Cookie Policy

1.1 About This Policy

This Cookie Policy explains how CONNECTED Academia Inc. ("we," "us," "our," or the "Company") uses cookies and similar tracking technologies when you access or use our Services, including the CONNECT student portal, the CONNECTed institutional portal, and related websites, web applications, and mobile applications (collectively, the "Services"). This summary is provided for convenience only and is not legally binding. The full policy below governs our use of cookies and similar technologies.

Because Cookies and Similar Technologies may be used for multiple purposes - including authentication, security, fraud prevention, preference storage, performance measurement, and feature enablement - this Policy explains what technologies may be used, the types of information they may collect, the reasons we use them, and the choices available to you. Where we rely on third-party service providers (including analytics providers and cloud infrastructure providers), those third parties may also use Cookies under their own policies, as described below.

Key Points (for convenience only): The following statements summarise core elements of this Cookie Policy. They do not replace the full provisions below, which govern in the event of any inconsistency.

• We use cookies and similar technologies to operate, secure, and improve our Services, including to authenticate users, protect accounts, maintain session continuity, and enhance performance and reliability.
• Some cookies and similar technologies are strictly necessary for the Services to function and cannot be switched off through our cookie preference centre. Other cookies (such as analytics cookies) are non-essential and are used only where permitted and, where required, only after you have provided consent.
• We use certain third-party services, including Microsoft cloud services and Google services such as Google Analytics and Google reCAPTCHA, which may process data outside Canada (including in the United States) in accordance with their terms and our contractual and security safeguards.
• You can manage your cookie preferences through our cookie preference centre (available via the website footer or main menu), through your browser and device settings, and through other controls described below, including third-party opt-out tools where applicable.
• This Cookie Policy should be read in conjunction with our Privacy Policy and Terms of Use, each of which forms part of the contractual framework governing your use of the Services.
• For complete details, please review the full Cookie Policy below, including the cookie inventory and the section describing your choices and controls.

This Cookie Policy (the "Policy") explains how CONNECTED Academia Inc., a federally incorporated Canadian company operating in Ontario, Canada, uses cookies, web beacons, local storage, and similar tracking technologies (collectively, "Cookies" or "Similar Technologies") when you access or use our Services.

1.2 Services Covered

This Policy applies to all Services provided by CONNECTED Academia Inc., including:

• (a) The CONNECT student portal;
• (b) The CONNECTed institutional portal;
• (c) Our websites, web applications, and any future mobile applications or APIs; and
• (d) Any related online services, features, content, or tools (collectively, the "Services").

1.3 Relationship to Other Policies

This Policy forms part of, and should be read in conjunction with:

• (a) Our Privacy Policy (available within the Services and on our website), which describes how we collect, use, disclose, and protect Personal Information, including information collected through Cookies; and
• (b) Our Terms of Use (available within the Services and on our website), which govern your access to and use of the Services.

In the event of any conflict between this Cookie Policy and our Privacy Policy or Terms of Use, this Cookie Policy shall prevail with respect to the use of Cookies and Similar Technologies, unless otherwise expressly stated.

1.4 Acceptance and Consent

By continuing to use the Services after being presented with our cookie consent banner or cookie preference centre, or by clicking "Accept" or otherwise indicating consent where required, you acknowledge that you have read, understood, and agree to the use of Cookies and Similar Technologies as described in this Policy. You may withdraw or modify your consent at any time as described in Section 10 (Your Choices and Controls).

1.5 Jurisdiction

This Policy is governed by and construed in accordance with the laws of Ontario and Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Users located outside Canada should be aware that Cookies may collect information that is transferred to, stored, and processed in Canada or other jurisdictions, as described in Section 11 (Data Sharing and Cross-Border Processing).

1.6 Users, Roles, and Account Context

The Services are designed for use by multiple categories of users. The CONNECT student portal is intended for students and other learners who wish to explore transfer options, understand credit equivalencies, manage profiles and preferences, upload and manage academic documents (including transcripts and course materials where supported), and access dashboards, alerts, and other tools related to their academic planning. The CONNECTed institutional portal is intended for institutional users (including admissions, registrar, recruiting, advising, and faculty personnel) to review information, collaborate with students, and administer transfer-related workflows and communications. Depending on how you access the Services (for example, as an individual user or through an institution-licensed environment), different features, settings, authentication methods, and Cookies or Similar Technologies may be used.

1.7 Institutional Customers and Third-Party Administrators

Where an institution (such as a college, university, or other educational organization) provides access to the Services, integrates the Services into its environments, or manages accounts on behalf of its users, that institution may have its own privacy, security, and technology practices and requirements. In particular, the institution or its identity provider may manage authentication and access controls (including single sign-on), impose device or browser configuration requirements, or deploy additional tools within its network. Cookies set by an institution, its identity provider, or other third parties are not under our control and are governed by the applicable third party’s policies. We encourage you to review your institution’s applicable privacy, acceptable use, and information security policies if you access the Services through an institution-managed environment.

1.8 Additional Notices and Region-Specific Disclosures

This Policy is intended to be read together with any in-product disclosures, consent prompts, or notices displayed to you when you first visit the Services or when new Cookies are introduced. We may provide supplemental region-specific notices where required by applicable law or regulatory guidance. If a supplemental notice conflicts with this Policy with respect to a specific region, the supplemental notice will apply for that region to the extent of the conflict.

1.9 Where to Find This Policy

The most current version of this Cookie Policy is made available within the Services and, where applicable, on our website. Prior versions of this Policy may be retained internally for record-keeping, including to demonstrate consent and compliance. If you require an accessible format of this Policy, please contact us using the contact methods described in Section 14.

3.1 Cookies

Cookies are small text files that are placed on your device when you visit a website or use a web application. Cookies contain a unique identifier and may store information about your preferences, session state, or browsing activity. Cookies may be:

• (a) Session Cookies: Temporary cookies that expire and are deleted when you close your browser or end your session. Session cookies are typically used to maintain your login state or shopping cart contents during a single browsing session.
• (b) Persistent Cookies: Cookies that remain on your device for a specified period (ranging from hours to years) or until manually deleted. Persistent cookies are used to remember your preferences, settings, or login status across multiple sessions.
• (c) First-Party Cookies: Cookies set by the website or application you are visiting (in this case, CONNECTED Academia Inc.).
• (d) Third-Party Cookies: Cookies set by a domain other than the one you are visiting, such as cookies set by analytics providers, advertising networks, or embedded content (e.g., videos, maps, social media widgets).

3.2 Web Beacons and Pixels

Web beacons (also known as pixels, tracking pixels, or clear GIFs) are small, often invisible, graphic images embedded in web pages, emails, or advertisements. When you view a page or open an email containing a web beacon, the beacon sends information back to a server, such as:

• (a) The IP address of the device that retrieved the beacon;
• (b) The time the beacon was viewed;
• (c) The type of browser or device used; and
• (d) The existence and content of any cookies previously set by that server.

