Cookie Policy
Last updated: April 11, 2026
This Cookie Policy (“Policy”) describes how Midbound Limited (“we,” “us,” or “our”), the operator of the Leadpipe marketing website and related web properties that link to this Policy (collectively, the “Site”), uses cookies and similar technologies. It should be read together with our Privacy Policy, which explains how we process personal data more broadly, and our Terms of Service. Our registered office is Spaceworks Building, 21 Plumbers Row, London, United Kingdom E1 1AG.
This Policy is intentionally detailed because cookie and tracker regulation sits at the intersection of privacy law (such as the UK GDPR and EU GDPR), electronic communications rules (such as the UK Privacy and Electronic Communications Regulations 2003 (“PECR”) and the EU ePrivacy Directive as implemented in member states), and sector guidance from regulators including the UK Information Commissioner’s Office (“ICO”) and the European Data Protection Board. Requirements differ by jurisdiction, technology, and whether data is stored on or read from a user’s terminal equipment. We explain both what we do and the legal concepts that may apply, without treating this Policy as legal advice for your own compliance programme.
By continuing to use the Site after being presented with a cookie banner or preference tool (where we use one), or by adjusting your browser settings in line with this Policy, you acknowledge the practices described here. You can change your mind at any time using the mechanisms below. For questions, contact support@leadpipe.com. Keep a copy of this Policy for your records if your organisation requires vendor documentation.
1. What are cookies and similar technologies?
A cookie is a small text file placed on your device when you visit a website. Cookies are widely used to make sites work, remember preferences, understand how visitors navigate, and (where permitted) support advertising measurement. Cookies may be first-party (set by the domain you are visiting) or third-party (set by another domain, often because that party’s script, iframe, or image loads on the page).
Similar technologies include: local storage and session storage in browsers, which can store larger amounts of data than traditional cookies; IndexedDB and other browser databases; pixels (tiny images) or tags that cause your browser to request a resource from a server, revealing IP address, headers, and sometimes cookie values; JavaScript SDKs embedded in pages; server logs that record requests; device or advertising identifiers in non-web environments; and techniques sometimes described as fingerprinting, which infer identity from combinations of device and browser attributes. We use only a subset of these on the Site, but we describe the category comprehensively for transparency and because regulators treat many technologies functionally like cookies when they store or access information on devices.
2. Why law distinguishes “strictly necessary” from optional technologies
Under PECR and analogous EU rules, storing information on, or gaining access to information stored on, a user’s terminal equipment generally requires consent, unless an exception applies. A commonly cited exception covers storage/access that is strictly necessary to provide a service explicitly requested by the user, for example, to remember what is in a shopping basket, to authenticate a logged-in session, to balance load across servers, or to remember a user’s cookie choices themselves. Analytics or marketing technologies are typically not strictly necessary merely because they help a business understand performance; regulators have repeatedly said that analytics cookies usually require consent unless a very narrow necessity argument applies (which is fact-specific).
We therefore categorise technologies we use (or that may load via embedded content) into: strictly necessary; functional; analytics and performance; and marketing and advertising. Where consent is required, we seek it before setting non-essential cookies except where your browser settings or another lawful mechanism applies. If you refuse optional categories, we will not use those technologies for your device, subject to technical limitations described below.
3. Strictly necessary cookies and storage
These technologies enable core Site functions and security. Examples may include: session cookies that maintain state during a single visit; security cookies that mitigate cross-site request forgery or brute-force login attempts; cookies that record that you have dismissed a banner or saved preferences so we do not repeatedly ask; routing cookies used by content delivery networks; and temporary storage of form data to prevent loss on accidental navigation. Because these are tied to providing the service you request (viewing our Site securely and consistently), we rely on the strictly necessary exemption where available and do not generally offer an opt-out that would break core functionality, though you can still block all cookies via browser settings at the cost of degraded experience.
4. Functional cookies and storage
Functional technologies remember choices that improve usability but are not strictly essential, such as preferred language, region, text size, or whether you prefer reduced motion. Depending on jurisdiction and ICO guidance applicable at the time, functional storage may require consent if not truly necessary. We aim to obtain consent where required before using optional functional tools. If you decline, we may default to standard settings.
5. Analytics and performance technologies
Analytics helps us understand aggregate traffic patterns: which pages are viewed, how long sessions last, scroll depth, click paths, error rates, and technical dimensions like device category and browser version. Analytics may use cookies or pseudonymous identifiers to distinguish returning visitors from new ones, or to stitch sessions. Some analytics can be configured in a privacy-oriented way (for example IP anonymisation, shortened retention, disabling advertising features). We work to minimise collection and to avoid using analytics for unrelated profiling where we have committed to a narrow configuration. Where analytics is not strictly necessary, we request consent in line with PECR/ePrivacy before activation, or we use first-party, aggregated metrics that do not involve non-essential storage on your device.
Performance monitoring may also include real user monitoring (“RUM”) that captures timing of page loads and API calls. RUM data may be associated with a session identifier. We use such data to diagnose slowdowns and prioritise engineering work.
