1.1 SecureRoot Risk Advisory LLP (“SecureRoot”, “we”, “our”, “us”) operates the website www.secureroot.co (the “Website”) and uses cookies and similar tracking technologies to enhance user experience, measure website performance, and support our business-development activities.
1.2 This Cookie Policy (“Policy”) explains what cookies are, which cookies we use, the purposes for which we use them, and your rights to control or withdraw consent to their use. It forms part of our Privacy Policy (SRRA/LEGAL/PP/2026/10) and should be read together with it.
1.3 This Policy has been prepared to comply with:
1.4 This Policy applies to all cookies and similar technologies deployed on www.secureroot.co. It does not apply to third-party websites that may be accessible via links on our Website.
2.1 A cookie is a small text file placed on your device (computer, smartphone, or tablet) by a website when you visit it. Cookies allow the website to recognise your device on subsequent visits and perform various functions described in this Policy.
2.2 Cookies may be:
2.3 Similar Technologies. In addition to cookies, we may use the following tracking technologies, all of which are subject to the same consent requirements as cookies where they access or store information on your device:
3.1 Under the ePrivacy Directive, PECR, GDPR, and DPDPA, the following legal bases apply to our use of cookies:
| Cookie Category | ePrivacy / PECR Basis | GDPR / UK GDPR Basis (Art. 6) | DPDPA Basis |
|---|---|---|---|
| Strictly Necessary | Exemption from consent (Reg. 6(4) PECR; Art. 5(3) ePrivacy Dir.) | Art. 6(1)(b) — performance of contract; Art. 6(1)(f) — legitimate interest (security) | Contractual necessity (§ 4(1)(b)); Legitimate use |
| Functional / Preference | Consent required (Reg. 6(1) PECR) | Art. 6(1)(a) — freely given, specific, informed consent | Consent (§ 4(1)(a) DPDPA) |
| Analytics / Performance | Consent required; anonymisation may enable legitimate interest in some jurisdictions | Art. 6(1)(a) consent (default); Art. 6(1)(f) where fully anonymised | Consent (§ 4(1)(a) DPDPA); Legitimate use if anonymised |
| Marketing / Targeting | Consent required — always; no legitimate interest reliance | Art. 6(1)(a) — explicit, unbundled, granular consent | Consent (§ 4(1)(a) DPDPA) |
3.2 Consent Standard. Where consent is required, it must satisfy all of the following criteria derived from Art. 4(11) GDPR and EDPB Guidelines 05/2020 on Consent:
4.1 The following tables set out the cookies currently deployed on www.secureroot.co. The list is updated whenever material changes are made.
Essential for the Website to function. No consent required.
| Cookie Name | Provider | Purpose | Type | Duration | Data Outside India/EU? |
|---|---|---|---|---|---|
| PHPSESSID | SecureRoot (1st party) | Maintains session state. Prevents session fixation. | Session | Session end | No |
| _csrf_token | SecureRoot (1st party) | CSRF protection token. Validates form submissions. | Session | Session end | No |
| cookielawinfo-checkbox-* | SecureRoot / CMP | Stores user cookie consent choices per category. | Persistent | 12 months | No |
| viewed_cookie_policy | SecureRoot / CMP | Records whether user has viewed cookie notice banner. | Persistent | 12 months | No |
Enhanced functionality and personalisation. Consent required.
| Cookie Name | Provider | Purpose | Type | Duration | Data Outside India/EU? |
|---|---|---|---|---|---|
| wp-settings-* | WordPress (1st party) | Stores user preferences for WordPress admin interface. | Persistent | 1 year | No |
| wp-settings-time-* | WordPress (1st party) | Records the time wp-settings were last updated. | Persistent | 1 year | No |
| language_pref | SecureRoot (1st party) | Remembers selected language across sessions. | Persistent | 6 months | No |
| HubSpotUtk | HubSpot (3rd party) | Tracks visitor identity for HubSpot CRM forms. | Persistent | 13 months | Yes — US (SCCs / EU-US DPF) |
Help us measure and improve Website performance. Consent required.
| Cookie Name | Provider | Purpose | Type | Duration | Data Outside India/EU? |
|---|---|---|---|---|---|
| _ga | Google Analytics | Unique ID for visitor statistical data. IP anonymisation enabled. | Persistent | 2 years | Yes — US |
| _ga_* | Google Analytics | Persists GA4 session state and measurement ID. | Persistent | 2 years | Yes — US |
| _gid | Google Analytics | Unique ID for usage statistics. Expires after 24 hours. | Persistent | 24 hours | Yes — US |
| _gat_gtag_* | Google Tag Manager | Throttles request rate to Google Analytics. | Session | 1 minute | Yes — US |
| _hjSessionUser_* | Hotjar (if activated) | Identifies new user session. Heatmaps / session recordings. | Persistent | 365 days | Yes — EU |
| _hjSession_* | Hotjar (if activated) | Contains current Hotjar session data. | Session | 30 minutes | Yes — EU |
May be set by advertising partners. Consent always required and unbundled.
| Cookie Name | Provider | Purpose | Type | Duration | Data Outside India/EU? |
|---|---|---|---|---|---|
| _fbp | Meta (Facebook) Pixel | Ad delivery / retargeting. Only with consent. | Persistent | 3 months | Yes — US |
| li_fat_id | LinkedIn Insight Tag | Member identifier for LinkedIn conversion tracking. | Persistent | 30 days | Yes — US |
| UserMatchHistory | Ad-matching cookie for retargeting and frequency capping. | Persistent | 30 days | Yes — US | |
| IDE | Google DoubleClick | Reports on user actions after viewing Google ads. | Persistent | 13 months | Yes — US |
5.1 SecureRoot deploys a Consent Management Platform (CMP) on www.secureroot.co. The CMP presents a layered consent notice to all users on their first visit and whenever consent preferences are to be renewed or updated.