Web beacons are often used in conjunction with cookies to track user behaviour, measure email open rates, or monitor advertising campaign effectiveness.

3.3 Local Storage and Session Storage

Local Storage and Session Storage are HTML5 web storage technologies that allow websites to store data locally on your device. Unlike cookies:

• (a) Local Storage data persists indefinitely until explicitly deleted by the user or the website;
• (b) Session Storage data is cleared when the browser tab or window is closed; and
• (c) Neither Local Storage nor Session Storage data is automatically transmitted to the server with every HTTP request.

We may use Local Storage and Session Storage to store preferences, session state, authentication tokens, or other information necessary to provide the Services.

3.4 Software Development Kits (SDKs) and Device Identifiers

If we offer mobile applications in the future, we may use third-party software development kits (SDKs) or collect Device Identifiers to enable functionality, analytics, or advertising. SDKs are code packages integrated into mobile applications that allow third-party services (e.g., analytics, crash reporting, advertising) to collect information from the app. Device Identifiers may include:

• (a) Unique device IDs (e.g., Android ID, iOS Identifier for Advertisers (IDFA));
• (b) Hardware identifiers (e.g., MAC address, IMEI); and
• (c) Advertising identifiers, which may be reset by the user in device settings.

3.5 Server Logs and IP Addresses

Our servers automatically collect certain information when you access the Services, including:

• (a) IP addresses;
• (b) Browser type and version;
• (c) Operating system and device type;
• (d) Referring URLs and pages visited;
• (e) Date and time stamps; and
• (f) Error logs and diagnostic data.

While server logs are not Cookies, they may be used in conjunction with Cookies to analyse usage patterns, diagnose technical issues, and improve the Services.

3.6 Similar Identifiers, Cache, and Network Technologies

In addition to Cookies, Local Storage, SDKs, and server logs, certain network and browser mechanisms may store or communicate information to enable efficient delivery and security of the Services. Examples include cache storage, entity tags (ETags), and similar identifiers that help a browser determine whether content has changed since a prior visit, and security-related technologies that help detect automated traffic, credential abuse, and other malicious activity. Where these mechanisms operate in a way that is materially similar to Cookies, we treat them as Similar Technologies for the purposes of this Policy.

3.7 No Sale of Device Fingerprints for Advertising

We do not knowingly create or purchase detailed device fingerprints for the purpose of cross-site behavioural advertising. However, certain service providers and embedded content providers may use their own techniques to recognise devices across sessions or services. Where such third-party technologies are present, your choices and controls described in Section 10, and the third party’s own privacy controls, may apply.

4.1 To Provide and Operate the Services (Strictly Necessary)

We use Cookies to:

• (a) Authenticate users and maintain login sessions;
• (b) Enable core functionality, such as navigating between pages, submitting forms, and accessing secure areas;
• (c) Implement security measures, including detecting and preventing fraudulent activity, unauthorised access, and abuse of the Services;
• (d) Balance server load and ensure the reliability and availability of the Services; and
• (e) Store your cookie consent preferences.

These Cookies are Strictly Necessary and are deployed without requiring your prior consent, as they are essential to provide the Services you have explicitly requested.

4.2 To Maintain Preferences and Enhance Functionality (Functionality Cookies)

We use Cookies to:

• (a) Remember your language preferences, accessibility settings, and user interface customisations;
• (b) Personalise content and features based on your prior interactions with the Services; and
• (c) Enable enhanced functionality, such as autofill suggestions or saved filters.

These Cookies improve your user experience but are not strictly necessary for the basic operation of the Services. We seek your consent before deploying Functionality Cookies, unless they are integral to a feature you have explicitly requested.

4.3 To Analyse Performance and Usage (Analytics Cookies)

We use Cookies to:

• (a) Collect information about how users interact with the Services, including pages visited, time spent on pages, links clicked, and navigation paths;
• (b) Understand aggregate usage patterns, trends, and demographics;
• (c) Identify technical issues, errors, or performance bottlenecks; and
• (d) Evaluate the effectiveness of new features, content, or marketing campaigns.

We use third-party analytics services, including Google Analytics, to collect and analyse this information. Analytics Cookies require your consent before deployment, unless aggregated or anonymised in a manner that does not constitute Personal Information.

4.4 To Debug and Improve the Services

We use Cookies and Similar Technologies to:

• (a) Diagnose and troubleshoot technical issues;
• (b) Monitor system performance and uptime;
• (c) Test new features, layouts, or functionality; and
• (d) Conduct A/B testing or multivariate testing to optimise user experience.

4.5 To Enable Marketing and Advertising (Marketing Cookies) (Not Currently Used)

Current Status: We do not currently use Marketing Cookies or Advertising Cookies on the Services. We do not engage in behavioural advertising, retargeting, or targeted advertising based on your browsing activity across third-party websites.

Future Use: If we decide to use Marketing Cookies or Advertising Cookies in the future, we will:

• (a) Update this Cookie Policy to reflect the new practices;
• (b) Provide clear notice through our cookie consent banner or preference centre;
• (c) Seek your express consent before deploying Marketing Cookies; and
• (d) Provide controls to opt out of Marketing Cookies at any time.

Marketing Cookies, if used in the future, may track your browsing activity, build user profiles, deliver targeted advertisements, or measure advertising campaign performance.

4.6 To Comply with Legal Obligations

We may use Cookies to:

• (a) Comply with applicable laws, regulations, or court orders;
• (b) Respond to lawful requests from government authorities or law enforcement; and
• (c) Establish, exercise, or defend legal claims.

4.7 To Protect the Services, Users, and Institutions (Security and Fraud Prevention)

We may use Cookies, device identifiers, and log-derived signals to help maintain the confidentiality, integrity, and availability of the Services. This includes detecting potentially fraudulent or abusive activity, preventing automated scraping or credential-stuffing attempts, enforcing rate limits, and protecting student and institutional accounts from unauthorised access. These security-related technologies may operate across sessions to recognise suspicious patterns and may be necessary to protect users, institutions, and the Services.

4.8 To Support Product Development and Service Improvement

We may use analytics and debugging technologies to understand how features are used and how the Services perform in different environments, including to improve transcript ingestion and parsing workflows, refine user interfaces, reduce errors, and enhance accessibility and reliability. Where feasible, we seek to use aggregated or de-identified information for product improvement and reporting. Where the information may constitute Personal Information, we handle it in accordance with our Privacy Policy.

