EZclass Cookie Policy
Effective Date: April 9, 2026
Last Reviewed: April 9, 2026
Controller: EZclass OÜ (operator of ezclass.io and placement.ezclass.io)
Contact: [email protected]
Table of Contents
1. Introduction
2. What Are Cookies?
3. How We Use Cookies
4. Cookie Categories and Vendors
4.1 Strictly Necessary / Essential Cookies
4.2 Preference / Functionality Cookies
4.3 Analytics Cookies
4.4 Advertising & Marketing Cookies
5. Third-Party Cookies Summary Table
6. Cookie Duration Reference Table
7. Consent Management
8. International Transfers
9. Age and Parental Guidance
10. No Profiling of Minors
11. How to Manage Cookies
12. Changes to This Policy
13. Contact Us
1. Introduction
This Cookie Policy explains how EZclass (“EZclass”, “we”, “us”, or “our”) uses cookies and similar tracking technologies on ezclass.io and placement.ezclass.io (collectively, “the Platform”). It forms part of our broader Privacy Policy and should be read alongside it.
By continuing to use the Platform after being presented with our cookie consent banner, you acknowledge that you have read and understood this policy. Where cookies require your consent, we will not place them until you actively accept them.
If you have any questions about how we use cookies, contact us at [email protected] .
2. What Are Cookies?
Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites function efficiently, remember your preferences, and provide analytical and marketing information to site owners.
Alongside traditional cookies, we may also use similar technologies such as:
- Web beacons / pixel tags — small transparent images embedded in pages or emails that register whether a page or email was viewed.
- Local storage / session storage — browser-based storage mechanisms that serve similar purposes to cookies but are not transmitted with every HTTP request.
- SDKs and fingerprinting-adjacent scripts — used by session-recording vendors to reconstruct user journeys; these operate only with your consent.
Throughout this policy, the term “cookies” refers to all of the above unless otherwise stated.
3. How We Use Cookies
We use cookies for the following broad purposes:
| Purpose | Examples | Consent Required? |
|---|---|---|
| Essential site operation | Login sessions, security tokens, load balancing | No — legitimate interest / contract performance |
| Storing your preferences | Language, timezone, UI preferences | No — legitimate interest (minimal) |
| Understanding how the site is used | Page views, session recordings, heatmaps | Yes |
| Marketing and advertising | Retargeting, conversion tracking | Yes |
| Bot and fraud protection | CAPTCHA verification | No — legitimate interest |
4. Cookie Categories and Vendors
4.1 Strictly Necessary / Essential Cookies
These cookies are essential for the Platform to function. They cannot be switched off in our systems. They do not store any personally identifiable information beyond what is strictly required for the service to operate. No consent is required for these cookies; the legal basis is legitimate interest or performance of a contract under GDPR Article 6(1)(b) and 6(1)(f).
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| session_id / __session | EZclass | Maintains your authenticated login session | Session |
| csrf_token | EZclass | Prevents cross-site request forgery attacks | Session |
| __cf_bm | Cloudflare, Inc. (USA) | Bot management — distinguishes human users from automated bots on Cloudflare-proxied requests | 30 minutes |
| __cfruid | Cloudflare, Inc. (USA) | Cloudflare internal session affinity and load balancing | Session |
| cf_clearance | Cloudflare, Inc. (USA) | Records that a Cloudflare challenge (e.g. CAPTCHA) has been passed, preventing repeated challenges | Up to 1 year |
Note on Cloudflare security cookies: __cf_bm, __cfruid, and cf_clearance are set by Cloudflare as part of its infrastructure security service. EZclass has no ability to disable these cookies while using Cloudflare’s network protection. Cloudflare processes data on the basis of legitimate interest in securing the Platform against abuse.
