SmartAlex Cookie Policy
1. Purpose and scope
This Cookie Policy explains how THERCSGROUP PTE. LTD., a private company limited by shares incorporated in the Republic of Singapore (UEN 202543608D), trading as SmartAlex (SmartAlex, we, us, or our), uses cookies and similar technologies on our websites, web application, and APIs (the Services).
This Policy covers the cookies and similar technologies set on the public marketing website and on the authenticated areas of the Services. It does not cover the personal data contained in calls, contacts, transcripts, or other materials that a business customer processes through the Services, which are addressed in our Privacy Policy and, where the customer is the controller, in that customer's own notices. It also does not cover third-party websites that you may reach through links on the Services, each of which has its own cookie practices.
Read this Policy together with our Privacy Policy, which describes more broadly how we collect, use, disclose, and protect personal data. Where a cookie or similar technology processes information relating to an identified or identifiable individual, that information is Personal Data and the Privacy Policy applies to it in addition to this Policy.
2. Definitions
The following defined terms are used throughout this Policy. Other capitalised terms have the meanings given to them in our Privacy Policy.
- Cookie means a small text file that a website places on your device so the site can recognise that device, remember information about your visit, and improve your experience on later visits. In this Policy, "cookies" also covers the similar technologies described in the section "What cookies and similar technologies are", below, unless we say otherwise.
- First-party cookie means a cookie set by a domain operated by SmartAlex as part of the Services.
- Third-party cookie means a cookie set by a third-party service that we have integrated into the Services, for example an analytics, security, or payment provider.
- Session cookie means a cookie that is deleted when you close your browser or when your session ends.
- Persistent cookie means a cookie that remains on your device for a defined period or until you delete it.
- Essential, Analytics, Marketing, and Functional are the four cookie categories used both in this Policy and as the toggle labels in our cookie-consent banner, described in the section "Cookie categories", below.
- Consent means a freely given, specific, informed, and unambiguous indication of your wishes, signified by a clear affirmative action, as that term is used under the GDPR and equivalent laws.
- Effective Date means the date stated in the final section of this Policy, which is the date of its most recent revision.
3. What cookies and similar technologies are
A cookie is a small text file placed on your device by a website. It lets the site recognise your device, remember information about your visit, and improve your experience on later visits. We use cookies and a number of similar technologies that perform comparable functions, including the following:
- localStorage and sessionStorage. Browser storage that holds small amounts of data on your device. We use it to keep you signed in, to hold interface preferences, and to remember that you have seen and answered the consent banner. sessionStorage is cleared when the browser tab closes; localStorage persists until cleared.
- Tracking pixels and web beacons. Tiny image or script references embedded in a page or an email that signal when content has been loaded or opened. We use them, with consent where required, to measure the delivery and engagement of marketing communications.
- Software development kit and device identifiers. Where you use the Services through a mobile application, comparable on-device storage and identifiers may be used to perform the functions that cookies perform in a browser.
Where this Policy refers to "cookies", it means cookies and these similar technologies together, unless the context requires otherwise. The categories, legal bases, retention rules, and controls in this Policy apply to all of them.
Cookies set by the Services we operate are first-party cookies. Cookies set by third-party services we have integrated, for example our analytics or payment partners, are third-party cookies.
4. Cookie categories
We classify the cookies and similar technologies on the Services into four categories. These categories use the same labels as the toggles in our cookie-consent banner: Essential, Analytics, Marketing, and Functional. The banner lets you accept all, reject all non-essential cookies, or make a choice for each non-essential category. Essential cookies are always on because the Services cannot run without them.
| Category | What it does | Consent required |
|---|---|---|
| Essential | Keeps the Services secure and operational, including signing you in, protecting forms, balancing load, and recording your cookie choice. | No (strictly necessary) |
| Functional | Remembers choices you make and provides enhanced features, such as language and timezone preferences and embedded checkout. | Yes |
| Analytics | Helps us understand how visitors use the Services so we can improve them and diagnose faults. | Yes |
| Marketing | Measures the performance of marketing campaigns and, where lawful and consented, helps us deliver relevant content. | Yes |
4.1 Essential
These keep the Services secure and working. You cannot disable them through our consent banner because the Services would not function without them. Examples include a session token that keeps you signed in, a token that protects forms against cross-site request forgery, a load-balancing cookie that routes your requests to a healthy server, and a cookie that records your cookie-consent choice so we do not re-prompt you on every page. The first-party cookie that stores your consent choice is named smartalex_cookie_consent. Representative names for the authentication and security cookies are described by function in this section and in the retention table in the section "Retention and lifespan of cookies", below.