4.9 To Administer Institutional Access and Licensing

Where the Services are provided in connection with institutional licensing arrangements, we may use Cookies and Similar Technologies to administer access and maintain system integrity, such as to recognise that an account is associated with an institutional tenant, apply institution-specific settings, and support institution-requested administrative functionality (for example, role-based access, workflow routing, and reporting).

4.10 To Provide Support, Communications, and Service Notices

We may use Cookies and Similar Technologies to provide customer support and operational communications, such as to preserve context when you contact support, to route requests, and to show service notices that are relevant to your session (for example, outage notices, feature announcements, or policy updates). Operational notices related to account security or service availability may be provided regardless of marketing preferences.

5.1 Strictly Necessary Cookies (Essential Cookies)

In an environment where users upload sensitive academic documents or access institution-related information, these technologies also help ensure that actions are correctly attributed to the authenticated user, that requests originate from legitimate sessions, and that the Services remain available and responsive. Because these technologies are fundamental to the Services, rejecting or deleting them may prevent you from logging in, may interrupt file uploads, or may cause certain pages or dashboards to not load correctly.

Purpose: Strictly Necessary Cookies are essential to provide the Services you have explicitly requested and cannot be disabled without severely impairing functionality. These Cookies do not require your prior consent under Canadian privacy law, as they are integral to the provision of the service.

Examples:

• (a) Session Management Cookies: Maintain your login state, shopping cart contents, or session data as you navigate the Services.
• (b) Security Cookies: Detect fraudulent activity, prevent unauthorised access, or protect against cross-site request forgery (CSRF) and other security threats.
• (c) Load Balancing Cookies: Distribute traffic across servers to ensure reliability and performance.
• (d) Consent Preference Cookies: Store your cookie consent choices to avoid repeatedly prompting you.
• (e) Authentication Cookies: Verify your identity and maintain secure access to your account.

Legal Basis: Provision of services explicitly requested by the user; compliance with contractual obligations.

5.2 Performance and Analytics Cookies

Purpose: Performance and Analytics Cookies collect information about how users interact with the Services, including pages visited, time spent, navigation paths, and technical performance metrics. This information is used to understand usage patterns, identify issues, and improve the Services.

Where possible, we configure analytics to focus on aggregated statistics and to limit unnecessary collection. For example, we may reduce the precision of location data, avoid collecting full URLs that include sensitive query parameters, and limit access to analytics reports to authorised personnel. Analytics information helps us identify which features are most used, how users navigate multi-step workflows, and where errors or latency occur so we can improve reliability.

Examples:

• (a) Google Analytics Cookies: Collect data about user behaviour, session duration, geographic location (derived from IP address), device type, browser type, and referral sources. See Section 7 (Google Analytics) for additional details.
• (b) Error Logging and Diagnostic Cookies: Track technical errors, crashes, or performance issues to facilitate debugging and system improvements.
• (c) A/B Testing Cookies: Assign users to different versions of a feature or page layout to evaluate effectiveness.

Legal Basis: Consent, unless the data is aggregated or anonymised in a manner that does not constitute Personal Information.

User Control: You may opt out of Performance and Analytics Cookies through our Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu) or by using browser-based opt-out tools (see Section 10).

5.3 Functionality Cookies

Purpose: Functionality Cookies enhance the user experience by remembering your preferences, settings, and prior interactions with the Services. These Cookies are not strictly necessary but provide added convenience and personalisation.

Functionality technologies may also be used to keep the interface consistent across visits, such as by remembering navigation state, dashboards selected, or whether you have dismissed certain informational prompts. Where feasible, we may store these preferences locally on your device rather than transmitting them to our servers, although in some cases preference settings may also be associated with your account.

Examples:

• (a) Language Preference Cookies: Remember your preferred language or locale.
• (b) Accessibility Settings Cookies: Store your accessibility preferences, such as font size, contrast settings, or screen reader compatibility.
• (c) User Interface Customisation Cookies: Remember your preferred dashboard layout, filters, or display options.
• (d) Saved Preferences Cookies: Store choices you have made, such as notification preferences or default search filters.

Legal Basis: Consent, unless the functionality is integral to a service you have explicitly requested.

User Control: You may opt out of Functionality Cookies through our Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu). Note that disabling Functionality Cookies may result in a loss of personalisation and require you to re-enter preferences each time you use the Services.

5.4 Marketing and Advertising Cookies (Not Currently Used)

Purpose: Marketing and Advertising Cookies are used to deliver targeted advertisements, track advertising campaign performance, build user profiles for marketing purposes, or enable retargeting across websites and platforms.

Current Status: We do not currently deploy Marketing or Advertising Cookies on the Services. We do not engage in behavioural advertising, cross-site tracking for advertising purposes, or third-party ad network integrations.

For clarity, we may still communicate with users about service-related matters (such as account security, service availability, or product updates) using channels that do not rely on third-party advertising Cookies. If we engage in marketing communications by email, you may have separate choices under applicable anti-spam and marketing laws (such as unsubscribe mechanisms), as further described in our Privacy Policy.

Future Use: If we introduce Marketing or Advertising Cookies in the future:

• (a) We will update this Cookie Policy to describe the specific Marketing Cookies in use, their purposes, and the third parties involved;
• (b) We will obtain your express consent before deploying Marketing Cookies;
• (c) We will provide clear controls to opt out of Marketing Cookies through our Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu); and
• (d) We will honour opt-out signals, such as the Global Privacy Control (GPC), where applicable.

Legal Basis (If Used in Future): Express consent.

6.1 Meaningful Consent

We seek to obtain meaningful, informed, and voluntary consent for the use of non-essential Cookies, consistent with Canadian privacy principles under PIPEDA and applicable provincial privacy legislation. Meaningful consent requires:

• (a) That you are informed of the purposes for which your information will be collected, used, or disclosed;
• (b) That you understand the consequences of providing or withholding consent; and
• (c) That you are able to provide or withdraw consent freely, without coercion or detriment.

6.2 Strictly Necessary Cookies (No Consent Required)

Strictly Necessary Cookies, as described in Section 5.1, are deployed without requiring your prior consent, as they are essential to provide the Services you have explicitly requested. Under Canadian privacy law, the collection and use of information necessary to fulfill a service requested by the user does not require separate consent beyond your agreement to use the Services under our Terms of Use.

6.3 Consent for Non-Essential Cookies

For all non-essential Cookies, including Performance and Analytics Cookies, Functionality Cookies, and (if used in the future) Marketing Cookies, we seek your express consent before deployment. Consent is obtained through:

• (a) Cookie Consent Banner: When you first visit the Services, you will be presented with a cookie consent banner that explains our use of Cookies and provides options to accept all Cookies, accept only essential Cookies, or customise your preferences.
• (b) Cookie Preference Centre: You may access our cookie preference centre at any time the "Cookie Preferences" link available in our website footer or through our main menu (or, where available, within your account or settings menu) to review, modify, or withdraw your consent for specific categories of Cookies.
• (c) Implied Consent (Limited Circumstances): If you have previously consented to Cookies and continue to use the Services, we may rely on implied consent for the continued use of those Cookies, provided that the purposes and practices have not materially changed. However, you may withdraw consent at any time through the cookie preference centre.

