| Document Owner | Privacy / Compliance |
| Version | 1.0 |
| Classification | Public |
| Last Reviewed | Feb 6 2026 |
| Review Frequency | Annual or upon material change |
1. About this policy
This Cookie Policy explains how Push Security Ltd and Push Security Inc (“Push”, “we”, “us”) use cookies and similar technologies when you visit our website at pushsecurity.com or use the Push Security platform. It explains what these technologies are, why we use them, and your rights to control their use.
This policy should be read alongside our Privacy Policy.
2. What are cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work efficiently, provide information to website owners, and improve the user experience. Cookies may be set by the website you are visiting (“first-party cookies”) or by third-party services that the website uses (“third-party cookies”).
3. How we use cookies
We use cookies for the following purposes:
- Strictly necessary cookies are essential for the operation of our website and platform. They enable core functionality such as authentication, security, and bot protection. These cookies cannot be disabled without affecting how the site functions.
- Analytics cookies help us understand how visitors interact with our website by collecting information about pages visited, time spent, and navigation patterns. This information is used to improve our website.
4. Cookies on our website
4.1 Strictly necessary cookies
These cookies are required for our website and platform to function. They do not require consent under UK and EU cookie law.
| Cookie | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
__cf_bm | Cloudflare (via vimeo.com) | Bot detection and management. Used by Cloudflare to distinguish humans from bots by calculating a bot score based on request patterns. The cookie is set by embedded Vimeo video content on our site. Does not track users across sites. | 30 minutes | Third-party |
_cfuvid | Cloudflare (via vimeo.com) | Distinguishes individual visitors who share the same IP address (e.g., behind a corporate network or NAT) for rate limiting purposes. Set by embedded Vimeo video content. | Session | Third-party |
auth0.[client_id].is.authenticated | Auth0 (pushsecurity.com) | Indicates that a user has an active authenticated session. Used to avoid unnecessary authentication calls when navigating between pages. Set only when a user logs in. | 24 hours | First-party |
auth0.[client_id].organization_hint | Auth0 (pushsecurity.com) | Stores the organisation identifier for users who authenticate in the context of an Auth0 Organisation. Used as a hint during silent re-authentication. Set only when a user logs in. | 24 hours | First-party |
_legacy_auth0.[client_id].is.authenticated | Auth0 (pushsecurity.com) | Legacy fallback for the auth0.is.authenticated cookie, providing compatibility with browsers that restrict newer cookie attributes. Set only when a user logs in. | 24 hours | First-party |
_legacy_auth0.[client_id].organization_hint | Auth0 (pushsecurity.com) | Legacy fallback for the auth0.organization_hint cookie, providing compatibility with browsers that restrict newer cookie attributes. Set only when a user logs in. | 24 hours | First-party |
did | Auth0 (login.pushsecurity.com) | Device identifier used by Auth0 for device recognition during authentication. Enables security features such as anomaly detection and adaptive authentication by recognising returning devices. Set only when a user logs in. | 1 year | First-party |
did_compat | Auth0 (login.pushsecurity.com) | Legacy fallback for the did cookie, providing compatibility with browsers that restrict newer cookie attributes. Set only when a user logs in. | 1 year | First-party |
player_clearance | Vimeo (player.vimeo.com) | Security clearance cookie set by the Vimeo embedded video player after passing bot protection checks. Required for video playback to function. | 24 hours | Third-party |
__Secure-3PSIDCC | Google (www.google.com) | Security cookie set by Google reCAPTCHA, used to support bot detection and abuse prevention on forms protected by reCAPTCHA. | 1 year | Third-party |
redoc.appStore | Redocly (pushsecurity.com) | Stores API documentation UI preferences (sidebar state, layout mode). Set when visiting the API documentation at pushsecurity.com/help/audience/engineering/. | Session | First-party |
4.2 Analytics cookies
These cookies are set for all visitors. However, where consent is required (see Section 5), the analytics tools that read these cookies are only enabled if you accept analytics via our cookie banner. If you decline, the cookies will still be present on your device but the analytics tools will not be loaded and no data will be collected from them.
| Cookie | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
_pk_id.2.c305 | Matomo (pushsecurity.com) | Assigns a unique visitor ID to recognise new and returning visitors. Used to build anonymous usage statistics including visit count and timestamps. | 13 months | First-party |
_pk_ses.2.c305 | Matomo (pushsecurity.com) | Tracks the active session. Links page views and interactions to a single visit for accurate analytics reporting. | 30 minutes | First-party |
ajs_anonymous_id | Segment (pushsecurity.com) | Assigns an anonymous UUID to unidentified visitors for analytics purposes. Used to understand visitor behaviour patterns without identifying individuals. | 1 year | First-party |
ajs_user_id | Segment (pushsecurity.com) | Stores the identified user’s ID after login to link authenticated activity to the user’s analytics profile. Note: this cookie stores the user’s email address. Set only after login to the product. | 1 year | First-party |
5. Your choices
Visitors whose browser indicates they are located in an EU or UK timezone are presented with a cookie consent banner before analytics tools are enabled. The banner offers two choices: OK (enables analytics tools) or No Thanks (analytics tools are not loaded and no analytics data is collected). Strictly necessary cookies are always set regardless of your choice. Your preference is stored in a cookie so the banner is not shown again on subsequent visits.
To change your preference, use the clear cookies link in the website footer. This removes your stored preference and the consent banner will be shown again on your next visit.
Visitors outside the EU and UK are not shown the consent banner and analytics tools are enabled by default.
You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. The methods for doing so vary by browser — consult your browser’s help documentation for instructions. Be aware that disabling strictly necessary cookies may prevent parts of the website from functioning correctly.
6. Updates to this policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for other operational, legal, or regulatory reasons. The “Last Updated” date at the top of this page indicates when it was last revised.
7. Contact us
If you have questions about our use of cookies, contact us at privacy@pushsecurity.com or visit our contact page.
Changelog
| Date | Version | Comment |
|---|---|---|
| Feb 1 2021 | 0.1 | Initial version. Strictly necessary cookies only (Auth0 authentication). |
| Mar 15 2022 | 0.2 | Added Cloudflare and Vimeo cookies following introduction of embedded video content. |
| Aug 1 2022 | 0.3 | Added analytics cookies section (Segment). |
| Mar 10 2023 | 0.4 | Added Matomo analytics. |
| Dec 12 2023 | 0.5 | Added Google reCAPTCHA cookie for form bot protection. |
| Jun 1 2024 | 0.6 | Added Auth0 legacy fallback and device identifier cookies for cross-browser compatibility. |
| Jan 17 2025 | 0.7 | Added Redocly cookie following launch of public API documentation. |
| Jul 28 2025 | 0.8 | Reviewed cookie inventory against live site. No changes required. |
| Feb 6 2026 | 1.0 | Adopted document control format. |