Cookie Notice

Last Updated: May 3, 2026 | Questions? Contact legal@surmado.com

Our Approach

Surmado uses cookies and similar technologies to operate the site, keep it fast and secure, understand how visitors use it, and measure the performance of our advertising. We organize them into four categories: essential (always active), performance (off until you accept), analytics (off until you accept), and advertising (off until you accept). All non-essential categories are gated by Termly, our consent management platform, and respect Global Privacy Control (GPC) signals where required by law.

Essential Cookies

We use strictly necessary cookies (or similar technologies) to provide the Services. These cannot be disabled:

Category	Purpose
Authentication	To manage user sessions and secure login (via Clerk).
Security & Fraud	To prevent fraud and secure payments (via Stripe).
Site Security	To protect against attacks (e.g., CSRF tokens).
Consent Management	To remember your cookie preferences across visits (via Termly).

Performance Cookies (Off Until You Accept)

When you accept performance, we allow our infrastructure provider to set cookies that help us keep the site fast and protect it from automated abuse. They do not identify you or build a behavioral profile, and they do not power advertising.

Tool	Provider	What it does
Cloudflare	Cloudflare, Inc.	Bot management, request load-balancing, and edge performance for the marketing site (e.g., the `__cf_bm` and `_cfuvid` cookies). Used to keep the site responsive and to distinguish humans from automated traffic; not used for advertising.

Analytics Cookies (Off Until You Accept)

When you accept analytics, we load the following tools to understand how visitors use our marketing site. They do not fire if you decline, and you can withdraw consent at any time via the cookie preferences link in the footer.

Tool	Provider	What it does
Google Analytics 4	Google LLC	Aggregate page views, sessions, events, device characteristics, and approximate location derived from IP. Initialized with all advertising-related consent signals defaulted to denied.
Microsoft Clarity	Microsoft Corporation	Heatmaps and session recordings of mouse movement, clicks, scrolls, and viewport size. Form inputs and on-page text content are masked client-side before transmission.

Advertising Cookies (Off Until You Accept)

When you accept advertising, we load conversion-tracking pixels that measure how our ads perform and let those platforms attribute purchases back to a click. These technologies may constitute a "sale" or "sharing" of Personal Information under California, Colorado, Connecticut, and similar state privacy laws because they enable cross-context behavioral advertising. They do not fire if you decline, and we honor Global Privacy Control (GPC) signals where required by law.

Tool	Provider	What it does
Meta Pixel	Meta Platforms, Inc.	Conversion tracking, ad measurement, and audience-building for Facebook and Instagram ads. Automatic Advanced Matching is disabled, so we do not transmit your email or phone number to Meta. Meta may still associate page views with your Meta account if you are signed in to Facebook or Instagram in the same browser.
Reddit Pixel	Reddit, Inc.	Conversion tracking and ad measurement for Reddit ads. Reddit may use the data to build audiences for retargeting.

Your Choices

You can manage performance, analytics, and advertising consent in three ways:

Cookie banner. First-time visitors in regions where consent is required see a banner before any non-essential tag loads.
Cookie preferences link. Open the "Cookie preferences" link in our footer at any time to change your choices.
Browser-level signals. We honor Global Privacy Control (GPC) signals as an opt-out of "sale" / "sharing" and targeted advertising in jurisdictions that recognize them (currently California, Colorado, Connecticut, and Oregon as of January 1, 2026).

You may also block cookies via your browser settings, but blocking essential cookies will prevent you from logging in or making payments.