6.4 Withdrawal of Consent

You may withdraw your consent to non-essential Cookies at any time by:

• (a) Accessing the Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu) and adjusting your preferences;
• (b) Deleting Cookies through your browser settings (see Section 10.2); or
• (c) Contacting us at CONNECT-edu.ca@outlook.com.

Withdrawing consent will not affect the lawfulness of processing based on consent before withdrawal. Note that withdrawing consent for Strictly Necessary Cookies (by blocking or deleting them) may prevent you from accessing or using certain features of the Services.

6.5 Cookie Consent Is Not Account Consent

Consent to the use of Cookies is separate and distinct from consent to create an account, receive communications, or provide Personal Information through account registration or other means. Even if you consent to Cookies, you may choose not to create an account or provide additional Personal Information, and vice versa.

6.6 Legal Basis Summary

• Strictly Necessary Cookies — Legal Basis: Provision of services explicitly requested by user Consent Required?: No
• Performance and Analytics Cookies — Legal Basis: Consent (or legitimate interest if aggregated/anonymised) Consent Required?: Yes
• Functionality Cookies — Legal Basis: Consent (or provision of requested service if integral) Consent Required?: Yes (usually)
• Marketing/Advertising Cookies — Legal Basis: Express consent Consent Required?: Yes

6.7 Additional Considerations for Users Outside Canada

For EU/UK/EEA Users:

If you are located in the European Union (EU), the United Kingdom (UK), or the European Economic Area (EEA), additional rules under the General Data Protection Regulation (GDPR) and the ePrivacy Directive (EU Cookie Law) may apply. Under these rules:

• (a) Consent must be freely given, specific, informed, and unambiguous;
• (b) Pre-ticked boxes or inactivity do not constitute valid consent;
• (c) You must be able to refuse or withdraw consent without detriment; and
• (d) We may rely on legitimate interests for certain Analytics Cookies, provided your rights and freedoms are not overridden.

If you are located in the EU/UK/EEA, we will seek consent or rely on legitimate interests consistent with GDPR and ePrivacy requirements. You may withdraw consent at any time through the Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu).

6.8 Québec and Other Provincial Requirements

If you are located in Québec, additional requirements under Québec’s private sector privacy legislation (including recent amendments) may apply, including requirements relating to transparency and consent for the use of certain technologies. We aim to provide clear information about the purposes of Cookies and, where required, obtain express consent for non-essential categories. Where applicable, you may also have rights to access, correct, or withdraw consent regarding Personal Information collected through Cookies, subject to legal and contractual limitations.

6.9 United States State Privacy Notices

If you are located in the United States, certain state privacy laws may provide additional rights and disclosures (including rights related to targeted advertising and the “sale” or “sharing” of Personal Information as those terms may be defined under applicable law). As noted above, we do not currently use Marketing Cookies for cross-site behavioural advertising. If our practices change in a way that triggers additional opt-out rights, we will provide the required disclosures and mechanisms, which may include a “Do Not Sell or Share My Personal Information” link or similar tools, as applicable.

6.10 Consent Withdrawal and Effect of Withdrawal

You may withdraw consent for non-essential Cookies at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before you withdrew consent. If you withdraw consent, we may continue to process information collected through Strictly Necessary Cookies to the extent necessary to provide the Services, protect the Services and users, and comply with legal obligations.

6.11 Accessibility and Informed Decision-Making

We strive to present Cookie information in a manner that is understandable and actionable. Where a Cookie preference centre is available, it is designed to allow you to make granular choices by category. If you experience difficulty using the preference tools or require assistance understanding your options, please contact us as described in Section 14 and we will make reasonable efforts to assist you.

6.12 Children and Student Users

The Services are intended for post-secondary education contexts and are not directed to children under the age of 13. If you believe that a child has provided Personal Information to us through the Services without appropriate authorization, please contact us so that we can take appropriate steps consistent with applicable law.

7.1 Overview

We use Google Analytics, a web analytics service provided by Google LLC (or Google Ireland Limited for users in the European Economic Area and Switzerland) ("Google"), to collect and analyse information about how users interact with the Services. Google Analytics uses Cookies and Similar Technologies to track user behaviour, generate usage reports, and help us improve the Services.

We use analytics to understand usage trends and to improve the Services; it is not intended to identify you personally. Where available, we aim to configure analytics to reduce unnecessary collection and to limit data sharing features that are not required for basic reporting. Google’s processing of information is governed by its own terms and privacy policies, and Google may process information in the United States or other jurisdictions.

7.2 Information Collected by Google Analytics

Google Analytics may collect and process the following categories of information:

• (a) Usage Data: Pages visited, time spent on pages, navigation paths, links clicked, and interaction with features or content.
• (b) Device and Browser Information: Browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, and language settings.
• (c) Geographic Location: Approximate geographic location derived from IP address (e.g., city or region, but not precise geolocation).
• (d) Referral Information: The website or source that referred you to the Services.
• (e) Session Information: Session duration, time of visit, and whether you are a new or returning visitor.
• (f) Events and Interactions: Custom events or interactions we configure to track, such as form submissions, downloads, or video plays.

Google Analytics does not collect your name, email address, or other directly identifying Personal Information unless we explicitly configure it to do so (which we do not). However, IP addresses and other technical identifiers collected by Google Analytics may constitute Personal Information under Canadian and international privacy laws.

7.3 Google Analytics Cookies

Google Analytics uses persistent Cookies with names such as:

• (a) _ga (expires after 2 years): Used to distinguish unique users.
• (b) _gid (expires after 24 hours): Used to distinguish unique users.
• (c) _gat or _gat_gtag_* (expires after 1 minute): Used to throttle request rates.
• (d) Google Analytics 4 (GA4) Cookies (if applicable), such as _ga_* (expires after 2 years).

The exact cookie names, durations, and configurations may vary depending on our implementation and Google's updates. For the most current information, see Section 9 (Cookie Inventory).

7.4 Data Minimisation and Privacy Measures

To protect your privacy, we have implemented or may implement the following measures in Google Analytics:

• (a) IP Anonymisation (IP Masking): We have enabled IP anonymisation (also known as IP masking), which truncates the last octet of your IP address before processing, to reduce the precision of geographic location data.
• (b) Advertising Features Disabled: We do not enable Google Analytics advertising features, such as remarketing, demographics and interests reporting, or integration with Google Ads. If we enable these features in the future, we will update this Cookie Policy and seek your consent where required.
• (c) Data Retention Controls: We configure Google Analytics data retention settings to minimise retention to the extent feasible for our analytics purposes, consistent with our Privacy Policy and operational needs.
• (d) Exclusion of Sensitive Information: We do not configure Google Analytics to collect passwords, financial information, health information, or other sensitive Personal Information.