4.2 Functional
These remember preferences and enable optional features. Examples include language and timezone settings, interface choices that persist between visits, and the ability to embed a payment session during checkout. Where you make a payment, our payment processor, Stripe, sets cookies that are necessary to present and complete the checkout and to help detect fraud. Functional cookies are set only where you have given consent, except where a specific cookie is strictly necessary to deliver a feature you have actively requested.
4.3 Analytics
These help us measure usage and fix faults. We use a website analytics service for aggregate usage statistics, a session-analytics service for interaction and usability insights, and an error-monitoring service that may set a short-lived identifier to correlate client-side errors within a single session. Analytics cookies do not, by themselves, allow us to identify you personally; we use the resulting information in aggregate to understand which features are used and where the Services can be improved. The specific third parties are named in the section "Third parties that may set cookies", below. Analytics cookies are set only with your prior consent.
4.4 Marketing
These measure how marketing reaches you. Examples include campaign tracking parameters (UTM tags) preserved across pages so we can attribute a conversion to the campaign that referred you, and pixels set by our outbound-email tooling when a recipient opens or clicks an email we have sent. We set marketing cookies and email-tracking pixels only with your prior consent. We do not use the marketing category to make automated decisions that produce legal or similarly significant effects about you.
5. Cookies and our AI voice platform
SmartAlex provides AI voice agents that place and receive telephone calls on behalf of business customers, and that record and transcribe those calls. It is important to understand the boundary between that activity and this Policy.
- The cookies described in this Policy operate in your browser when you visit our website or use the web application. They do not record, transcribe, or listen to telephone calls.
- Call recording, transcription, and the processing of call audio (including any voice characteristics that may constitute biometric data) happen within the Services themselves, not through cookies, and are governed by our Telephony and Call Recording Notice and our Privacy Policy. Where a business customer is the controller of that data, the customer is responsible for obtaining the consents and giving the notices required by law.
- No cookie set on the Services is used to identify an individual by their voice, and we do not use cookies to link a website visitor to the content of any call.
We include this section so that you can see clearly which of our data activities this Policy does and does not cover.
6. Third parties that may set cookies
The table below names the third parties that may set cookies, similar identifiers, or otherwise process data through cookies on the Services, what they do, the cookies they typically set, and the main region from which they operate. We engage analytics and marketing third parties only after you have given consent for the relevant category. The full list of subprocessors SmartAlex uses, including those that do not set cookies, is in our Subprocessor List.
| Third party | Category | Purpose | Representative cookies | Main region |
|---|---|---|---|---|
| Google Tag Manager and Google Analytics 4 (Google Ireland Ltd / Google LLC) | Analytics | Measurement of usage and feature adoption. | _ga, _gid, _gat, and Tag Manager identifiers. | EU / US |
| Microsoft Clarity (Microsoft Corporation) | Analytics | Session replay and heatmap analytics for usability improvement. | _clck, _clsk, and similar. | US |
| Sentry (Functional Software, Inc., d/b/a Sentry) | Analytics | Client-side error monitoring. | A short-lived session identifier to correlate errors. | US |
| Stripe (Stripe Payments Europe Ltd / Stripe, Inc.) | Functional / essential to checkout | Payment processing. Sets cookies during checkout to complete the transaction and to combat fraud. | __stripe_mid, __stripe_sid. | EU / US |
| Cloudflare (Cloudflare, Inc.) | Essential (security) | Content delivery network and security. May set a bot-management cookie when traffic patterns warrant it. | __cf_bm. | Global edge |
| Lemlist (Lemlist SAS) | Marketing | Outbound email tooling. Sets pixels and tracked links in emails we send to measure delivery and engagement. | Email open and click pixels. | EU |
The bot-management cookie set by our content delivery network (__cf_bm) is treated as essential security infrastructure and is set without consent, in line with Article 5(3) of the EU ePrivacy Directive (the exemption for storage that is strictly necessary to provide a service the user has requested). The Stripe checkout cookies are set when you choose to make a payment, because they are necessary to deliver the checkout you have requested; any non-essential cookies are governed by the consent you give for the relevant category.