4.2 Preference / Functionality Cookies
These cookies allow the Platform to remember choices you make (such as language or region) and provide enhanced, personalised features. Legal basis: legitimate interest under GDPR Article 6(1)(f). You may disable these through your browser settings without preventing access to the Platform, though certain personalised features may not function correctly.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| lang_pref | EZclass | Stores your preferred language | 12 months |
| tz_offset | EZclass | Stores your timezone setting for correct scheduling display | 12 months |
| ui_theme | EZclass | Stores your light/dark mode preference | 12 months |
| cookie_consent | vanilla-cookieconsent | Records your cookie consent choices so you are not shown the banner on every visit | 12 months |
4.3 Analytics Cookies
Analytics cookies help us understand how visitors interact with the Platform, which pages are most visited, how users navigate, and where improvements can be made. All analytics cookies on the Platform require your consent before being set. Legal basis: consent under GDPR Article 6(1)(a).
Google Analytics 4 (GA4) — ezclass.io and placement.ezclass.io
| Detail | Value |
|---|---|
| Provider | Google Ireland Limited (for EEA users); Google LLC, USA (for transfers) |
| Purpose | Aggregate traffic measurement, user journey analysis, goal and conversion tracking |
| Legal basis | Consent |
| Data transfer | EU–US Data Privacy Framework (DPF) |
| Duration | Up to 2 years (configurable; we apply a 13-month data-retention limit) |
| Opt-out | Consent banner → “Reject All” or manage preferences; or install the Google Analytics Opt-out Browser Add-on |
GA4 is loaded via Google Tag Manager (GTM) and only fires after consent is registered. We have configured GA4 with IP anonymisation enabled and with data sharing with Google signals disabled.
Google Tag Manager (GTM) — ezclass.io and placement.ezclass.io
| Detail | Value |
|---|---|
| Provider | Google Ireland Limited |
| Purpose | Tag management container — GTM itself sets no analytics cookies; it loads other scripts based on consent signals |
| Legal basis | Legitimate interest (GTM container loader); individual tags fire only with appropriate consent |
| Duration | GTM sets no persistent cookies independently |
GTM is configured to respect Google Consent Mode v2. All Google tracking tags default to denied until you make a consent choice. GTM only triggers analytics and marketing scripts after the consent event is received.
Contentsquare — placement.ezclass.io only
| Detail | Value |
|---|---|
| Provider | Contentsquare SAS, 7–9 rue Marcel Sembat, 92600 Asnières-sur-Seine, France |
| Purpose | Session replay, heatmaps, and user experience analytics to identify friction points and improve the interface |
| Legal basis | Consent |
| Data transfer | Within the EEA; any onward transfers to sub-processors are covered by Standard Contractual Clauses |
| Duration | Session cookies: session only. Persistent identifiers: up to 13 months |
| Opt-out | Consent banner → “Reject All” or manage preferences under “Analytics” |
Contentsquare records anonymised reconstructions of user sessions and does not capture passwords, payment details, or other sensitive inputs. Session recordings are masked by default for all form fields.
Microsoft Clarity — ezclass.io (via GTM, consent-gated)
| Detail | Value |
|---|---|
| Provider | Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA |
| Purpose | Session recording, heatmaps, and user experience analytics |
| Legal basis | Consent |
| Data transfer | EU–US Data Privacy Framework (DPF) |
| Duration | Up to 1 year |
| Opt-out | Consent banner → “Reject All” or manage preferences under “Analytics” |
Microsoft Clarity is loaded exclusively through GTM on ezclass.io and is consent-gated. It does not fire until you have accepted analytics cookies. Microsoft Clarity applies automatic masking to sensitive content.
Cloudflare Web Analytics — ezclass.io
| Detail | Value |
|---|---|
| Provider | Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA |
| Purpose | Site performance analytics and page view measurement using a privacy-first, cookieless methodology. No cross-site tracking. |
| Legal basis | Consent |
| Data transfer | EU–US Data Privacy Framework (DPF) |
| Duration | Session (Cloudflare Web Analytics uses a session-scoped beacon; it does not set persistent first-party cookies) |
| Opt-out | Consent banner → “Reject All” or manage preferences under “Analytics” |
Important: Cloudflare Web Analytics on ezclass.io is consent-gated. The analytics beacon is not loaded until you have accepted analytics cookies. This is distinct from Cloudflare’s security cookies (__cf_bm, __cfruid), which are essential and always active.