Note: The implementation of these measures may vary depending on our Google Analytics configuration. We endeavour to apply data minimisation and privacy-protective measures to the extent reasonably practicable.

7.5 Cross-Border Data Processing by Google

Google may process data collected through Google Analytics in the United States or other jurisdictions outside Canada. Google's processing of data is subject to Google's Privacy Policy and Terms of Service. Google has implemented safeguards for international data transfers, including adherence to the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs) for EU/UK users.

For more information about Google's data processing practices, see:

• (a) Google Analytics Terms of Service (search "Google Analytics Terms of Service");
• (b) Google Privacy Policy (search "Google Privacy Policy"); and
• (c) How Google Uses Data from Sites or Apps That Use Our Services (search "How Google uses data when you use our partners' sites or apps").

We do not provide URLs to third-party sites, as these links may change. Please search for the resources listed above using a search engine.

7.6 Your Choices Regarding Google Analytics

You may opt out of Google Analytics by:

• (a) Using Our Cookie Preference Centre: Disabling Performance and Analytics Cookies through our Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu) will prevent Google Analytics Cookies from being set on your device in the future. Note that existing Cookies may need to be manually deleted (see Section 10.2).
• (b) Google Analytics Opt-Out Browser Add-On: Google provides a browser add-on that prevents Google Analytics from collecting data. To download and install the add-on, search for "Google Analytics Opt-out Browser Add-on" using a search engine.
• (c) Browser Cookie Controls: Blocking or deleting Cookies through your browser settings (see Section 10.2) will prevent Google Analytics Cookies from functioning.

Impact of Opting Out: Opting out of Google Analytics will not impair your ability to use the Services, but it will prevent us from collecting analytics data about your usage, which helps us improve the Services.

7.7 Data Sharing and Disclosure

We do not sell or rent data collected through Google Analytics to third parties. Google Analytics data is shared only with:

• (a) Google, as our service provider, solely for the purpose of providing analytics services;
• (b) Our internal team members who require access to analytics reports to perform their duties; and
• (c) Third parties as required by law or as described in our Privacy Policy our Privacy Policy (available within the Services and on our website).

8.1 Third-Party Cookies

Certain features or content on the Services may be provided by third-party service providers, including but not limited to:

• (a) Cloud hosting and infrastructure providers (e.g., Microsoft Azure);
• (b) Analytics and performance monitoring services (e.g., Google Analytics);
• (c) Embedded content providers (e.g., video players, maps, calendars, social media widgets, survey tools, scheduling tools, or document viewers);
• (d) Payment processors (if applicable);
• (e) Customer support tools (e.g., chat widgets); and
• (f) Marketing and advertising networks (if used in the future).
• (g) Security and bot-protection services (e.g., Google reCAPTCHA).

When you interact with third-party features or embedded content, the third-party provider may set Cookies or Similar Technologies on your device. These are called Third-Party Cookies.

8.2 We Do Not Control Third-Party Cookies

We do not control the Cookies or data collection practices of third-party providers. Third-party Cookies are subject to the third party's own privacy policies and terms of service, not this Cookie Policy. We encourage you to review the privacy policies of any third-party providers whose services you interact with through the Services.

8.3 Examples of Third-Party Cookies

Examples of third-party services that may set Cookies on the Services include:

• (a) Microsoft Azure and Microsoft 365 Services: We use Microsoft cloud services for hosting, infrastructure, and operational support. Microsoft may set Cookies related to authentication, session management, load balancing, or security.
• (b) Embedded Video Players: If we embed videos from third-party platforms (e.g., YouTube, Vimeo), those platforms may set Cookies to track video views, playback preferences, or deliver targeted advertising.
• (c) Embedded Maps: If we embed maps from third-party providers (e.g., Google Maps), those providers may set Cookies to remember your location preferences or deliver personalised content.
• (d) Social Media Widgets: If we include social media sharing buttons or widgets (e.g., Facebook Like, Twitter Share), those platforms may set Cookies to track your interactions or serve targeted advertising, even if you do not click the widget.
• (e) Scheduling and Calendar Tools: If we embed scheduling tools or calendar integrations (e.g., Calendly, Microsoft Bookings), those services may set Cookies to manage appointments or preferences.
• (f) Survey and Form Tools: If we embed surveys or forms from third-party providers (e.g., Typeform, Google Forms), those services may set Cookies to track survey responses or prevent duplicate submissions.
• (g) Google reCAPTCHA and Bot Protection: We use Google reCAPTCHA to help protect the Services from automated abuse, credential stuffing, and other malicious activity. reCAPTCHA may set or read cookies, local storage identifiers, or similar technologies to assess whether activity appears to be human or automated. Information collected by reCAPTCHA may be transmitted to Google and processed in accordance with Google’s privacy policy and terms.

8.4 Consent and Control

Third-party Cookies that are not Strictly Necessary require your consent. When you accept non-essential Cookies through our cookie consent banner or preference centre, you are also consenting to the deployment of third-party Cookies from services integrated into the Services, subject to the categories you have selected.

You may block or delete third-party Cookies using the controls described in Section 10 (Your Choices and Controls). Note that blocking third-party Cookies may impair the functionality of embedded content or third-party features.

8.5 Social Media Plugins and Tracking

If we include social media plugins or sharing buttons on the Services, these plugins may communicate with social media platforms and set Cookies, even if you do not click on them. Social media platforms may use these Cookies to build a profile of your browsing activity across websites.

Current Status: We do not currently use social media plugins or tracking pixels from social media platforms. If we introduce social media integrations in the future, we will update this Cookie Policy accordingly.

8.6 Institutional Single Sign-On and Identity Providers

If you access the Services using institution-provided authentication (for example, through Microsoft, Google, or other single sign-on solutions), your identity provider may set its own Cookies or Similar Technologies to authenticate you, maintain your session, and protect the identity system. These technologies are set and controlled by the identity provider and/or your institution, not by us. If you experience issues with authentication or wish to manage these Cookies, you may need to adjust your settings with the relevant provider or consult your institution’s IT or privacy office.

8.7 Embedded Content, File Viewing, and Document Tools

The Services may include features that render, preview, or exchange documents and other content. Depending on the implementation, this may involve embedded content or integrations that load resources from third-party domains (for example, document viewers, scheduling tools, or communications tools). When these integrations are present, the third party may receive technical information such as your IP address and browser characteristics and may set Cookies in accordance with its own policies. We seek to select reputable providers and to limit integrations to those that support the Services’ core purpose, but we cannot control third-party technologies.