Each third party processes data under its own privacy and cookie notices, and you can find provider-specific information, including current cookie names and retention periods, in those notices. We update the table above when we add or remove third parties that set cookies, and we reflect such changes in the Effective Date stated at the end of this Policy.
7. Legal bases under EU, UK, and Swiss law
Where the Services are accessed from the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases, under the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations (PECR), and the revised Swiss Federal Act on Data Protection (nFADP):
- Essential cookies are set without consent because they are strictly necessary to deliver a service you have requested. This includes security and load-balancing cookies and the cookie that records your consent choice.
- Analytics, marketing, and functional cookies are set only where you have given prior consent through our cookie-consent banner.
- Where a cookie also involves the processing of Personal Data, that processing additionally relies on a lawful basis under Article 6 of the GDPR (or its UK or Swiss equivalents). For non-essential cookies that basis is your consent; for essential cookies it is our legitimate interest in operating and securing the Services and, where applicable, the performance of our contract with you.
Consent is collected on an opt-in basis. Non-essential cookies are not set before you make a choice, and the "reject all" option is presented as prominently as the "accept all" option. You may withdraw consent at any time through the cookie-preferences control described in the section "Managing your cookie preferences", below, and withdrawing is as easy as giving consent. Withdrawal does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
7.1 How we record and renew consent
When you make a choice in the cookie-consent banner, we record that choice, the categories you accepted or rejected, and the date and time, in the first-party smartalex_cookie_consent cookie, so that we can honour your choice and demonstrate that consent was obtained. We re-present the banner where your stored consent has expired, where you clear the cookie, where you use a different browser or device, or where we make a material change to the categories or third parties that requires fresh consent. The consent cookie has a lifespan of 365 days, after which we will ask you to confirm your preferences again.
8. Other jurisdictions
Where the Services are accessed from Singapore, our use of cookies is governed by the Personal Data Protection Act 2012. Where accessed from South Africa, the Protection of Personal Information Act, 2013 (POPIA) applies, and you may also wish to read our POPIA Notice. Where accessed from California, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), applies, and you may also wish to read our California Privacy Notice. Where accessed from the United Arab Emirates, the applicable federal data protection law (Federal Decree-Law No. 45 of 2021) governs our processing.
8.1 California: sale and sharing, and your opt-out
Some analytics and marketing cookies may involve a "sale" or "share" of personal information as those terms are broadly defined under the CCPA/CPRA, which can include the use of certain third-party advertising and analytics technologies even where no money changes hands. Where they do, California residents have the right to opt out.
You can exercise that right by opening our cookie-preferences control and turning off the Analytics and Marketing categories. This in-product control is the opt-out mechanism we provide for the sale or sharing of personal information through cookies. The control appears on your first visit and can be re-opened from any page of the Services at any time. You do not need to create an account or verify your identity to use it, and your choice applies to the browser and device on which you make it. We also describe our position on the Global Privacy Control signal in the section "Do Not Track and Global Privacy Control", below.
Essential cookies are not "sold" or "shared" and are not subject to this opt-out, because they are strictly necessary to deliver the Services.
9. Managing your cookie preferences
You can manage your cookie preferences in three ways:
- Through our cookie-consent banner and the cookie-preferences control, which appear on your first visit and can be re-opened from any page of the Services to review or change your choices for the Essential, Analytics, Marketing, and Functional categories. Essential cookies cannot be switched off because the Services would not work without them. Your choices are recorded in the smartalex_cookie_consent cookie and take effect immediately on the device you used to make them. The control is reachable by keyboard and works with assistive technologies.
- Through your browser settings. Most browsers let you block all cookies, block only third-party cookies, delete cookies on close, or prompt you before accepting a cookie. The exact controls vary by browser; instructions are in the help centre for Chrome, Edge, Firefox, Safari, and other browsers. You can also clear cookies and browser storage already on your device at any time.
- Through industry opt-out tools such as youronlinechoices.eu (EU) and aboutads.info/choices (United States) for many advertising and analytics providers.
If you block essential cookies through your browser, parts of the Services will not work. For example, you may be unable to sign in, complete a payment, or use session-based features. Blocking only non-essential cookies, or rejecting them in our banner, does not prevent you from using the core Services.
