Cookie Policy
Last updated: February 2026
1. What Are Cookies
Cookies are small text files that are placed on your device (computer, tablet, or phone) when you visit a website. They are widely used to make websites work efficiently, provide a better user experience, and give information to site owners.
Cookies can be "first-party" (set by the website you are visiting) or "third-party" (set by other services used by the website). They can also be "session" cookies (deleted when you close your browser) or "persistent" cookies (remain on your device for a set period).
2. How We Use Cookies
YourInfoSec uses a minimal set of cookies, focused on essential functionality and security. We do not use advertising, marketing, or behavioural tracking cookies.
3. Essential Cookies (First-Party)
These cookies are strictly necessary for the website to function. They cannot be disabled without affecting core functionality. No consent is required for essential cookies under GDPR (Recital 32).
| Name | Purpose | Duration | Type |
|---|---|---|---|
| yis-cookie-consent | Remembers your cookie consent preference so we don't show the banner again | 1 year | Essential |
| access_token | Authenticates your session after login. This is an httpOnly cookie, meaning it cannot be read by JavaScript and is protected from XSS attacks. | 15 minutes | Authentication |
| refresh_token | Allows automatic renewal of your session without re-entering your password. Also httpOnly and rotated on each use for security. | 30 days | Authentication |
| csrf_token | Protects against cross-site request forgery (CSRF) attacks by validating that form submissions originate from our website. | Session | Security |
4. Third-Party Cookies (Analytics)
We use Google Analytics to understand how visitors use our website. This helps us identify popular content, detect issues, and improve the user experience. Google Analytics sets the following cookies:
| Name | Purpose | Duration | Provider |
|---|---|---|---|
| _ga | Distinguishes unique visitors using a randomly generated identifier. No personal information is stored. | 2 years | |
| _ga_* | Maintains session state for Google Analytics 4. | 2 years |
We have configured Google Analytics with the following privacy protections:
- IP anonymisation is enabled
- Data sharing with Google is disabled
- No advertising features are enabled
- No demographic or interest reporting
We do not use Facebook Pixel, LinkedIn Insight, or any other advertising or retargeting tracker.
5. Local Storage and Session Storage
In addition to cookies, we use your browser's web storage (which is not sent to the server with each request) for the following purposes:
| Key | Purpose | Storage Type | Duration |
|---|---|---|---|
| Assessment progress | Temporarily saves your assessment answers so you don't lose progress if you accidentally refresh the page. Only used for anonymous (non-logged-in) users. | sessionStorage | Current browser tab only |
| yis-waitlist | Records that you have signed up for the business waitlist, so we don't show the form again. | localStorage | Persistent until cleared |
| yis-cookie-consent | Backup of your cookie consent preference (also stored as a cookie). | localStorage | Persistent until cleared |
6. Cookies We Do NOT Use
For clarity, YourInfoSec does not use:
- Advertising or marketing cookies
- Social media tracking pixels (Facebook, LinkedIn, Twitter, etc.)
- Behavioural profiling or retargeting cookies
- Cross-site tracking cookies
- Any cookies from data brokers or ad networks
7. Managing and Deleting Cookies
You can control cookies through your browser settings. Most browsers allow you to:
- View which cookies are stored on your device
- Delete individual cookies or all cookies
- Block cookies from specific websites or all third-party cookies
- Set your browser to notify you when a cookie is being set
Here are links to cookie management instructions for common browsers:
Note: Disabling essential cookies (authentication, CSRF) will prevent you from logging in and using account features. The assessment tool will still work for anonymous users.
To opt out of Google Analytics specifically, you can install the Google Analytics Opt-out Browser Add-on.
8. Your Consent
When you first visit our website, we display a cookie consent banner. You can choose to:
- Accept — enables essential cookies and analytics cookies.
- Essential Only — enables only the cookies strictly necessary for the website to function. Analytics cookies will not be set.
You can change your preference at any time by clearing your cookies and revisiting the site.
9. Contact
If you have questions about our use of cookies or this policy, contact us at:
Email: privacy [at] yourinfosec.com
10. Changes to This Policy
We may update this cookie policy to reflect changes in the cookies we use or for legal reasons. Changes will be posted on this page with an updated "Last updated" date.