8.8 Vendor Governance and Updates

We may periodically review third-party providers that set Cookies through the Services to assess necessity, security, and alignment with our privacy standards. Because third-party technologies can change without notice, you should review this Policy and the providers’ own policies periodically. Where required by law, we will request your consent before enabling new categories of non-essential third-party Cookies.

9.1 Purpose of the Cookie Inventory

This section provides a detailed inventory of the Cookies and Similar Technologies currently used on the Services. The inventory is intended to provide transparency about the specific Cookies deployed, their purposes, and their characteristics.

Important Notes:

• (a) Cookie names, durations, and configurations may change over time due to updates by us or by third-party providers. We endeavour to keep this inventory accurate and up to date but cannot guarantee real-time accuracy.
• (b) The exact Cookies set on your device may vary depending on your use of the Services, your consent preferences, and the features or content you interact with.
• (c) This inventory is updated periodically. For the most current information, please review this Cookie Policy regularly or contact us at CONNECT-edu.ca@outlook.com.

9.2 Cookie Inventory Table

The table below lists the Cookies and Similar Technologies currently used on the Services:

Notes:

Cookie names prefixed with _ga, _gid, _gat, or _ga_ followed by additional characters are typically set by Google Analytics.

Microsoft Azure and Microsoft 365 services may set cookies with names such as ARRAffinity, ARRAffinitySameSite, ai_session, ai_user, or others, depending on the specific services and configurations used. For details, see Microsoft's cookie policy (search "Microsoft Privacy Statement").

• Authentication Session Cookie (name varies) — First-party technology used to authenticate you and maintain your logged-in session across pages and actions (Strictly Necessary). May be required to access protected areas of the Services. Typical Duration / Expiry: Session (deleted on logout or browser close)
• Security / Anti-Forgery Cookie (name varies) — First-party security measure used to help protect against cross-site request forgery (CSRF), unauthorised requests, and other security threats (Strictly Necessary). Typical Duration / Expiry: Session (deleted on logout or browser close)
• Load Balancer / Routing Cookie (e.g., ARRAffinity / ARRAffinitySameSite or equivalent) — May be set by our hosting infrastructure (including cloud services) to distribute requests across servers and maintain session affinity to support availability, performance, and reliability (Strictly Necessary). Typical Duration / Expiry: Session (or short persistent, depending on configuration)
• Cookie Consent Preference Cookie (name varies) — Stores your cookie preference selections so we can respect your choices and avoid repeatedly displaying a consent prompt (Strictly Necessary). Typical Duration / Expiry: Up to 12 months (or until consent is withdrawn / preferences reset)
• User Preference / Accessibility Cookie (name varies) — Remembers certain user-selected settings (for example, language, accessibility options, or interface preferences) to provide a consistent experience (Functionality). Typical Duration / Expiry: Up to 12 months (or until cleared)
• _ga — Google Analytics cookie used to distinguish unique users for analytics and reporting purposes (Performance & Analytics). Typical Duration / Expiry: 2 years
• _gid — Google Analytics cookie used to distinguish unique users and support analytics reporting (Performance & Analytics). Typical Duration / Expiry: 24 hours
• _gat, _gat_gtag_* — Google Analytics cookie used to throttle request rates and manage data collection (Performance & Analytics). Typical Duration / Expiry: 1 minute
• _ga_* (GA4) — Google Analytics 4 cookie used to persist session state and distinguish users in a specific property or container (Performance & Analytics). Typical Duration / Expiry: 2 years
• Microsoft / Azure / Microsoft 365 Cookies (names vary) — Cookies set by Microsoft services that may support authentication, session management, security, and service functionality. Depending on context, some may be Strictly Necessary and others may be non-essential. These Cookies are governed by Microsoft’s policies. Typical Duration / Expiry: Varies (session or persistent, depending on the Microsoft service and configuration)
• Institutional SSO / Identity Provider Cookies (names vary) — If you sign in through an institution’s identity provider, the provider may set its own Cookies to authenticate you and protect the identity system. These Cookies are governed by the provider’s policies. Typical Duration / Expiry: Varies
• Local Storage Keys (e.g., user_settings; keys may vary) — Similar Technology that may store non-sensitive preferences or UI state on your device to enhance usability (Functionality). Typical Duration / Expiry: Persistent until cleared by you (or overwritten)
• Session Storage Keys (e.g., temporary workflow state; keys may vary) — Similar Technology that may store temporary information while you navigate a multi-step process to improve usability (Functionality). Typical Duration / Expiry: Cleared on tab/window close (or when the session ends)
• Embedded Content Cookies (names vary) — Cookies that may be set by third-party embedded content providers (for example, a document viewer, scheduling tool, or other integration) when you interact with that embedded content. Governed by the third party’s policy. Typical Duration / Expiry: Varies by provider
• Google reCAPTCHA identifiers (e.g., _GRECAPTCHA and related identifiers) — Security and bot-detection identifiers used to protect forms and endpoints against automated abuse (Security; Strictly Necessary where required for protection, otherwise controlled through consent where applicable). Typical Duration / Expiry: Varies; commonly from session to several months depending on provider configuration

Embedded content Cookies depend on the specific third-party services integrated into the Services at any given time and may include Cookies from video players, maps, scheduling tools, survey platforms, or other providers.

9.3 Changes to the Cookie Inventory

We reserve the right to update this Cookie Inventory at any time to reflect changes in our use of Cookies or changes by third-party providers. Material changes will be reflected in the "Last Updated" date at the top of this Policy. We encourage you to review this section periodically.

9.4 Why Cookie Lists May Differ by User and Context

The Cookies present during your visit may differ depending on your device, browser settings, geographic region, authentication state, and the specific pages or features you use. For example, certain Cookies may only be set after you sign in, when you upload a document, when you access institution-specific features, or when you interact with a third-party integration. In addition, development, testing, or staging environments may use different Cookie configurations than production environments. This section is intended to provide transparency, but it may not capture every Cookie in every context at every moment.

9.5 How to Request Additional Cookie Information

If you require additional details about Cookies used in a specific workflow (for example, for institutional procurement, privacy impact assessments, or security reviews), please contact us as described in Section 14. Where appropriate and subject to confidentiality and security considerations, we may provide supplemental documentation describing Cookie and Similar Technology usage for particular deployments.

10.1 Cookie Preference Centre

We provide a cookie preference centre where you can review, manage, and update your cookie consent preferences at any time. Through the cookie preference centre, you may:

• (a) Accept all Cookies (including Performance & Analytics, Functionality, and, if applicable, Marketing Cookies);
• (b) Accept only Strictly Necessary Cookies (and reject all non-essential Cookies);
• (c) Customise your preferences by selecting which categories of Cookies to accept or reject; or
• (d) Withdraw consent for previously accepted non-essential Cookies.

