Legal · Tracking Technologies

Cookie Policy

Effective Date: January 15, 2026 Last Updated: January 15, 2026 Version: 1.0

This Cookie Policy explains how VastConfluence LLC ("VastConfluence," "we," "us," or "our") and our trusted service providers use cookies, pixels, local storage, and other tracking technologies when you visit our websites or use our Services across our three brands: TechNanny (a pure-static CMS SaaS), BizNanny (a small-business cloud ERP), and Template Waterfall (a vertical-industry HTML template marketplace). It also describes how you can control these technologies. This policy supplements and should be read together with our Privacy Policy.

Manage Cookie Preferences

1. Overview

VastConfluence uses a small set of cookies and similar technologies to operate our websites and Services securely, remember your preferences, understand aggregate usage, and improve product quality. We are committed to using these technologies transparently, in compliance with applicable laws, and with respect for your right to choose.

Plain-English Summary We use cookies for three main reasons: to keep you signed in, to remember your settings (like language and time zone), and to measure how the Services are used so we can improve them. We do not use cookies for cross-context behavioral advertising, we do not sell information collected through cookies, and we do not allow third parties to use cookies on our properties for their own advertising purposes.

2. What Are Cookies?

A "cookie" is a small text file that a website places on your device (computer, tablet, or smartphone) when you visit. Cookies allow the website to recognize your device on subsequent visits and to store certain information about your interaction with the site. Cookies are widely used to make websites work, work more efficiently, and provide information to the operators of the site.

This Cookie Policy uses the term "cookies" broadly to refer not only to traditional HTTP cookies but also to other client-side storage and tracking mechanisms that perform similar functions, such as web beacons, pixel tags, local storage, session storage, and IndexedDB. These are described together in Section 8.

3. Why We Use Cookies

We use cookies and similar technologies to:

  • Authenticate you and keep you signed in to your TechNanny, BizNanny, or Template Waterfall account.
  • Protect against fraud, abuse, and unauthorized access (for example, by detecting unusual login activity).
  • Remember your preferences such as language, time zone, theme, and currency.
  • Save the state of multi-step forms (such as the template-publishing wizard or the BizNanny onboarding flow) so you don't lose your work.
  • Understand aggregate, de-identified patterns of how the Services are used so we can fix bugs, optimize performance, and prioritize improvements.
  • Provide load-balancing and CDN routing so pages and assets load quickly from a server near you.
  • Comply with our legal obligations, including recording your cookie consent choices.

4. Categories of Cookies We Use

We classify cookies into the four categories below. The categories follow the conventions used by the EU ePrivacy Directive, the EDPB guidelines on tracking technologies, and the IAB TCF 2.2 framework, so they will look familiar across most websites you visit.

4.1 Strictly Necessary Essential

These cookies are required for the Services to function. They enable core features such as authentication, security, network management, and accessibility. Because they are essential, you cannot disable them through our preference center, although you can block them at the browser level (which will likely break the Services).

4.2 Functional Optional

Functional cookies remember choices you make to provide a more personalized experience, such as language preference, region, or theme. They are not strictly required, but disabling them means we won't remember your settings between visits.

4.3 Analytics & Performance Optional

Analytics cookies help us understand how visitors interact with our Services on an aggregate, de-identified basis. We use this information to diagnose errors, measure feature adoption, and improve product reliability. Where required by law, these cookies are loaded only after you give consent.

4.4 Marketing & Advertising Optional

VastConfluence does not currently use marketing or advertising cookies on its websites or Services. We do not deploy retargeting pixels, third-party advertising networks, or cross-site behavioral advertising tools on our owned properties. If we ever introduce such cookies, we will update this policy, classify them in this category, and load them only after you provide opt-in consent in jurisdictions where consent is required.

5. Cookie Inventory

The table below lists the specific cookies and similar technologies we use across vastconfluence.com, technanny.com, biznanny.com, and templatewaterfall.com at the date of this policy. We update this list as our use of these technologies changes. Cookies set by an authenticated user's published TechNanny website are governed by that website operator's own cookie policy, not by this policy.

