Detector Cookie Policy
Super Nova Research Inc., operating as Draft&Goal
Version 1.0 - Last updated July 16, 2026
This Cookie Policy explains how Super Nova Research Inc., doing business as Draft&Goal (“Draft&Goal,” “we,” “us,” or “our”), uses cookies and similar technologies on https://detector.dng.ai and related Detector pages and applications (collectively, “Detector”).
It should be read with the Detector Privacy Policy. If the two policies conflict on a cookie-specific matter, this Cookie Policy controls.
1. What Cookies and Similar Technologies Are
Cookies are small files stored on a browser or device. We also use similar technologies, including pixels, tags, web beacons, software development kits, local and session storage, device or browser identifiers, and server-side events. In this Policy, “cookies” includes these technologies.
First-party cookies are set by a domain we operate. Third-party cookies are set by another provider through Detector, for example for payments, analytics, or advertising measurement.
2. Why We Use Cookies
We use cookies for the following purposes:
| Category | Purpose | Consent approach |
|---|---|---|
| Strictly necessary | Deliver pages and the application; authenticate users; protect sessions; prevent cross-site request forgery, fraud, bots, and abuse; balance traffic; process payments; and store consent choices. | Always active where necessary to provide a requested service or protect Detector. |
| Functional | Remember language, display, form, and product preferences and improve convenience. | Consent where required; otherwise used only where permitted. |
| Analytics and customization | Understand visits and feature use, diagnose problems, measure performance, create aggregate statistics, and improve Detector. | Prior consent where required. |
| Advertising and measurement | Measure campaigns, attribute conversions, limit ad frequency, and build or measure audiences on advertising platforms. | Prior consent where required; disabled by default until consent in jurisdictions requiring opt-in. |
We do not use Analysis Inputs, submitted documents, or report contents for cross-context behavioral advertising.
3. Legal Bases and Default Settings
Strictly necessary cookies are used because they are required to provide a service you request, protect Detector and users, perform a contract, or pursue our legitimate security interests, as permitted by law.
For non-essential cookies, we rely on consent where required by the GDPR, UK GDPR, ePrivacy rules, Québec Law 25, or other applicable law. In those jurisdictions, optional technologies that identify, locate, profile, analyze, or advertise are disabled by default until you make a choice. Withdrawing consent does not affect processing that occurred before withdrawal.
Where U.S. state law applies, certain advertising disclosures may be considered “sharing” or “targeted advertising.” You may opt out as described in Section 6.
4. Cookie and Technology Schedule
The following schedule describes technologies used or enabled on Detector as of the date above. A technology may not appear on every visit; its use can depend on your location, consent choices, account status, device, and feature. Exact cookie names and lifetimes may be changed by providers. The Cookie Settings panel displayed on Detector provides the current device-specific inventory.
4.1 Strictly necessary
| Technology or example name | Provider | Purpose | Typical duration |
|---|---|---|---|
cookieyes-consent |
CookieYes / Detector | Records consent and category choices. | Up to 12 months |
| Authentication or session token | Detector | Keeps a user securely signed in and associates requests with the correct account. | Session or up to 30 days |
| CSRF and callback state | Detector | Protects sign-in and forms against request forgery and preserves a requested redirect. | Session |
__cf_bm, challenge or load-balancing identifiers |
Cloudflare | Bot management, security, traffic delivery, and abuse prevention. | Usually 30 minutes to session; challenge cookies may last longer |
__stripe_mid, __stripe_sid, m, and payment-frame identifiers |
Stripe | Payment processing, fraud prevention, and secure checkout. | Session to 2 years, depending on the identifier |
Payment cookies may be set on Stripe-controlled domains. Stripe’s use of information it receives as an independent controller is described in its own privacy notice.