Access the Cookie Preference Centre: use the “Cookie Preferences” link available in our website footer or through our main menu (and, where available, within in-app settings) and adjust your preferences.

When you change your preferences through the cookie preference centre, we will update the Cookies stored on your device accordingly. Note that existing Cookies may need to be manually deleted from your browser (see Section 10.2).

10.2 Browser-Based Cookie Controls

Most web browsers allow you to control Cookies through your browser settings. You may:

• (a) Block Cookies: Configure your browser to block all Cookies, block third-party Cookies only, or block Cookies from specific websites.
• (b) Delete Cookies: Delete existing Cookies from your browser's storage.
• (c) Receive Notifications: Configure your browser to notify you when a website attempts to set a Cookie, allowing you to accept or reject it.

How to Manage Cookies in Common Browsers:

Google Chrome: Settings → Privacy and security → Cookies and other site data

Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data

Safari: Preferences → Privacy → Manage Website Data

Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data

Opera: Settings → Privacy & security → Cookies and site data

For detailed instructions, consult your browser's help documentation or support resources (search "your browser how to manage cookies").

Impact of Blocking or Deleting Cookies:

• (a) Blocking or deleting Strictly Necessary Cookies will likely impair your ability to use the Services, including preventing you from logging in, maintaining your session, or accessing secure areas.
• (b) Blocking or deleting Performance & Analytics Cookies will prevent us from collecting usage data but will not affect core functionality.
• (c) Blocking or deleting Functionality Cookies may result in a loss of personalisation and require you to re-enter preferences each time you visit.

10.3 Opting Out of Google Analytics

In addition to the controls described in Sections 10.1 and 10.2, you may opt out of Google Analytics specifically by:

• (a) Google Analytics Opt-Out Browser Add-On: Google provides a free browser add-on that prevents Google Analytics from collecting data. To download and install the add-on, search for "Google Analytics Opt-out Browser Add-on" using a search engine.
• (b) Disabling Performance & Analytics Cookies: Using our Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu) to disable Performance & Analytics Cookies will prevent future Google Analytics Cookies from being set.

10.4 Managing Local Storage and Session Storage

Local Storage and Session Storage data are not managed through browser cookie settings. To delete Local Storage and Session Storage data:

• (a) Browser Developer Tools: Most browsers provide developer tools (accessible via F12 or right-click → Inspect) that allow you to view and delete Local Storage and Session Storage data.
• (b) Clear Browsing Data: Clearing your browser's browsing data (cache, cookies, and site data) will typically delete Local Storage and Session Storage as well.

Consult your browser's help documentation for specific instructions on managing Local Storage and Session Storage.

10.5 Opting Out of Third-Party Cookies

To opt out of third-party Cookies set by embedded content or third-party service providers:

• (a) Browser Controls: Use your browser's settings to block third-party Cookies entirely (see Section 10.2).
• (b) Third-Party Opt-Out Tools: Some third-party providers offer opt-out mechanisms through their own websites or preference centres. For example:

Google: Search "Google Ad Settings" or "Google Privacy Controls" to manage advertising preferences and data collection.

Microsoft: Search "Microsoft Privacy Dashboard" to manage privacy settings for Microsoft services.

• (c) Industry Opt-Out Initiatives (Future Use): If we use advertising networks in the future, you may be able to opt out through industry initiatives such as the Digital Advertising Alliance of Canada (DAAC) or the Network Advertising Initiative (NAI). Search for these organisations' opt-out tools if applicable.

10.6 Mobile Device Settings (Future Applicability)

If we offer mobile applications in the future, you may be able to control tracking and advertising through your mobile device settings:

• (a) iOS (Apple): Settings → Privacy → Tracking → Allow Apps to Request to Track (toggle off); Settings → Privacy → Advertising → Limit Ad Tracking (toggle on).
• (b) Android (Google): Settings → Google → Ads → Opt out of Ads Personalisation (toggle on); Settings → Privacy → Advanced → Ads → Delete advertising ID.

Consult your device manufacturer's documentation for specific instructions.

10.7 Do Not Track (DNT) Signals

Some browsers and devices offer "Do Not Track" (DNT) signals, which are intended to communicate a user's preference not to be tracked across websites. However:

• (a) There is currently no universal standard or legal requirement for how websites should respond to DNT signals.
• (b) We do not currently respond to DNT signals from browsers.
• (c) If a universal standard for DNT signals is established in the future, or if Canadian or international law requires us to honour DNT signals, we will update this Cookie Policy and implement appropriate technical measures.

In addition, DNT generally applies to cross-site tracking and behavioural advertising. Because we do not currently use Marketing Cookies for cross-site behavioural advertising, our response to DNT may have limited practical impact. Nevertheless, we respect your choices through the consent tools and browser controls described in this Policy.

Alternative: Instead of relying on DNT signals, we recommend using our Cookie Preference Centre via the “Cookie Preferences” link available in our website footer or through our main menu (or, where available, within your account or settings menu) or browser-based cookie controls to manage your preferences.

10.8 Global Privacy Control (GPC) (Future Applicability)

The Global Privacy Control (GPC) is a browser-based signal that communicates a user's opt-out preference for the sale or sharing of Personal Information under certain privacy laws (e.g., California Consumer Privacy Act (CCPA), Colorado Privacy Act). If we engage in practices covered by GPC-applicable laws in the future, we will honour GPC signals as required by law.

Where legally required, we will treat an enabled GPC signal as a request to opt out of certain processing, such as the sale or sharing of Personal Information for targeted advertising. If such obligations apply to our Services in the future, we may apply GPC as an opt-out preference and may ask you for additional information to scope the request appropriately (for example, to distinguish between authenticated and unauthenticated contexts).

Current Status: We do not sell or share Personal Information for cross-context behavioural advertising. If our practices change, we will update this Cookie Policy and honour GPC signals where required.

10.9 Email Tracking Pixels and Web Beacons

If we use web beacons or tracking pixels in emails (e.g., to measure open rates or link clicks), you may prevent these from functioning by:

• (a) Disabling Automatic Image Loading: Configure your email client to disable automatic image loading. When images are blocked, web beacons cannot load and send information back to our server.
• (b) Using Plain Text Email: Configure your email client to display emails in plain text instead of HTML format.

Note that preventing email tracking pixels may affect the appearance of emails but will not prevent you from receiving or reading them.