4.4 Advertising & Marketing Cookies
Marketing cookies are used to deliver advertisements relevant to your interests and to measure the effectiveness of advertising campaigns. All marketing cookies require your explicit consent before being set. Legal basis: consent under GDPR Article 6(1)(a).
Meta Pixel (Facebook Pixel) — ezclass.io and/or placement.ezclass.io
| Detail | Value |
|---|---|
| Provider | Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
| Purpose | Conversion tracking, retargeting audiences, and measuring the effectiveness of Meta advertising campaigns |
| Legal basis | Consent |
| Data transfer | EU–US Data Privacy Framework (DPF) |
| Duration | Up to 90 days (Meta’s standard pixel cookie lifetime) |
| Opt-out | Consent banner → “Reject All” or manage preferences under “Marketing”; or via Meta Ad Preferences |
Google Ads / Google Ads Conversion Tracking — ezclass.io and/or placement.ezclass.io
| Detail | Value |
|---|---|
| Provider | Google Ireland Limited |
| Purpose | Measures conversions from Google Ads campaigns; enables remarketing to past visitors |
| Legal basis | Consent |
| Data transfer | EU–US Data Privacy Framework (DPF) |
| Duration | Up to 90 days (conversion window) |
| Opt-out | Consent banner → “Reject All” or manage preferences under “Marketing”; or via Google Ads Settings |
Ahrefs Analytics — placement.ezclass.io only
| Detail | Value |
|---|---|
| Provider | Ahrefs Pte. Ltd., 16 Raffles Quay, #33-03 Hong Leong Building, Singapore 048581 |
| Purpose | SEO performance measurement — tracks how users arrive at the site from organic search to evaluate search engine optimisation efforts |
| Legal basis | Consent |
| Data transfer | Singapore; Ahrefs applies appropriate safeguards for EEA data subjects |
| Duration | Session and/or persistent (up to 12 months depending on measurement configuration) |
| Opt-out | Consent banner → “Reject All” or manage preferences under “Marketing” |
Important: Ahrefs Analytics on placement.ezclass.io is consent-gated. It does not fire until you have accepted marketing cookies.
reCAPTCHA v3 — ezclass.io and placement.ezclass.io (data request forms)
| Detail | Value |
|---|---|
| Provider | Google Ireland Limited |
| Purpose | Bot and spam protection on data subject request forms and contact forms. Analyses user interaction patterns to assign a risk score without displaying a challenge to the user. |
| Legal basis | Legitimate interest — protecting our systems and users from fraudulent form submissions (GDPR Article 6(1)(f)) |
| Data transfer | EU–US Data Privacy Framework (DPF) |
| Duration | Session |
| Note | reCAPTCHA v3 operates on a legitimate interest basis because it is used solely to secure form submissions, processes minimal data, and does not track users across sites for advertising purposes. |
5. Third-Party Cookies Summary Table
The following table provides a consolidated view of all third parties that may set cookies or use similar tracking technologies on the Platform, the context in which they operate, and the consent basis.
