Legal
Cookie policy
Last updated:
Sep 20, 2025
Agency Xcelerator — Cookie & Tracking Policy
Last updated: 20/09/2025
Who we are: Xcelerate Agency LLC. and our affiliates (“Xcelerate,” “we,” “us,” “our”).
What this covers: Our public websites, web app, mobile app, dashboards, and other online services that link to this policy (collectively, the “Services”).
This policy explains what cookies and similar technologies we use, why we use them, and how you can control them. For how we handle personal data more broadly, see our Privacy Notice.
1) What are cookies and similar tech?
Cookies are small text files placed on your device by a website.
Local Storage / Session Storage lets a site store data in your browser.
Pixels / Web beacons are small code snippets that help measure opens, visits, and conversions.
Mobile SDKs are code modules in apps that provide analytics, crash reporting, or messaging.
We use both first-party (set by Xcelerate) and third-party (set by our vendors) technologies.
2) Why we use them (categories)
We classify technologies into these groups:
Strictly Necessary (Essential) – required to run the Services (security, login, load balancing, consent storage).
Functional – remember preferences (language, time zone), improve UI.
Analytics & Performance – measure usage, diagnose issues, improve features.
Attribution & Marketing – attribute traffic from deep links, measure campaigns, prevent duplicate messages. We do not show third-party interest-based ads inside our product, but we may run our own campaigns and measure their effectiveness.
Developer Tools – error/crash reporting, A/B testing.
In the EU/UK/EEA, we only set non-essential categories (2–5) after you consent in our banner/Preferences Center. In California, we honor “Do Not Sell/Share” and Global Privacy Control (GPC) signals for ad-tech/“sharing” purposes.
3) Special notes for our industry (safety first)
Our Services are built for agencies and adult creators. We do not knowingly collect data from anyone under 18 and do not target minors.
If you self-identify as under 18 on our public pages or we detect it during support workflows, we suppress all non-essential tracking and close accounts that should not be using our Services.
Deep-link attribution is used to tie agency posts to visits/subscriptions. Links carry IDs/UTMs and may set first-party cookies for session continuity. Agencies are responsible for providing any legally required disclosures/consents to their audiences.
4) Your controls
Consent Banner / Preferences Center: Choose “Allow all,” “Reject non-essential,” or customize by category at any time (link in footer: Cookie Settings).
Withdraw consent: Open Cookie Settings and toggle categories off.
Global Privacy Control (GPC): If your browser sends GPC, we treat it as an opt-out of “sale/share” for CPRA and switch off ad-tech/marketing categories automatically.
Browser controls: Block/clear cookies in your browser settings (may affect functionality).
Mobile: Limit ad tracking in iOS/Android settings; uninstall to remove SDK data.
Email pixels: Most email clients let you block remote images to disable open tracking.
5) Cookies & similar tech we commonly use
Your live list will vary. We recommend a CMP (e.g., OneTrust/Cookiebot) that auto-scans and publishes an up-to-date table.
A. Strictly Necessary
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Xcelerate (1st-party) | Keeps you logged in; session security/CSRF | Session |
| Xcelerate (1st-party) | Stores your cookie choices | 12 months |
| Cloudflare (3rd-party) | Bot management & traffic routing | 30 min – 1 day |
B. Functional
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Xcelerate | Remembers language/time zone | 6 months |
Intercom/Helpdesk cookie(s) | Intercom/Zendesk (3rd) | Support widget; recall conversation | Session–12 months |
C. Analytics & Performance
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Google Analytics (3rd) | Usage analytics; consent-aware | 1–24 months |
| Sentry (3rd) | Error/crash diagnostics | 3–12 months |
| PostHog/Amplitude (3rd) | Product analytics (consent-based) | 1–24 months |
D. Attribution & Marketing
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Xcelerate | Deep-link session; dedupe conversions | Session–7 days |
| Xcelerate | Campaign parameters storage | 90 days |
| Google Ads (3rd) | Measure campaign effectiveness | 30 days–13 months |
E. Developer Tools / A/B Testing
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Optimizely/VWO (3rd) | Run experiments to improve UX | Varies |
6) How we decide when to set cookies
Essential: always on (security, login, consent storage).
Non-essential (Functional, Analytics, Attribution/Marketing, Dev Tools):
EU/UK/EEA: set only after opt-in.
