aligned to consent expiration.
- Legacy consent keys: cleared during migration and not reused.
- Third-party cookies/storage: lifespan may vary by provider configuration and browser policy.
8. Third-party services and cookie declaration
The table below summarizes key third-party services used by Index-Rank for analytics, reliability, and checkout operations.
We run periodic technical audits to detect whether third-party scripts perform storage/access before explicit user action and to verify that non-essential purposes are not bundled into strictly necessary processing.
We also run a pre-release CI compliance gate that validates country/consent profile behavior (including reject and consent-enabled paths), third-party host allowlists, and checkout-triggered loading boundaries before deployment.
Current measured declaration (technical baseline): in our checkout journey audit, no third-party cookie domains are observed before explicit checkout click, and no third-party cookie domains are observed after click in the tested profile. First-party consent/retention identifiers are observed as listed in this section.
| Provider | Category | Purpose | Measured identifiers (current baseline) | Lifespan | Policy |
|---|---|---|---|---|---|
| Google Tag Manager / GA4 | Analytics / Marketing performance | Traffic measurement and campaign/attribution support under consent mode | Consent mode state and GA request identifiers. In the latest CI audit, analytics hosts are blocked on reject paths and allowed on consent-enabled paths. | Provider-defined (if optional consent enables provider storage) | Google Cookies Policy |
| Sentry | Strictly necessary (security/reliability) | Error monitoring and incident diagnostics | Event/diagnostics metadata for reliability operations (no additional third-party cookie domain observed in baseline checkout audit) | Provider-defined | Sentry Privacy Policy |
| Lemon Squeezy | Strictly necessary (checkout/payment operation) | Secure checkout flow for paid products | Checkout provider access appears only after explicit checkout click in CI audit (pre-click count must remain zero) | Provider-defined | Lemon Squeezy Privacy Policy |
| Index-Rank first-party consent storage | Strictly necessary | Persist and enforce user cookie choices | index_rank_consent_v3 (cookie), index_rank_consent_v3 (local storage) | Up to 365 days | Index-Rank Privacy Policy |
| Index-Rank first-party retention helper | Strictly necessary | Operational retention UI helper state | ir_retention_last_seen_at (local storage) | Application-managed | Index-Rank Privacy Policy |
We maintain this declaration from measured outputs (audit report + CI artifacts), not assumptions. If provider behavior changes, this section is updated with the next policy revision.
Advertising network status: As of this policy date, Index-Rank does not run separate third-party ad network tags for ad delivery/retargeting. If that changes, we will update this policy and consent flows before activation.
9. International transfers and service providers
Some analytics and infrastructure providers may process data across jurisdictions. Where applicable, we apply appropriate safeguards and contractual controls consistent with our Privacy Policy and applicable law.
10. Policy updates
We may update this Cookie Policy as our legal obligations, service architecture, or tracking stack changes. Material updates will be reflected by the Last updated date on this page.
11. Contact
For privacy and cookie-related questions, contact us at [email protected].