9.1 Different devices and browsers
Because cookies and the choices recorded in them are stored per browser and per device, the preferences you set in one browser or on one device do not automatically carry across to another. If you use the Services from more than one browser or device, please set your preferences in each. Clearing your cookies, using private or incognito browsing, or switching devices will cause the consent banner to appear again.
10. Do Not Track and Global Privacy Control
Some browsers offer a "Do Not Track" (DNT) setting. There is no industry-standard interpretation of DNT signals, and we do not currently respond to DNT signals on a per-cookie basis. Our cookie-consent banner and cookie-preferences control, which you can re-open from any page, are the primary mechanisms we offer to control non-essential cookies.
Some browsers and extensions send a Global Privacy Control (GPC) signal in United States states that recognise universal opt-out preference signals, including California, Colorado, and Connecticut. We are implementing support for GPC so that, where it applies, a valid GPC signal is treated as a request to opt out of the sale or sharing of personal information for the browser from which it is received. Until that support is live, please use the cookie-preferences control described above to set your choices. Because GPC operates per browser and per device, you would need to send the signal from each browser and device you use.
11. Children
The Services are a business-to-business platform and are not directed to children. We do not knowingly use cookies to collect personal data from children. If you believe a child has used the Services in a way that has caused us to process their personal data, please contact us at privacy@getsmartalex.com so that we can take appropriate steps.
12. International transfers of cookie data
Some of the third parties named in this Policy operate outside the European Economic Area, the United Kingdom, and Switzerland, including in the United States. Where information collected through cookies is transferred to such a country, we rely on appropriate safeguards for the transfer, including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss addendum, together with supplementary measures such as encryption in transit and access controls. A copy of the relevant safeguards is available on request from privacy@getsmartalex.com. Our Privacy Policy describes our approach to international transfers in more detail.
13. Retention and lifespan of cookies
Different cookies have different lifespans. Session cookies expire when you close your browser or when your session ends. Persistent cookies remain on your device until they expire or you delete them. Representative lifespans for the cookies described in this Policy are set out below. These values are indicative and approximate; where a third party controls the cookie, that third party's current retention applies and may change, so please also consult their notices. You can delete any cookie at any time through your browser, and you can withdraw consent through our cookie-preferences control.
| Cookie | Category | Type | Representative lifespan (approximate) |
|---|---|---|---|
| Authentication session token | Essential | Session / short-lived | Cleared when you sign out or the session expires. |
| Cross-site request forgery token | Essential | Session | Cleared when the session ends. |
| Load-balancing cookie | Essential | Session | Cleared when the session ends. |
| Consent-preference cookie (smartalex_cookie_consent) | Essential | Persistent | 365 days. |
| _ga (website analytics) | Analytics | Persistent | About 2 years. |
| _gid (website analytics) | Analytics | Persistent | About 24 hours. |
| _gat (website analytics) | Analytics | Session / short-lived | About 1 minute. |
| _clck (session analytics) | Analytics | Persistent | About 1 year. |
| _clsk (session analytics) | Analytics | Session | About 1 day. |
| __cf_bm (bot management) | Essential | Session / short-lived | About 30 minutes. |
| __stripe_mid (payment) | Functional / checkout | Persistent | About 1 year. |
| __stripe_sid (payment) | Functional / checkout | Session / short-lived | About 30 minutes. |
| Email open and click pixels | Marketing | Pixel | Recorded at the time the email is opened or a link is clicked. |
14. Updates to this Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, the third parties we work with, the features we offer, or the law. The Effective Date stated at the end of this Policy indicates the most recent revision. Where changes are material, for example where we add a new category or a new third party that requires consent, we will communicate them through the cookie-consent banner so you can review and reconfirm your preferences. Where changes are minor, we will publish the revised Policy with an updated Effective Date. We encourage you to review this Policy periodically.
15. Contact and complaints
For any question about this Cookie Policy or our use of cookies, contact us at privacy@getsmartalex.com. To exercise data-subject rights such as access, deletion, portability, or objection, see our Data Subject Access Request Procedure.
You may also complain to a supervisory authority. In Singapore, the Personal Data Protection Commission. In South Africa, the Information Regulator, at complaints.ir@inforegulator.org.za or JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, South Africa. In the European Economic Area or the United Kingdom, your local data protection authority. Further escalation routes are set out in our Privacy Policy.
This Cookie Policy is version 1.1 and is effective from 1 June 2026.