5.2 The CMP is configured to meet the following technical and operational requirements:
5.3 Where a user’s browser sends a Global Privacy Control (GPC) signal or similar opt-out signal, SecureRoot’s Website will treat this as a withdrawal of consent for non-essential cookies and will not activate such cookies for that session.
5.4 Consent is specific to the device and browser from which it is given. If you use multiple devices or browsers, you will need to manage your preferences on each separately.
6.1 Several cookies on our Website are set by third-party providers. SecureRoot does not control the data collection and use practices of these third parties. Their use of any data collected through their cookies is governed by their own privacy and cookie policies.
6.2 Key third-party providers and their applicable policies:
| Provider | Service | Privacy / Cookie Policy URL | Transfer Safeguard |
|---|---|---|---|
| Google LLC | Google Analytics, Tag Manager, Google Ads | policies.google.com/privacy | EU-US Data Privacy Framework; SCCs |
| Meta Platforms Ireland Ltd. | Facebook Pixel (if activated) | www.facebook.com/privacy/policy | SCCs; EU-US DPF |
| LinkedIn Ireland Unlimited Company | LinkedIn Insight Tag (if activated) | www.linkedin.com/legal/privacy-policy | SCCs |
| HubSpot Inc. | CRM forms, email tracking | legal.hubspot.com/privacy-notice | SCCs; EU-US DPF |
| Hotjar Ltd. | Heatmaps, session recordings (if activated) | www.hotjar.com/legal/policies/privacy | SCCs; data residency EU option |
| Cloudflare Inc. | CDN, security, bot protection | www.cloudflare.com/privacypolicy | SCCs; EU-US DPF |
| WordPress.org / Automattic | CMS infrastructure | automattic.com/privacy | SCCs; EU-US DPF |
6.3 International Transfers. Some of the third-party cookies listed above involve the transfer of personal data to the United States or other jurisdictions outside India and the EU/EEA/UK. SecureRoot ensures appropriate safeguards are in place for such transfers, as set out in Section 8 of the Privacy Policy.
The most reliable way to manage your cookie preferences on our Website is via our Consent Management Platform. Click “Cookie Preferences” in the Website footer at any time to view or update your choices. Changes take effect immediately for that browsing session.
All major browsers allow you to control cookies through their settings:
Note: Blocking all cookies via browser settings will affect your experience of our Website and may prevent certain features from functioning.
Some browsers include a “Do Not Track” (DNT) feature. There is currently no universal standard for DNT signals, and most websites (including ours via standard analytics tools) do not respond to DNT browser signals. However, SecureRoot’s Website does recognise and honour Global Privacy Control (GPC) signals, treating them as withdrawal of consent for non-essential cookies.
On mobile devices, you can control interest-based advertising through your device settings: iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads > Opt out of Ads Personalisation. In-app SDKs are governed by the respective app’s privacy notice.
8.1 Cookie data that constitutes Personal Data (e.g., IP addresses, device identifiers, browsing history linked to an identifiable individual) is subject to the full range of Data Subject rights set out in the Privacy Policy (SRRA/LEGAL/PP/2026/10), Section 11.
8.2 Specifically relevant rights:
9.1 The lifespan of each individual cookie is set out in the cookie inventory tables in Section 4. Persistent cookies will be automatically deleted from your device after the specified duration unless you delete them earlier through your browser or device settings.
9.2 Where cookie data is processed as Personal Data by SecureRoot, it is retained in accordance with the retention schedule in the Privacy Policy. In summary:
10.1 SecureRoot implements appropriate technical and organisational measures to protect Personal Data collected through cookies against unauthorised access, disclosure, alteration, or destruction.
10.2 Specific security measures for cookie data include:
11.1 SecureRoot reviews this Cookie Policy at least annually, and whenever: (a) new cookies are deployed or existing ones are materially changed; (b) new third-party providers are onboarded; (c) applicable law or regulatory guidance changes.
11.2 The “Effective Date” and version number at the top of this document indicate when it was last revised. Material changes will be notified via the CMP banner and, where appropriate, by email to registered users. Upon material change, consent will be renewed where required.
11.3 The current version of this Policy is always available at www.secureroot.co/cookie-policy.
For questions, to exercise your rights, or to manage your cookie preferences, please contact our Data Protection function:
SecureRoot Risk Advisory LLP — Data Protection & Privacy Team
Email: privacy@secureroot.co
Phone: +91 73071 48874
Website: www.secureroot.co
Head Office: 305, 3rd Floor, Krishna Tower, 15/63, Civil Lines, Kanpur – 208001, Uttar Pradesh
Corporate Office: Greater Noida, Uttar Pradesh, India
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority: India — Data Protection Board of India; EU/EEA — supervisory authority of your Member State; UK — ICO (ico.org.uk); California (US) — California Privacy Protection Agency (cppa.ca.gov).
No obligation. Our senior consultants will walk through your environment and share where the gaps are. Whether you work with us or not.
Cybersecurity that helps enterprises worldwide move from “hope we’re safe” to “we’ve got this.”
Follow us
Copyright © 2026 Secureroot Risk Advisory LLP. All rights reserved.
