On this page

ScopeCookies and similar technologiesHow consent works hereThe four categoriesGlobal Privacy ControlCookie and storage inventoryThird party toolsJurisdiction notesBrowser controlsRetentionChangesContact
Back to Saint Fox

Cookie Notice

Last updated: June 12, 2026 · Version 2.0
This notice is maintained to a professional drafting standard and reflects how stfox.com actually works today. It becomes final for each operating jurisdiction after review by qualified local counsel. Questions go to contact@stfox.com.

1. Scope

This notice explains how Saint Fox Inc. ("Saint Fox", "we", "us") uses cookies and similar technologies on stfox.com, including its subpages and datasheet library (together, the "Site"). It describes each technology we use, why we use it, how long it persists, the choices you have, and how those choices map to the laws of the places our visitors come from.

This notice supplements our Privacy Policy, which explains how we handle personal data more broadly. Where this notice and the Privacy Policy overlap, the Privacy Policy governs questions about personal data; this notice governs questions about the technologies themselves.

2. Cookies and similar technologies

We use the word "cookies" as shorthand for several related technologies:

  • Cookies are small text files a website asks your browser to store and send back on later visits. They can be "first party" (set by stfox.com) or "third party" (set by another domain whose content is embedded in a page).
  • Local storage and session storage are browser features that let a site keep data on your device. Session storage clears when the tab closes; local storage persists until deleted. They are not transmitted automatically with requests, but the laws that govern cookies generally treat them the same way, and so do we.
  • Pixels and tags are small scripts or images that report an event, such as a page being viewed. We do not currently embed any third party pixels.

The Site uses first party technologies only. No advertising networks, social media plugins, or cross-site tracking tools are deployed as of the date above. Section 7 lists the tools we expect to add at launch, so this notice will not surprise you later.

3. How consent works here

On your first visit, a consent bar appears at the bottom of the page. You have four equivalent options, and the Site is fully usable whichever you pick:

  • Accept optional cookies enables all four categories described in section 4.
  • Reject optional cookies limits the Site to essential technologies only.
  • Cookie settings opens a preferences panel where you switch each optional category on or off individually and confirm.
  • Close (the × control) dismisses the bar for the current browser session without recording a choice. Only essential technologies run, and the bar returns on your next visit.

Three properties of this design matter legally:

  • Nothing optional runs before you choose. Measurement scripts hold until an affirmative opt-in. This satisfies the prior-consent standard of the EU ePrivacy rules and the GDPR, which is the strictest standard we serve, so we apply it everywhere.
  • Reject is as easy as accept. Both sit at the same level, in the same place, at the same prominence.
  • Your choice is revocable at any time. Every page footer carries a "Cookie Preferences" link that reopens the panel with your current settings loaded. Withdrawing consent is as easy as giving it.

Your choice is stored for up to 180 days in a small first party cookie and in local storage, scoped to the browser and device you used. If you visit from a different browser or device, or after clearing your browser data, you will be asked again.

4. The four categories

CategoryDefaultWhat it covers
EssentialAlways activeTechnologies the Site cannot function without: security, the datasheet access session, and the record of your consent choice itself. These rely on the "strictly necessary" exemption recognized in every regime listed in section 8 and cannot be switched off.
FunctionalOffPreferences that improve your visit, such as remembered form state or interface choices. Nothing in this category is deployed today; the toggle pre-gates future use.
Analytics and performanceOffFirst party measurement of how the Site is used: page views, scroll depth, time on page, and which sections hold attention. Data is pseudonymous, never tied to your name or email, and is used solely to improve the Site.
MarketingOffCampaign attribution and advertising technologies, including third party tags once installed. None are deployed today. If you decline, future advertising tools will stay off for you automatically.

If you decline analytics, the Site records only an anonymous, aggregate page count with no identifier of any kind, consistent with the "cookieless ping" model of Google Consent Mode v2. This count cannot be linked to you.

5. Global Privacy Control and Do Not Track

If your browser sends a Global Privacy Control (GPC) signal, we treat it as a valid opt-out of all optional categories, automatically and before any banner interaction. The bar tells you the signal was honored, and you may still opt in manually if you wish. GPC is legally binding for residents of California and several other US states; we honor it for everyone, everywhere.

The older Do Not Track (DNT) header has no settled legal meaning. Because our optional categories are off by default anyway, the practical effect of DNT on this Site is the same as taking no action: nothing optional runs without your opt-in.

6. Cookie and storage inventory

This is the complete, current inventory of first party technologies on the Site. It renders from the same registry that drives the consent banner, so the two cannot drift apart; we update the registry whenever the Site's behavior changes.

Cookies

NameCategoryDurationPurpose
sf_consentEssential180 daysRecords the consent choice you made so we do not ask again on every page. Contains only category flags, no identifier.

