Cookie Notice

This Cookie Notice explains how Firstage Inc. ("Company", "we", "us", or "our") uses cookies and similar tracking technologies when you visit our website and platform.

This notice complies with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

What Are Cookies

Cookies are small text files that are placed on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and understanding how you use our services.

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until they expire or you delete them).

Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for our website to function properly and cannot be switched off.

Purpose: Authentication, security, load balancing, Stage profile access control Data Collected: Session identifiers, authentication tokens, security parameters Retention: Session-based or until logout Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) - necessary for service provision

Analytics & Performance Cookies

These cookies help us understand how visitors interact with our website.

Purpose: Website analytics, user behavior analysis, Stage profile performance measurement Data Collected: Page views, session duration, bounce rate, traffic sources, conversion metrics Third-Party Services: Google Analytics 4, Firstage proprietary analytics Retention: Up to 26 months (Google Analytics standard) Legal Basis: Consent (GDPR Art. 6(1)(a))

Marketing & Advertising Cookies

These cookies enable personalized advertising and marketing communications.

Purpose: Targeted advertising, social media integration, custom audience creation Data Collected: Interest categories, ad engagement, demographic insights, lookalike audiences Third-Party Services: Meta Pixel, Google Ads, LinkedIn Campaign Manager Retention: Up to 180 days Legal Basis: Consent (GDPR Art. 6(1)(a))

Cookie Management

Your Choices

You have full control over cookie settings:

Accept All: Enable all cookies for the optimal experience Reject All: Use only strictly necessary cookies (limited functionality) Customize: Choose specific cookie categories

Browser Settings

You can also manage cookies through your browser settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Preferences → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Cookies and site permissions → Cookies and site data

Please note: Disabling certain cookies may impact website functionality and your user experience.

International Data Transfers

Cross-Border Processing

Your cookie data may be transferred to and processed in countries outside your jurisdiction:

Transfer Recipients: Google LLC (United States), Meta Platforms Inc. (United States, Ireland) Transfer Mechanism: EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreement (IDTA) Safeguards: Encryption in transit, access controls, regular security assessments Your Rights: You may request information about transfers and withdraw consent

Data Protection Standards

We ensure adequate protection through:

  • Industry-standard encryption protocols
  • Contractual data protection obligations
  • Regular third-party security audits
  • Compliance monitoring programs

Children's Privacy Protection

Age Verification

We do not knowingly collect personal information from children under 13 years old (or 16 in the EU) without verifiable parental consent.

Enhanced Protections:

  • No behavioral tracking for users under 18
  • Restricted advertising targeting for minors
  • Educational account safeguards for school users
  • Automatic data deletion upon account closure

Educational Use

For educational accounts:

  • Limited data collection for educational purposes only
  • Enhanced parental controls and transparency
  • Compliance with FERPA and COPPA requirements

Your Privacy Rights

GDPR Rights (EU Residents)

Under the GDPR, you have the right to:

  • Access: Request information about your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Object: Opt-out of certain processing activities
  • Restrict: Limit how we process your data

CCPA Rights (California Residents)

Under the CCPA, you have the right to:

  • Know: Information about personal data collection and use
  • Delete: Request deletion of your personal data
  • Opt-Out: Refuse the sale of personal information
  • Non-Discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise your rights: Email: [email protected] Response Time: Within 30 days for GDPR requests, 45 days for CCPA requests Verification: We may request additional information to verify your identity

Data Retention

Retention Periods

  • Strictly Necessary: Until session ends or account closure
  • Analytics: 26 months (Google Analytics standard)
  • Marketing: 180 days from last interaction
  • Legal Compliance: As required by applicable laws

Automated Deletion

We implement automated systems to delete expired cookie data and respect user preferences for data retention.

Third-Party Integrations

Google Services

Google Analytics 4: Website performance and user behavior analysis Google Ads: Advertising campaign optimization and conversion tracking Privacy Policy: Google Privacy Policy

Meta Services

Meta Pixel: Social media advertising and audience insights Facebook Login: Social authentication service Privacy Policy: Meta Privacy Policy

Data Processing Agreements

We maintain comprehensive Data Processing Agreements (DPAs) with all third-party processors to ensure GDPR compliance.

Security Measures

Technical Safeguards

  • End-to-end encryption for data transmission
  • Secure cookie attributes (HttpOnly, Secure, SameSite)
  • Regular penetration testing and vulnerability assessments
  • Multi-factor authentication for administrative access

Organizational Measures

  • Employee data protection training
  • Incident response procedures
  • Regular privacy impact assessments
  • Compliance monitoring and auditing

Updates to This Notice

We may update this Cookie Notice to reflect changes in our practices or applicable laws. Material changes will be communicated through:

  • Website notification: 30 days advance notice
  • Email notification: For registered users
  • Version control: Document version history available upon request

Contact Information

Data Protection Officer

  • Name: Hooney, Seol
  • Position: Data Protection Officer
  • Contact: [email protected]
  • Address: [To be updated]

Data Protection Team

    쿠키 정책 | Firstage | Firstage