| Third Party | Sites | Purpose | Legal Basis |
|---|---|---|---|
| Google Analytics 4 | Both | Traffic and conversion analytics | Consent |
| Google Tag Manager | Both | Script/tag management container | Legitimate interest (container); consent (tags) |
| Google Ads | Both | Advertising conversion tracking and remarketing | Consent |
| Meta Pixel | Both | Advertising conversion tracking and remarketing | Consent |
| Contentsquare | placement.ezclass.io | Session replay and UX analytics | Consent |
| Microsoft Clarity | ezclass.io | Session recording and heatmaps | Consent |
| Cloudflare Analytics | ezclass.io | Page view analytics (privacy-first, cookieless beacon) | Consent |
| Ahrefs Analytics | placement.ezclass.io | SEO measurement | Consent |
| reCAPTCHA v3 | Both | Bot protection on data request and contact forms | Legitimate interest |
| Cloudflare (security) | Both | DDoS protection, bot management, load balancing | Legitimate interest |
| Zoom | Both (embedded meeting links/widgets) | Video conferencing functionality | Legitimate interest / contract performance |
| Stripe | Both (payment flows) | Secure payment processing, fraud detection | Contract performance / legitimate interest |
| Firebase | ezclass.io | App hosting, real-time database, authentication services | Contract performance / legitimate interest |
6. Cookie Duration Reference Table
| Cookie / Technology | Provider | Duration | Persists Beyond Session? |
|---|---|---|---|
| session_id / __session | EZclass | Session | No |
| csrf_token | EZclass | Session | No |
| cookie_consent | vanilla-cookieconsent | 12 months | Yes |
| lang_pref | EZclass | 12 months | Yes |
| tz_offset | EZclass | 12 months | Yes |
| ui_theme | EZclass | 12 months | Yes |
| __cf_bm | Cloudflare | 30 minutes | No |
| __cfruid | Cloudflare | Session | No |
| cf_clearance | Cloudflare | Up to 1 year | Yes |
| GA4 measurement cookies (_ga, _ga_*) | Up to 2 years (13-month retention configured) | Yes | |
| Contentsquare identifiers | Contentsquare | Session / up to 13 months | Varies |
| Microsoft Clarity cookies | Microsoft | Up to 1 year | Yes |
| Cloudflare Web Analytics beacon | Cloudflare | Session | No |
| Meta Pixel cookies (_fbp, _fbc) | Meta | Up to 90 days | Yes |
| Google Ads cookies (_gcl_au, _gcl_aw) | Up to 90 days | Yes | |
| Ahrefs Analytics | Ahrefs | Session / up to 12 months | Varies |
| reCAPTCHA v3 | Session | No | |
| Zoom, Stripe, Firebase | Various | Governed by respective provider policies | Varies |
7. Consent Management
vanilla-cookieconsent
Both ezclass.io and placement.ezclass.io use vanilla-cookieconsent, an open-source cookie consent solution, to manage your cookie preferences. You can update your preferences at any time by clicking the cookie settings link in the footer.
vanilla-cookieconsent presents a consent banner on your first visit. You can:
- Accept All — consent to all cookie categories (analytics, marketing, preferences).
- Reject All — decline all non-essential cookies. Only strictly necessary cookies will be set.
- Manage Preferences — select individual categories (analytics, marketing) and accept or reject each independently.
Your choice is stored in the cookie_consent cookie for 12 months so you are not repeatedly prompted on return visits. You may change your preferences at any time via the cookie settings link in the footer of every page.
Google Consent Mode v2
Both ezclass.io and placement.ezclass.io implement Google Consent Mode v2. This means:
- All Google tracking and advertising tags default to “denied” until you make an active consent choice via the cookie banner.
- Google Tag Manager (GTM) is configured to listen for the consent signal before triggering any analytics or marketing scripts.
- If you reject analytics or marketing cookies, Google’s tags enter a consent-denied state. Google may still receive aggregated, non-identifiable modelling signals in this state, but no cookies are set and no individual-level tracking occurs.
- If you later change your preferences to accept cookies, GTM will load the relevant scripts at that point in your session.
This implementation ensures that no Google tracking data is collected until explicit consent is given, consistent with GDPR and the IAB Transparency and Consent Framework (TCF 2.2).
Withdrawing Consent
You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. To withdraw consent:
- Click the cookie settings link in the footer of any page.
- Select “Reject All” or deselect individual categories.
- Save your preferences.
Your updated preferences will take effect immediately. Cookies already placed in your browser during a prior session of consent will persist until they expire or you delete them manually (see Section 11).