5.1 Strictly Necessary Cookies

Name Provider Purpose Duration
vc_session VastConfluence (first-party) Maintains an authenticated session and prevents you from being signed out unexpectedly. Session
vc_csrf VastConfluence (first-party) Cross-site request forgery protection token to keep account actions secure. Session
vc_consent VastConfluence (first-party) Records your cookie-preference choices so we don't ask again on every page. 12 months
__cf_bm Cloudflare Bot-management challenge to distinguish humans from automated traffic. 30 minutes
cf_clearance Cloudflare Stores the result of a security challenge so legitimate visitors don't see it again. Up to 1 year
__stripe_mid, __stripe_sid Stripe Fraud prevention on payment forms; loaded only on billing pages. 1 year / 30 minutes

5.2 Functional Cookies

Name Provider Purpose Duration
vc_lang VastConfluence (first-party) Stores your preferred language (English, Traditional Chinese, or Simplified Chinese). 12 months
vc_tz VastConfluence (first-party) Stores your time-zone preference for invoices and dashboard timestamps. 12 months
vc_theme VastConfluence (first-party) Remembers your dashboard theme preference. 12 months
vc_currency VastConfluence (first-party) Remembers your displayed pricing currency on plan and template pages. 12 months

5.3 Analytics & Performance Cookies

Name Provider Purpose Duration
_ga, _ga_* Google Analytics 4 Distinguishes unique visitors and measures aggregate site usage. IP anonymization is enabled and Google Signals is disabled. 2 years
_cfuvid Cloudflare Web Analytics Server-side, cookie-less analytics fallback used to measure unique visits without cross-site tracking. Session
Local-storage key vc_perf VastConfluence (first-party) Caches performance-monitoring data (Core Web Vitals) batched and sent in aggregate. Up to 30 days

5.4 Marketing & Advertising Cookies

None at this time. See Section 4.4.

6. First-Party vs. Third-Party Cookies

  • First-party cookies are set directly by VastConfluence on the domain you are visiting. We control these cookies and the data they collect.
  • Third-party cookies are set by service providers we engage to help us operate the Services, such as Cloudflare (security and CDN), Stripe (payments), and Google Analytics 4 (aggregate analytics). These vendors use cookies only on our behalf and under contractual data-protection obligations. We do not allow third parties to use cookies on our properties for their own advertising or cross-context behavioral targeting.

7. Session vs. Persistent Cookies

  • Session cookies are temporary and are deleted as soon as you close your browser. We use session cookies primarily for authentication and security.
  • Persistent cookies remain on your device for a set period or until you delete them. We use persistent cookies to remember your preferences, your consent choices, and to support aggregate analytics over time.

The duration of each cookie is listed in the inventory in Section 5.

8. Similar Technologies

In addition to traditional cookies, we may use the following technologies, which serve similar functions and are governed by this policy:

  • Local storage and session storage: browser-based key-value stores used for caching preferences, draft content, and short-lived session data.
  • IndexedDB: a structured client-side database used by certain TechNanny and BizNanny features (for example, offline draft editing) so your work isn't lost during connectivity interruptions.
  • Web beacons and pixel tags: tiny graphic files used to verify that a transactional email (such as a billing receipt) was successfully delivered. We do not use marketing-style email open-tracking pixels.
  • Service workers: background browser scripts used for performance optimization and offline support; they do not collect personal information.
  • Server-side logging: our servers automatically record requests (URL, IP, user agent, timestamp) for security and debugging. This is not a "cookie" technology, but we mention it for transparency.

Consistent with the EDPB's 2024 guidelines on the technical scope of Article 5(3) of the ePrivacy Directive, we apply the same consent requirements to non-cookie tracking technologies (such as local storage and fingerprinting) as we do to cookies.

9.1 EU/EEA, UK, and Switzerland

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for placing cookies on your device depends on the cookie's category:

  • Strictly necessary cookies are placed on the basis that they are required to provide the service you have explicitly requested (Article 5(3) of the ePrivacy Directive exemption).
  • All other cookies (functional, analytics, marketing) are placed only on the basis of your prior, freely given, specific, informed, and unambiguous consent, which you can withdraw at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

9.2 California and Other U.S. States

Under the CCPA/CPRA and other state privacy laws, we treat data collected through non-essential cookies in accordance with consumer rights under those laws. We do not "sell" personal information for monetary consideration and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We honor opt-out preference signals such as the Global Privacy Control (see Section 11).

9.3 Other Jurisdictions

If you visit our Services from another jurisdiction, we apply protections at least equivalent to the regional minimum and, where practical, extend EEA-level consent rights to all visitors as a matter of policy.

10.1 First-Visit Banner

When you first visit one of our websites from a jurisdiction that requires cookie consent, we display a cookie banner that allows you to (i) accept all optional cookies, (ii) reject all optional cookies, or (iii) customize your choices by category. "Accept" and "Reject" are presented with equal prominence and require equivalent effort, in line with the European Data Protection Board's guidance on dark patterns.

10.2 Granular Choices

Through the preference center you can independently allow or block Functional cookies and Analytics cookies. Strictly Necessary cookies cannot be disabled because the Services cannot function without them.