6. Marketing, advertising, and attribution technologies
If we run digital advertising, we or our partners may use cookies or pixels to measure whether ads drove visits (attribution), to build audience segments, or to cap how often you see an ad (frequency capping). Partners may set third-party cookies subject to their policies. In the European Economic Area, UK, and similar jurisdictions, consent is typically required for storing/accessing information on devices for advertising purposes, and additional rules may apply to personalised advertising under GDPR. We integrate marketing tags only where permitted and after appropriate consent, except where a technology is strictly necessary for a non-advertising purpose.
Retargeting (remarketing) shows ads to people who previously visited our Site. It usually relies on identifiers stored on your device or held by ad platforms. You can opt out via consent tools, partner opt-out pages, or industry programmes where available.
7. Social media, video, and embedded third-party content
Pages may embed content from video hosts, social networks, or slide decks. When you interact with an embed, the third party may set or read cookies even if you did not leave our Site. We try to use privacy-enhanced embed modes where available (for example click-to-load placeholders so third-party scripts do not run until you choose to play content). Those practices reduce, but may not eliminate, third-party data collection.
8. Email, newsletters, and tracking pixels
Marketing emails may contain a small invisible image (“web beacon”) that signals when an email was opened and may record IP address, time, and user agent. You can disable automatic image loading in many email clients to reduce this. Click tracking may route links through a redirect URL that logs the click before sending you to the destination. We describe these practices in our Privacy Policy and honour unsubscribe requests.
9. Server logs and CDNs
When you request a page, servers automatically log data such as IP address, timestamp, requested URL, HTTP status, referrer, and user agent. Logs are primarily for security, debugging, and capacity planning. Retention is limited as described in the Privacy Policy. Content delivery networks may set cookies for routing and security; many such cookies are considered strictly necessary for delivering content efficiently.
10. Session duration: persistent vs session cookies
Session cookies expire when you close the browser (or when the session times out). Persistent cookies remain for a defined period or until you delete them. Persistent cookies are common for remembering consent, language, or analytics returning-user flags. Each cookie’s duration depends on its purpose; we aim to use the shortest practical lifetime.
11. First-party vs third-party perspective
From a browser’s point of view, first-party cookies are set by the Site’s origin. Third-party cookies are set by other origins loaded on the page. Many browsers restrict third-party cookies by default (for example Safari’s Intelligent Tracking Prevention, Firefox’s Enhanced Tracking Protection, and Chrome’s Privacy Sandbox evolution). That restriction affects whether certain advertising or cross-site analytics techniques work. We design fallbacks where possible, such as first-party analytics or aggregated server-side metrics. When you use multiple tabs or windows, each may maintain separate storage contexts depending on browser implementation; consent choices usually apply per browser profile rather than per tab.
12. Consent management and preference storage
Where we deploy a cookie banner or consent management platform (“CMP”), it typically records your choices in a first-party cookie or in local storage so that your preferences persist across pages and sessions. The CMP may communicate consent signals to third-party tags to block or allow them dynamically. Consent must be freely given, specific, informed, and unambiguous under GDPR when GDPR applies to the processing of personal data associated with cookies. Pre-ticked boxes for non-essential cookies are not valid consent. Withdrawing consent must be as easy as giving it; we provide a visible link or settings entry where feasible to reopen preferences.
If you clear cookies or use a different browser or device, you may need to set preferences again. Incognito or private modes may isolate storage so consent does not carry over to your normal profile.
13. Global Privacy Control and similar signals
Some jurisdictions require businesses to honour global opt-out preference signals, such as the Global Privacy Control (“GPC”) in certain US state contexts, for specific categories of processing. Implementation varies by product stack. Where legally required and technically supported, we configure tags to respect such signals for applicable visitors. GPC is not universally recognised in the UK or EU as a substitute for cookie consent under PECR, but it may inform choices in cross-border setups.
14. Do Not Track
Historically, browsers offered a “Do Not Track” (“DNT”) header. There is no single industry standard for how websites must respond. We treat consent frameworks and applicable law as primary controls rather than DNT alone.
15. Relationship between cookies and personal data
Cookie identifiers, when combined with other data or when they can be linked to an identifiable individual, constitute personal data under GDPR. IP addresses may be personal data even without cookies. Aggregated statistics that cannot be re-linked are not personal data. Our Privacy Policy describes legal bases and rights; this Policy focuses on terminal-storage mechanics.
16. Legitimate interests and cookies
Under GDPR, legitimate interests can sometimes justify processing of personal data, but PECR/ePrivacy still governs storage/access on devices separately. Therefore, even if a controller argues legitimate interests for analytics, consent may still be required for non-essential cookies in the UK/EU. We do not rely on this Policy to bypass cookie consent rules where regulators require consent for optional technologies.
