Summary

The Proposal Intelligence Center (“PIC”) uses only strictly-necessary first-party cookies. We do not set advertising cookies, analytics cookies, social-media plugin cookies, or any other tracking cookies. We do not use Google Analytics, Mixpanel, ZoomInfo, Hotjar, or any equivalent service. We do not embed third-party widgets that read or write cookies.

Because every cookie we set is required for the page you explicitly requested to function, there is no opt-in / opt-out toggle in our banner — disabling them would simply break sign-in or share links. You can still reject all cookies through your browser settings, but most pages on this site will then refuse to load.

What we use

1. Authentication cookies (Clerk)

When you sign in to the consultant cockpit (/vendor) or admin panel (/admin), our authentication provider Clerk sets a session cookie scoped to our domain. This cookie is HttpOnly, Secure, and SameSite=Lax. It is read only by Clerk and our server; it is never sent to third parties.

For the satellite-domain configuration (proposal microsites attached to the primary aixelerator.lat identity provider), Clerk additionally exchanges a one-time handshake token between the primary and satellite at sign-in. This token is consumed immediately and not persisted in a cookie.

2. Share-link session cookie (`pic_share_token`)

When a client opens a proposal microsite via a private share link (e.g. https://proposal.xtransformation.digital/c/contoso?t=…), our middleware verifies the token, strips it from the URL, and stores it in an HttpOnly cookie called pic_share_token. This lets the client refresh or deep-link inside the microsite without re-pasting the token. The cookie expires after 30 days. It is never read by JavaScript and never sent to third parties.

3. UI preference cookies (`theme`)

When you toggle dark / light mode, your preference is saved in atheme cookie so the next page renders without a theme flash. It contains the literal value "light" or"dark" and nothing else.

4. First-party local storage

Some non-cookie state is kept in your browser's localStorage for UX continuity:

pic_vendor_sidebar_collapsed — whether the projects sidebar is collapsed in the consultant cockpit.
pic_cookie_acknowledged — a single"1"flag so the cookie banner doesn't re-appear after you dismiss it. Contains no PII or identifier.

What we do NOT use

❌ Advertising / re-marketing cookies (Google Ads, Meta Pixel, LinkedIn Insight Tag, etc.).
❌ Analytics cookies (Google Analytics, Mixpanel, Amplitude, Heap, Segment, Hotjar, Clarity, etc.).
❌ Cross-site tracking cookies.
❌ Social-media share-button cookies.
❌ Third-party fonts that set cookies (we use self-hosted Google Fonts via Next.js, which serves them from our own origin without any cookie).

How to disable cookies

You can block or clear cookies in your browser settings. Note that if you block our authentication cookies, you will not be able to sign in. If you block pic_share_token, share links will work for the initial click but you will be redirected to the “link expired” page on subsequent visits.

Updates to this policy

We will update this page if we ever introduce additional cookies (e.g. a future analytics tool). Material changes will be announced via the cookie banner the next time you visit, with an explicit consent prompt at that time.

Contact

Questions about this policy? Reach out to client-success@thehackettgroup.com.