Cookie Policy

1. Scope and Who We Are

This Cookie Policy explains how HERBOZON INC ("Harper," "we," "our") uses cookies and similar technologies across getharper.co, the Harper app, and merchant integrations that use Harper attribution tooling.

This page should be read together with our Privacy Policy. For merchant-store end users, the merchant's own cookie/privacy notice is the primary notice.

2. Controller vs. Processor Roles

Harper as Controller: cookies used for Harper's own site/app operations, authentication, security, and account workflows.
Harper as Processor/Service Provider: attribution and conversion cookies/signals processed on merchant properties under merchant instructions.
Merchant as Controller: merchants are responsible for end-user consent banners and lawful collection on their storefronts.

3. Technologies Covered by This Policy

We use cookies and similar technologies, including local storage, server-side identifiers, API/webhook event logs, and pixel/beacon fallback requests.

Cookies: browser-stored key/value pairs with expiration windows.
Local storage: browser storage used as backup for attribution continuity in some merchant integrations.
Server-side IDs: durable IDs and event metadata used for attribution stitching and deduplication.
Third-party signals: where merchants enable ad channels (for example Meta), related cookies/IDs may be read or mirrored.

4. Harper App Cookies (getharper.co)

Cookie	Purpose	Type	Typical Lifetime
`auth_token`	Keeps merchant users authenticated in the Harper dashboard.	Strictly necessary	Up to 7 days
`shopify_oauth_state`	Temporary anti-CSRF state for Shopify OAuth installation flow.	Strictly necessary	Up to 10 minutes
`_wtid`	Durable identifier used for attribution event continuity across requests.	Measurement / attribution	Up to 365 days
`_attr_pending`	Temporary capture of landing attribution parameters before processing.	Measurement / attribution	Up to 24 hours

These values may include security controls such as HttpOnly, SameSite=Lax, and Secure where applicable.

5. Merchant-Site Attribution Cookies and Storage

When merchants deploy Harper scripts/plugins (for example Shopify or WooCommerce), the following identifiers may be stored on merchant domains:

Cookie / Storage Key	Purpose	Typical Lifetime
`wt_session_id`	Session continuity for event stitching and deduplication.	Up to 365 days
`wt_fbclid`, `wt_ttclid`, `wt_gclid`, `wt_scid`	Click identifier capture for ad attribution.	Typically 28-90 days (integration-dependent)
`wt_utm_source`, `wt_utm_medium`, `wt_utm_campaign`, `wt_utm_term`, `wt_utm_content`	Campaign context for reporting and attribution.	Typically 28-90 days (integration-dependent)
`wt_fbp`, `wt_fbc`	Meta browser/click matching support for CAPI and deduplicated reporting.	Typically up to 90 days

Some integrations also mirror these values in browser local storage for resiliency (wt_session_id, wt_fbclid, wt_fbp, wt_fbc, and related wt_utm_* keys).

6. Third-Party and Consent-Related Cookies

Depending on merchant configuration, Harper scripts may read third-party cookies or identifiers (for example _fbp and _fbc) and may interact with merchant cookie-consent signals.

In some implementations, consent status cookies such as consent, cookieconsent, tracking_consent, or consent_status are read to decide whether tracking runs. These consent cookies are generally created by the merchant's CMP, not by Harper.

7. Cookie Choices and Browser Controls

You can manage or delete cookies through browser settings and merchant consent banners:

Chrome: Settings → Privacy and Security → Third-party cookies / Site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Settings → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions

Blocking some cookies may reduce service functionality, including login persistence, attribution accuracy, and conversion matching.

8. Do Not Track (DNT)

Some browsers provide a "Do Not Track" setting. Harper does not currently treat browser DNT as a universal opt-out signal. Where required, we rely on applicable consent mechanisms and merchant configuration.

9. US State Privacy Position (Cookie Context)

Harper does not sell personal information for Harper's own monetary gain.
Harper does not share end-user personal information for Harper's own cross-context behavioral advertising.
Where we process merchant end-user attribution data, we do so as a service provider/processor under merchant direction.

10. International Processing

Cookie and event data may be processed in India, the United States, and other jurisdictions where our infrastructure providers and merchant-selected integrations operate.

11. Changes to This Policy

We may update this Cookie Policy periodically. The latest version and effective update date are posted on this page.

12. Company Information and Contact

Company: HERBOZON INC

Operating Address (India): Shop No 1, Ram Nagar Ambala Cantt Station, Near Ekta Vihar, Ambala, Haryana, 133001, India

Email: contact@getharper.co

Phone: +91 7009000988

Cookie/Privacy requests: Email us or send a written request to the address above.