11.1 Data Sharing Through Cookies

Information collected through Cookies and Similar Technologies may be shared with:

• (a) Our internal team members who require access to analytics, performance data, or operational information to perform their duties;
• (b) Third-party service providers, including analytics providers (e.g., Google Analytics), cloud hosting providers (e.g., Microsoft Azure), and other operational service providers, solely for the purpose of providing services to us or to you;
• (c) Legal authorities or regulators, if required by law, court order, or governmental request; and
• (d) Other parties as described in our Privacy Policy our Privacy Policy (available within the Services and on our website), including in connection with business transactions such as mergers, acquisitions, or asset sales.

We do not sell or rent information collected through Cookies to third parties for their own marketing purposes. If our practices change, we will update this Cookie Policy and seek consent where required by law.

11.2 Cross-Border Data Processing

Certain third-party service providers that set Cookies or collect information through Similar Technologies may process data outside Canada, including in the United States, the European Economic Area, or other jurisdictions. Examples include:

• (a) Google Analytics: Google may process data in the United States or other jurisdictions where Google operates data centres. Google has implemented safeguards for international data transfers, including adherence to the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs) for EU/UK users.
• (b) Microsoft Azure and Microsoft Services: Microsoft may process data in data centres located in Canada, the United States, or other jurisdictions. Microsoft offers data residency options and has implemented safeguards for international data transfers, including SCCs and other mechanisms.

When your information is processed outside Canada, it may be subject to the laws of the jurisdiction in which it is processed, including laws that permit government authorities to access information under certain circumstances.

For more information about cross-border data processing and the safeguards we have implemented, please refer to our Privacy Policy our Privacy Policy (available within the Services and on our website), the section titled "Cross-Border Data Transfers".

11.3 Third-Party Data Processing

Third-party service providers that set Cookies or collect information through the Services are independent data controllers or processors, and their processing of your information is subject to their own privacy policies and terms of service. We encourage you to review the privacy policies of:

• (a) Google Analytics: Search "Google Privacy Policy" and "How Google uses data when you use our partners' sites or apps."
• (b) Microsoft: Search "Microsoft Privacy Statement."
• (c) Other third-party providers: Check the privacy policy of any third-party service whose embedded content or features you interact with on the Services.

12.1 Retention Periods for Cookies

The retention period for Cookies varies depending on the type of Cookie and its purpose:

• (a) Session Cookies: Deleted automatically when you close your browser or log out of your account.
• (b) Persistent Cookies: Retained on your device for a specified period, ranging from minutes (e.g., _gat Cookies) to years (e.g., _ga Cookies expire after 2 years), or until manually deleted by you.
• (c) Local Storage and Session Storage: Local Storage data persists indefinitely until deleted by you or by the website. Session Storage data is deleted when the browser tab or window is closed.

See Section 9 (Cookie Inventory) for specific retention periods for individual Cookies.

12.2 Retention of Data Collected Through Cookies

Data collected through Cookies and Similar Technologies (e.g., analytics data, usage patterns, device identifiers) is retained in accordance with our data retention policies and the retention policies of third-party service providers. Examples include:

• (a) Google Analytics Data: We configure Google Analytics to automatically delete user-level and event-level data after a specified period (e.g., 14 months or 26 months). Aggregated analytics reports may be retained indefinitely.
• (b) Server Logs and IP Addresses: Server logs may be retained for operational, security, and legal compliance purposes for a period of up to twelve (12) months, after which they are deleted or anonymised.
• (c) Consent Records: Records of your cookie consent preferences are retained for as long as necessary to comply with legal obligations and demonstrate compliance with consent requirements.

We retain consent records for as long as necessary to demonstrate compliance and to honour your preferences, which may extend beyond the life of individual Cookies. In addition, certain security and integrity logs may be retained for longer periods where required to investigate incidents, comply with legal obligations, or establish, exercise, or defend legal claims. Where feasible, we apply minimisation measures such as truncation, aggregation, or anonymisation.

For more information about data retention, see our Privacy Policy our Privacy Policy (available within the Services and on our website), the section titled "Data Retention".

13.1 Right to Update

We reserve the right to update, amend, or replace this Cookie Policy at any time, at our sole discretion, to reflect changes in:

• (a) Our use of Cookies and Similar Technologies;
• (b) Applicable laws, regulations, or regulatory guidance;
• (c) Industry best practices or standards;
• (d) The Services, features, or functionality we offer; or
• (e) Third-party service providers or integrations.

13.2 Notice of Changes

When we make changes to this Cookie Policy:

• (a) We will update the "Last Updated" date at the top of this Policy;
• (b) If the changes are material (e.g., introduction of new categories of Cookies, changes to consent mechanisms, or changes affecting your rights), we will provide notice through one or more of the following methods:

Displaying a notice on the Services (e.g., via a banner or pop-up);

Sending an email to the address associated with your account (if applicable);

Prompting you to review and accept the updated Cookie Policy when you next access the Services; or

Posting a notice on our homepage or cookie preference centre.

13.3 Consent to Updated Policy

By continuing to use the Services after the "Last Updated" date of any updated Cookie Policy, you acknowledge that you have reviewed and agree to the updated Policy. If you do not agree with the updated Policy, you may withdraw consent or discontinue use of the Services as described in Section 10 (Your Choices and Controls).

13.4 Review Regularly

We encourage you to review this Cookie Policy periodically to stay informed about our use of Cookies and Similar Technologies. The most current version of this Policy is always available within the Services and, where applicable, on our website.

15.1 Informational Purposes Only

This Cookie Policy is provided for informational purposes only and does not constitute legal, financial, or professional advice. While we strive to ensure that this Policy is accurate, complete, and up to date, we make no representations or warranties of any kind, express or implied, regarding the accuracy, completeness, reliability, or suitability of the information contained herein.

15.2 Not a Substitute for Legal Counsel

This Cookie Policy should not be construed as a substitute for independent legal advice. If you have questions about your rights or obligations under applicable privacy or data protection laws, or if you require legal advice regarding the use of Cookies or the processing of Personal Information, you should consult with a qualified legal professional.

15.3 Changes to Third-Party Practices

We do not control the privacy practices, data collection methods, or Cookie policies of third-party service providers, including Google Analytics, Microsoft, or other embedded content providers. Third-party practices may change without notice to us. We encourage you to review the privacy policies and cookie policies of any third-party services you interact with through the Services.

15.4 No Guarantee of Absolute Security

While we implement reasonable technical and organisational measures to protect information collected through Cookies and Similar Technologies, no method of transmission or storage is completely secure. We cannot guarantee absolute security or prevent unauthorised access, loss, misuse, or alteration of information.

15.5 Limitation of Liability

To the fullest extent permitted by applicable law, CONNECTED Academia Inc. and its directors, officers, employees, agents, and affiliates shall not be liable for any direct, indirect, incidental, consequential, special, or punitive damages arising out of or related to your use of, or inability to use, the Services, or any reliance on information contained in this Cookie Policy, even if advised of the possibility of such damages.

END OF COOKIE POLICY