US (CPRA states): we treat certain ad/marketing tags as “sale/share”; we won’t set them if you opt out or send GPC.
Everywhere else: we use a balanced, privacy-respectful approach and honor local laws.
7) Third parties & disclosures
Some cookies/SDKs belong to vendors who process your data to provide services to us (hosting, analytics, support). We contractually bind them to protect data and use it only for our purposes. See our Subprocessor List for details. If you connect third-party accounts (e.g., social platforms, drives), their own tracking may apply under their policies.
We do not sell personal information. Where a third-party tag might be considered a “sale/share” under CPRA, we treat it as such for opt-out purposes.
8) Retention
Cookie lifetimes vary (see tables above).
Consent records are stored for at least 12 months (or longer if required).
Analytics data is kept only as long as needed for the stated purposes and then aggregated or deleted.
9) Email, pixels, and deep-link events
Email pixels help us see if product updates are opened; you can disable images to opt out.
Deep-link events are first-party measurements to attribute traffic for agencies (e.g., post → click → subscription). We avoid storing more than needed for attribution, use limited lifetimes, and provide agencies controls to minimize personal data. We do not access fans’ OnlyFans accounts.
10) Children & sensitive content
Our Services are for adults (18+) only. We do not knowingly place tracking technologies for minors. If you believe a minor has used our Services, contact us and we’ll act promptly.
11) How to disable cookies (additional options)
Browser guides: Chrome, Safari, Firefox, Edge each provide cookie controls.
Industry opt-outs (ads):
US: aboutads.info/choices, networkadvertising.org/choices
EU: youronlinechoices.eu
Mobile: networkadvertising.org/mobile-choices
Google tools: GA Opt-out Add-on and Ads Settings (if you use Google services).
GPC: Enable a browser that sends Global Privacy Control; we honor it.
Blocking cookies may break authentication or limit features. Essential cookies are required to use the app securely.
12) Updates to this policy
We may update this policy to reflect changes in law, tech, or our Services. We’ll post the new date at the top and, if changes are material, notify you in-app or by email.
13) Contact us
Privacy & cookie questions: privacy@xcelerateagency.com
Security: support@xcelerateagency.com
Mailing address: Xcelerate Agency, LLC
Legal
Cookie policy
Last updated:
Sep 20, 2025
Agency Xcelerator — Cookie & Tracking Policy
Last updated: 20/09/2025
Who we are: Xcelerate Agency LLC. and our affiliates (“Xcelerate,” “we,” “us,” “our”).
What this covers: Our public websites, web app, mobile app, dashboards, and other online services that link to this policy (collectively, the “Services”).
This policy explains what cookies and similar technologies we use, why we use them, and how you can control them. For how we handle personal data more broadly, see our Privacy Notice.
1) What are cookies and similar tech?
Cookies are small text files placed on your device by a website.
Local Storage / Session Storage lets a site store data in your browser.
Pixels / Web beacons are small code snippets that help measure opens, visits, and conversions.
Mobile SDKs are code modules in apps that provide analytics, crash reporting, or messaging.
We use both first-party (set by Xcelerate) and third-party (set by our vendors) technologies.
2) Why we use them (categories)
We classify technologies into these groups:
Strictly Necessary (Essential) – required to run the Services (security, login, load balancing, consent storage).
Functional – remember preferences (language, time zone), improve UI.
Analytics & Performance – measure usage, diagnose issues, improve features.
Attribution & Marketing – attribute traffic from deep links, measure campaigns, prevent duplicate messages. We do not show third-party interest-based ads inside our product, but we may run our own campaigns and measure their effectiveness.
Developer Tools – error/crash reporting, A/B testing.
In the EU/UK/EEA, we only set non-essential categories (2–5) after you consent in our banner/Preferences Center. In California, we honor “Do Not Sell/Share” and Global Privacy Control (GPC) signals for ad-tech/“sharing” purposes.
3) Special notes for our industry (safety first)
Our Services are built for agencies and adult creators. We do not knowingly collect data from anyone under 18 and do not target minors.
If you self-identify as under 18 on our public pages or we detect it during support workflows, we suppress all non-essential tracking and close accounts that should not be using our Services.
Deep-link attribution is used to tie agency posts to visits/subscriptions. Links carry IDs/UTMs and may set first-party cookies for session continuity. Agencies are responsible for providing any legally required disclosures/consents to their audiences.