Local storage and session storage

NameCategoryDurationPurpose
sf_consent / sf_consent_logEssential180 days / rollingYour consent choice and an on-device record of when it was made or changed.
sf_cmp_snoozeEssentialSessionRemembers that you closed the consent bar with the × so it does not reappear during the same session.
sf_dsg_sessionEssential7 daysDatasheet library access after email verification, including your download allowance.
sf_leadsEssentialOn deviceA local copy of forms you submitted from this browser. Stays on your device.
sf_pingsEssential60 days, rollingAnonymous daily page counts with no identifiers, recorded when analytics is declined.
sf_admin_*EssentialVariesUsed only by Saint Fox staff who sign in to the content administration area. Never set for ordinary visitors.
sf_chats / sf_chat_currentFunctionalOn deviceYour chat conversation with the site concierge, kept so it survives page changes. Without functional consent it lasts only for the session.
sf_sidAnalytics and performanceSessionA random session identifier so consecutive page views count as one visit. Set only after analytics opt-in.
sf_vidAnalytics and performanceUntil deletedA random visitor identifier so return visits are counted once. Contains no personal details. Set only after analytics opt-in.
sf_eventsAnalytics and performanceRolling, cappedThe measurement event log: page views, scroll depth, time on page. Set only after analytics opt-in.

7. Third party tools

No third party analytics, advertising, or social tools run on the Site today. Two disclosures keep this notice honest about the near future:

  • Form delivery. When you submit the contact form or request a datasheet, the submission is relayed to our mailbox by a form delivery provider acting as our processor. This is a server interaction triggered by your deliberate action, not a tracking technology, and it sets no cookies.
  • Planned at launch. We expect to deploy a web analytics product (such as Google Analytics 4 or an equivalent) and marketing attribution tools. They are already wired behind the Analytics and Marketing toggles through Google Consent Mode v2, so they will respect the choice you have already made, and this inventory will be updated before they go live.

8. Jurisdiction notes

One consent model serves all visitors, built to the strictest applicable standard. Specifics by region:

European Economic Area and United Kingdom

The ePrivacy Directive (and UK PECR) require prior consent for non-essential cookies, and the GDPR / UK GDPR set the standard that consent must be freely given, specific, informed, and unambiguous. Our opt-in defaults, equal-prominence reject option, granular categories, and one-click withdrawal are designed to that standard. Consent records are kept as described in section 6.

United States

State privacy laws including the California CCPA as amended by the CPRA, and the laws of Virginia, Colorado, Connecticut, Texas, Oregon, and other states, give residents the right to opt out of the "sale" or "sharing" of personal information and of targeted advertising. We do not sell personal information and we do not share it for cross-context behavioral advertising. We honor GPC as a universal opt-out signal as required by California and Colorado regulators. For health-related pages, see the HIPAA section of our Privacy Policy.

Canada

PIPEDA and Quebec's Law 25 require meaningful consent and, in Quebec, privacy by default for technologies that identify, locate, or profile. Our default-off posture for every optional category satisfies that requirement without regional variation.

Brazil

The LGPD treats cookie identifiers as personal data and requires a clear legal basis. We rely on consent for optional categories and legitimate interest, narrowly construed, for the strictly necessary ones.

Australia

The Privacy Act 1988 and the Australian Privacy Principles require transparency about collection and use. This notice, together with the Privacy Policy, constitutes our APP 1 and APP 5 disclosure for Site technologies.

Singapore

The PDPA permits cookies necessary for the service and requires consent, express or reasonably inferred, for others. Because our optional categories require an explicit click, our standard exceeds the inferred-consent baseline.

India

The Digital Personal Data Protection Act 2023 (DPDPA) requires consent that is free, specific, informed, unconditional, and unambiguous, with a clear affirmative action, and notice in plain language. Our model is built to that standard, and withdrawal through the footer link is as easy as the original consent, as section 6(4) of the DPDPA requires.

Japan

The amended APPI treats identifiers that can be matched to a person as personal-related information requiring care on transfer. Our analytics identifiers are random, first party, and never transferred to third parties today.

Other regions

Where no specific rule applies, we still apply the model above: nothing optional without an affirmative choice, and withdrawal at any time.

9. Browser controls

Independent of our banner, every major browser lets you view, block, and delete cookies and site data, set per-site rules, and browse privately. Blocking all cookies may break the essential functions listed in section 6, such as the datasheet session and the memory of your consent choice. Instructions live in your browser's help pages under "cookies" or "site data".

10. Retention

Durations are listed per item in section 6. Three general rules apply: consent records persist for up to 180 days before we re-ask; analytics data on your device is capped and rolls over automatically; and clearing your browser data removes everything in the inventory immediately, because all of it lives on your device.

11. Changes to this notice

When our use of these technologies changes, we update this notice and the version line at the top before the change takes effect. If a change would expand what an existing consent covers, we re-ask rather than assume.

12. Contact

Questions about this notice, or about cookies and similar technologies on the Site, go to contact@stfox.com with the subject line "Cookie Notice". Rights requests are handled under the process in our Privacy Policy.

© 2026 Saint Fox Inc.  ·  Privacy Policy  ·  Terms of Use  ·  Cookie Notice