4.2 Functional
| Technology | Provider | Purpose | Typical duration |
|---|---|---|---|
| Language, display, and interface preferences | Detector | Remembers settings selected by the user. | Session to 12 months |
| Form or feature state | Detector | Preserves non-sensitive progress or selected options. | Session to 12 months |
4.3 Analytics and customization
| Technology or example name | Provider | Purpose | Typical duration |
|---|---|---|---|
_ga, _ga_* |
Google Analytics | Distinguishes browsers and measures visits, events, and aggregate use. | Up to 2 years |
_clck, _clsk, CLID, ANONCHK, MR, SM |
Microsoft Clarity | Aggregate interaction analytics, heatmaps, and session replay. Sensitive fields should be masked. | Session to 1 year |
| Web analytics beacon | Cloudflare | Aggregate performance and traffic measurement. | Cookie-free or session, depending on configuration |
| Google Tag Manager | Loads and controls approved tags. Tag Manager does not itself need to set a tracking cookie; cookies set by tags are listed by provider. | Not applicable |
We configure analytics to reduce data collection where reasonably possible. Analytics data is not intended to include Analysis Input or report contents. Users should not enter sensitive Personal Information into unstructured fields unless the feature expressly requires it.
4.4 Advertising and campaign measurement
| Technology or example name | Provider | Purpose | Typical duration |
|---|---|---|---|
_gcl_au, conversion identifiers, advertising cookies |
Google Ads / Google | Campaign measurement, conversion attribution, frequency control, and remarketing where consented. | Session to 13 months; _gcl_au typically 3 months |
_fbp, fr and pixel events |
Meta | Campaign measurement, attribution, and audience services where consented. | Up to 3 months |
li_gc, bcookie, lidc, AnalyticsSyncHistory, UserMatchHistory, Insight Tag events |
Records consent on LinkedIn properties, measures campaigns, and supports audience attribution where consented. | Session to 12 months, depending on identifier |
These providers may receive device, browser, page, event, IP-derived, and campaign information. They must not receive Analysis Input or report contents from us for advertising. Their own processing is governed by their privacy notices and your platform settings.
5. Cookie Consent Manager
When required, Detector displays a consent manager that lets you:
- accept all optional cookies;
- reject all optional cookies with equal ease;
- choose categories separately; and
- change or withdraw your choice later.
You can reopen the manager through the “Cookie Settings” link in Detector’s footer. Strictly necessary cookies cannot be disabled through the manager because Detector may not function or remain secure without them.
We retain a consent record for up to twelve (12) months, after which we may ask again. We may ask sooner if our purposes or providers materially change. Withdrawing consent blocks future optional cookies on Detector and attempts to remove applicable first-party cookies. Third-party cookies already on your device may need to be deleted through browser settings.
6. Other Controls
Most browsers allow you to view, block, or delete cookies. Blocking strictly necessary cookies may prevent login, payments, analysis, or other core functions.
Browser guidance is available from:
Where required by law, we treat a recognized Global Privacy Control (GPC) signal as an opt-out of sale, sharing, or targeted advertising for that browser and device. We do not currently respond to legacy “Do Not Track” signals because there is no uniform standard.
You may also use industry opt-out tools:
- Digital Advertising Alliance
- Digital Advertising Alliance of Canada
- European Interactive Digital Advertising Alliance
- Network Advertising Initiative
7. International Transfers
Some cookie providers process information in the United States or other countries. Where required, we use transfer safeguards described in the Privacy Policy, such as adequacy decisions, contractual clauses, and transfer risk assessments. Provider privacy notices describe their processing locations and safeguards.
8. Security, Data Governance, and AI
Cookie-related data is governed by our information-security controls and our management-system commitments aligned with ISO/IEC 27001:2022. To the extent analytics or product signals inform AI-supported feature management, our AI governance practices are aligned with ISO/IEC 42001:2023. Any certification status and scope are stated in our Trust Center.
We do not use cookie-derived information, Analysis Inputs, or Output to train public or general-purpose foundation models.
9. Children
Detector is not directed to children, and a user must be at least 18 or the age of majority to create a self-serve account. We do not knowingly use optional advertising or profiling cookies for children. If we learn that a child’s information was collected without required authorization, we will take appropriate steps to delete it and disable optional processing.
10. Changes to This Policy
We may update this Policy when technologies, providers, purposes, or laws change. We review the Detector technology inventory periodically and after material releases. The date above identifies the latest revision. Where required, we will provide notice or request renewed consent before a material new optional use.
11. Contact
Questions or requests about cookies may be directed to:
Vincent Terrasi
Privacy Contact / Person in Charge of the Protection of Personal Information
Super Nova Research Inc. (d/b/a Draft&Goal)
6795 rue Marconi, Bureau 200
Montréal (Québec) H2S 3J9, Canada
privacy@dng.ai
For product support: detector@dng.ai