10.3 Withdrawing Consent

You can change or withdraw your consent at any time by clicking Manage Cookie Preferences in the page header above, or by clicking "Cookie Preferences" in the footer of any page. We honor withdrawal as easily as we obtained consent.

10.4 Record of Consent

To demonstrate compliance with applicable law, we record the fact and date of your consent (or refusal), the version of this Cookie Policy in effect at the time, and the categories you allowed. We retain this record for as long as required to demonstrate compliance, typically up to 24 months.

11. Global Privacy Control & Do Not Track

The Global Privacy Control (GPC) is a browser-based signal that automatically communicates your wish to opt out of the sale or sharing of your personal information. When we detect a valid GPC signal from your browser, we treat it as a binding opt-out request from California residents and from residents of other states whose laws give effect to such signals (currently including Colorado, Connecticut, Texas, and an increasing list of others).

Because we do not sell or share personal information for cross-context behavioral advertising, the practical effect of a GPC signal on our Services is limited; however, we still record receipt of the signal and apply it consistently across categories where opt-out applies under your jurisdiction's law.

The legacy "Do Not Track" (DNT) browser signal does not have a uniformly accepted meaning, and we do not currently respond to DNT signals.

12. How to Manage Cookies

You have several ways to control cookies and similar technologies:

  1. Use our preference center. Open the in-product preference center at any time using the button at the top of this page or the "Cookie Preferences" link in the footer.
  2. Configure your browser. Most browsers let you block or delete cookies in their settings. See Section 13.
  3. Configure your operating system. Mobile devices include controls for ad identifiers and tracking. See Section 14.
  4. Use industry opt-out tools. See Section 15.
  5. Use browser extensions and privacy-respecting browsers (such as those with built-in tracker blocking).

13. Browser-Specific Cookie Controls

The links below take you to current cookie-management instructions from major browser vendors. We are not responsible for the content of these external pages.

Note that blocking all cookies, including strictly necessary ones, will prevent core features of the Services from working. See Section 16.

14. Mobile Device Controls

Mobile devices generally provide system-level controls in addition to in-browser controls:

  • iOS / iPadOS: Settings → Privacy & Security → Tracking; and Settings → Apps → Safari → Block All Cookies / Prevent Cross-Site Tracking.
  • Android: Settings → Privacy → Ads → Delete advertising ID; and within Chrome → Settings → Site settings → Cookies.

If you use a mobile browser other than the system default, consult that browser's settings as well.

15. Third-Party Service Opt-Outs

For the third-party providers used in our analytics and security stack, you can use the vendor-specific tools below in addition to our preference center:

  • Google Analytics 4: Install the Google Analytics Opt-Out Browser Add-On, or refuse Analytics cookies in our preference center.
  • Cloudflare: Cloudflare's bot-management cookies are strictly necessary for security and cannot be opted out without disabling our security protections. Cloudflare Web Analytics is cookie-less and does not require opt-out.
  • Stripe: Stripe fraud-prevention cookies are loaded only on payment pages and are required to process payments securely.

Industry-wide opt-out resources include:

16. Effect of Disabling Cookies

You are free to refuse or delete cookies, but doing so may affect your experience:

  • Strictly necessary cookies: blocking these will likely prevent you from signing in, completing payments, or using core Service features.
  • Functional cookies: blocking these means we won't remember your language, time zone, theme, or currency on your next visit.
  • Analytics cookies: blocking these has no effect on your experience but reduces our ability to spot bugs and improve product quality.

17. International Visitors

VastConfluence is headquartered in the United States. When you visit our Services from outside the United States, your information processed through cookies may be transferred to and stored in the United States or other countries where our service providers operate. Our international transfer practices and the safeguards we apply (including EU Standard Contractual Clauses) are described in our Privacy Policy.

18. Children's Use

The Services are not directed to children under the age of 16. We do not knowingly use cookies or similar technologies to collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at info@vastconfluence.com and we will take appropriate steps to delete it.

19. Changes to This Policy

We may update this Cookie Policy from time to time to reflect changes in the technologies we use, in our business practices, or in applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law or where the change is significant, provide additional notice (for example, by re-prompting the cookie banner or by emailing account holders). We encourage you to review this policy periodically.

20. Contact Us

If you have questions about this Cookie Policy, our use of cookies, or your privacy choices, please contact us using one of the following channels:

VastConfluence LLC — Contact Options

Registered Office: Wyoming, United States

General & Privacy Inquiries: info@vastconfluence.com
Abuse & Compliance Reports: abuse@vastconfluence.com
Appeals (Content / Account Restriction): appeals@vastconfluence.com

Cookie Preferences: Open the preference center

This Cookie Policy is published in English. Translations are provided for convenience only; in case of any conflict, the English version prevails.