4) Your controls
Consent Banner / Preferences Center: Choose “Allow all,” “Reject non-essential,” or customize by category at any time (link in footer: Cookie Settings).
Withdraw consent: Open Cookie Settings and toggle categories off.
Global Privacy Control (GPC): If your browser sends GPC, we treat it as an opt-out of “sale/share” for CPRA and switch off ad-tech/marketing categories automatically.
Browser controls: Block/clear cookies in your browser settings (may affect functionality).
Mobile: Limit ad tracking in iOS/Android settings; uninstall to remove SDK data.
Email pixels: Most email clients let you block remote images to disable open tracking.
5) Cookies & similar tech we commonly use
Your live list will vary. We recommend a CMP (e.g., OneTrust/Cookiebot) that auto-scans and publishes an up-to-date table.
A. Strictly Necessary
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Xcelerate (1st-party) | Keeps you logged in; session security/CSRF | Session |
| Xcelerate (1st-party) | Stores your cookie choices | 12 months |
| Cloudflare (3rd-party) | Bot management & traffic routing | 30 min – 1 day |
B. Functional
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Xcelerate | Remembers language/time zone | 6 months |
Intercom/Helpdesk cookie(s) | Intercom/Zendesk (3rd) | Support widget; recall conversation | Session–12 months |
C. Analytics & Performance
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Google Analytics (3rd) | Usage analytics; consent-aware | 1–24 months |
| Sentry (3rd) | Error/crash diagnostics | 3–12 months |
| PostHog/Amplitude (3rd) | Product analytics (consent-based) | 1–24 months |
D. Attribution & Marketing
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Xcelerate | Deep-link session; dedupe conversions | Session–7 days |
| Xcelerate | Campaign parameters storage | 90 days |
| Google Ads (3rd) | Measure campaign effectiveness | 30 days–13 months |
E. Developer Tools / A/B Testing
Name | Provider | Purpose | Duration |
|---|---|---|---|
| Optimizely/VWO (3rd) | Run experiments to improve UX | Varies |
6) How we decide when to set cookies
Essential: always on (security, login, consent storage).
Non-essential (Functional, Analytics, Attribution/Marketing, Dev Tools):
EU/UK/EEA: set only after opt-in.
US (CPRA states): we treat certain ad/marketing tags as “sale/share”; we won’t set them if you opt out or send GPC.
Everywhere else: we use a balanced, privacy-respectful approach and honor local laws.
7) Third parties & disclosures
Some cookies/SDKs belong to vendors who process your data to provide services to us (hosting, analytics, support). We contractually bind them to protect data and use it only for our purposes. See our Subprocessor List for details. If you connect third-party accounts (e.g., social platforms, drives), their own tracking may apply under their policies.
We do not sell personal information. Where a third-party tag might be considered a “sale/share” under CPRA, we treat it as such for opt-out purposes.
8) Retention
Cookie lifetimes vary (see tables above).
Consent records are stored for at least 12 months (or longer if required).
Analytics data is kept only as long as needed for the stated purposes and then aggregated or deleted.
9) Email, pixels, and deep-link events
Email pixels help us see if product updates are opened; you can disable images to opt out.
Deep-link events are first-party measurements to attribute traffic for agencies (e.g., post → click → subscription). We avoid storing more than needed for attribution, use limited lifetimes, and provide agencies controls to minimize personal data. We do not access fans’ OnlyFans accounts.
10) Children & sensitive content
Our Services are for adults (18+) only. We do not knowingly place tracking technologies for minors. If you believe a minor has used our Services, contact us and we’ll act promptly.
11) How to disable cookies (additional options)
Browser guides: Chrome, Safari, Firefox, Edge each provide cookie controls.
Industry opt-outs (ads):
US: aboutads.info/choices, networkadvertising.org/choices
EU: youronlinechoices.eu
Mobile: networkadvertising.org/mobile-choices
Google tools: GA Opt-out Add-on and Ads Settings (if you use Google services).
GPC: Enable a browser that sends Global Privacy Control; we honor it.
Blocking cookies may break authentication or limit features. Essential cookies are required to use the app securely.
12) Updates to this policy
We may update this policy to reflect changes in law, tech, or our Services. We’ll post the new date at the top and, if changes are material, notify you in-app or by email.
13) Contact us
Privacy & cookie questions: privacy@xcelerateagency.com
Security: support@xcelerateagency.com
Mailing address: Xcelerate Agency, LLC