8. International Transfers
Where cookies and tracking technologies involve data being transferred outside the European Economic Area (EEA), we rely on the following safeguards:
| Recipient | Country | Transfer Basis |
|---|---|---|
| Google LLC | USA | EU–US Data Privacy Framework (DPF) |
| Meta Platforms, Inc. | USA | EU–US Data Privacy Framework (DPF) |
| Microsoft Corporation | USA | EU–US Data Privacy Framework (DPF) |
| Cloudflare, Inc. | USA | EU–US Data Privacy Framework (DPF) |
| Ahrefs Pte. Ltd. | Singapore | Standard Contractual Clauses (SCCs) |
| Contentsquare SAS | France (EEA) | No transfer outside EEA; sub-processors covered by SCCs where applicable |
| Zoom Video Communications | USA | EU–US Data Privacy Framework (DPF) |
| Stripe, Inc. | USA | EU–US Data Privacy Framework (DPF) |
| Google Firebase | USA | EU–US Data Privacy Framework (DPF) |
If you require further information about the specific safeguards applied to any transfer, contact us at [email protected] .
9. Age and Parental Guidance
Our Platform is intended for users aged 16 and above. Users aged 16–17 may manage their own cookie preferences, consistent with their general right to consent to EZclass services under GDPR Article 8.
If you believe that a person under the age of 16 is using the Platform, please contact us at [email protected] so we can take appropriate action.
10. No Profiling of Minors
EZclass does not use cookies or any tracking technology to build advertising profiles of users known or believed to be under the age of 18. Analytics data relating to users under 18 is not used for behavioural advertising or profiling purposes. Any session data collected for analytics purposes is used solely to improve Platform functionality and user experience.
11. How to Manage Cookies
In addition to the in-banner consent controls described in Section 7, you can control and delete cookies through your browser settings. Please note that restricting cookies may affect the functionality of the Platform.
Browser-Level Cookie Controls
| Browser | Cookie Settings Location |
|---|---|
| Google Chrome | Settings → Privacy and security → Cookies and other site data |
| Mozilla Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Apple Safari | Preferences → Privacy → Manage Website Data |
| Microsoft Edge | Settings → Cookies and site permissions → Cookies and site data |
| Opera | Settings → Advanced → Privacy & Security → Site Settings → Cookies |
Opt-Out Links for Specific Services
- Google Analytics: Google Analytics Opt-out Browser Add-on
- Google Ads personalisation: Google Ad Settings
- Meta / Facebook ads: Meta Ad Preferences
- Microsoft / LinkedIn ads: Microsoft Privacy Dashboard
- General opt-out (EU): Your Online Choices
- General opt-out (USA): Network Advertising Initiative
- Do Not Track: Most modern browsers support a “Do Not Track” (DNT) signal. We honour this signal by defaulting analytics and marketing cookies to a denied state when DNT is detected, but we recommend using the in-banner controls for the clearest record of your preferences.
Deleting Existing Cookies
You can delete cookies already stored on your device:
- Chrome: Settings → Privacy and security → Clear browsing data → Cookies and other site data.
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data.
- Safari: Preferences → Privacy → Manage Website Data → Remove All.
- Edge: Settings → Privacy, search, and services → Clear browsing data → Cookies and other site data.
After deleting cookies, you will be shown the consent banner again on your next visit so that your preferences can be re-recorded.
12. Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in the technologies we use, changes in applicable law, or changes in our business practices. When we make material changes:
- We will update the “Last Reviewed” date at the top of this document.
- For significant changes affecting how consent is managed or new cookie categories introduced, we will re-display the consent banner to existing users.
- We may also notify users by email or through an in-app notice.
We encourage you to review this Cookie Policy periodically. Continued use of the Platform after the effective date of any changes constitutes acceptance of the revised policy in respect of cookies that do not require consent; for consent-based cookies, a new consent prompt will be presented where legally required.
13. Contact Us
If you have questions or concerns about this Cookie Policy, the cookies we use, or how to exercise your rights, please contact us:
EZclass Privacy Team
Email: [email protected]
You also have the right to lodge a complaint with the supervisory authority in your EU/EEA Member State of habitual residence, place of work, or place of the alleged infringement. A list of EU Data Protection Authorities is available at edpb.europa.eu.
This Cookie Policy is effective as of April 9, 2026 .