17. Cookie tables and dynamic inventories
Detailed inventories (name, provider, purpose, duration) may be maintained in our CMP or a separate document that we update as vendors change. Because third-party scripts can change server-side without notice, absolute real-time accuracy of every name is challenging; we review periodically and respond to vendor changes. Enterprise customers may request a point-in-time export for procurement reviews.
| Category (illustrative) | Typical purpose | Typical duration | Consent generally required (UK/EU) |
|---|---|---|---|
| Strictly necessary | Security, routing, consent storage, core session | Session to 12 months | No (exempt if truly necessary) |
| Functional | Language, UI preferences | 6–12 months | Often yes unless narrowly necessary |
| Analytics | Audience measurement, funnels, errors | 1–24 months depending on tool | Typically yes |
| Marketing | Attribution, retargeting, personalisation | 1–13 months typical ad cookies | Typically yes |
18. Browser controls: step-by-step overview
You can block or delete cookies through browser settings. The path differs by vendor and version; consult official help pages for the latest steps. General patterns: Google Chrome: Settings → Privacy and security → Cookies and other site data; Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data; Safari (macOS): Safari → Settings → Privacy → Manage Website Data; Microsoft Edge : Settings → Cookies and site permissions. Mobile browsers have analogous menus. Blocking all cookies may break login flows and consent memory.
19. Opt-out tools and advertising industry programmes
Industry programmes such as the European Interactive Digital Advertising Alliance (“EDAA”) or US Network Advertising Initiative provide consumer opt-outs for participating companies. Opt-outs are often cookie-based themselves, meaning they may reset if you delete cookies. Your Ad Choices or similar pages explain limitations.
20. SameSite, Secure, HttpOnly attributes
Cookies may carry attributes that affect security: HttpOnly reduces JavaScript access (helpful for session security); Secure limits transmission to HTTPS; SameSite restricts cross-site sending, mitigating some CSRF and cross-site leaks. We aim to follow current best practices for cookies we set.
21. Local law variations (high level)
Cookie and tracker rules differ globally. The UK and EU emphasise prior consent for many non-essential technologies. Some US states require opt-outs for “sale,” “sharing,” or targeted advertising, which may intersect with digital advertising tags even when PECR-style consent is not identical. Other countries have data localisation or content laws affecting where logs are stored. This Policy is centred on our UK-based operations and Site visitors from major markets; your local counsel should advise on multinational sites or product surfaces.
22. Children
The Site is business-oriented. We do not knowingly use optional marketing trackers directed at children. Parents and guardians should use device and browser parental controls if minors access shared devices.
23. Changes to this Policy
We may update this Policy when we change technologies, vendors, or legal requirements. We will revise the “Last updated” date and, where appropriate, refresh consent or re-prompt users when a new non-essential technology is introduced. Material changes may be highlighted via banner or email if they affect ongoing marketing programmes.
24. Technical limitations and honesty about control
No consent framework is perfect. Race conditions may briefly load a tag before blocking completes; cached pages may include older scripts until refreshed; third parties may update endpoints. We monitor and remediate issues when identified. If you believe a tag fires without appropriate consent, notify us with screenshots, URL, time, and browser version so we can investigate.
25. Server-side tagging and “cookieless” marketing claims
Some architectures move data collection to a first-party server to reduce third-party cookie reliance. That does not automatically eliminate privacy obligations: personal data may still be processed, and legal bases still apply. We describe actual practices rather than marketing labels.
26. A/B testing, personalisation, and feature flags
Experiments may assign you to a variant using a cookie or randomised identifier to preserve consistency during a test. If not strictly necessary, such assignment should fall under consent or another lawful mechanism consistent with regulator guidance.
27. Heatmaps, session replay, and behavioural tools
Advanced analytics tools may record mouse movement, clicks, or even partial page content, which can inadvertently capture typed personal data if forms are not masked. We use such tools cautiously, configure exclusion rules where available, and gate them behind consent when required.
28. Fraud prevention and bot detection
Some security vendors set cookies or use JavaScript challenges to distinguish humans from bots. Many such technologies are considered strictly necessary for security, but implementations vary; we assess each vendor’s data flows.
29. Employee and contractor access to cookie data
Access to analytics dashboards is limited to personnel who need it for their roles and is subject to confidentiality. Vendors also impose access controls in their terms.
30. Data retention for cookie-related records
Consent logs may be retained to demonstrate compliance for several years, depending on legal advice and limitation periods. Analytics raw event data may be retained for shorter periods if configured; aggregates may be kept longer.
31. Cross-border transfers via vendors
Cookie vendors may process data in multiple countries. Our Privacy Policy describes international transfer mechanisms such as Standard Contractual Clauses and supplementary measures.
32. Interaction with app technologies (if applicable)
If we offer native applications in the future, similar identifiers (advertising IDs, vendor SDKs) may apply. We will publish an addendum or update this Policy to cover non-web environments.
33. WebView and in-app browsers
Social or messaging apps may open our Site inside embedded browsers with different storage isolation. Consent and cookie behaviour may differ from your default mobile browser.
34. Regulatory complaints
If you believe we have misused cookies or trackers, you may contact us first. You may also complain to the ICO or your local supervisory authority under GDPR for personal data issues, and you may use applicable electronic communications complaint routes where available.
35. Definitions quick reference
- Ad tech stack: platforms that buy, sell, measure, or serve ads.
- Attribution: estimating which touchpoints contributed to a conversion.
- Cookie wall: denying access unless users accept all cookies, often scrutinised by regulators if alternatives are not offered.
- TCF: Transparency and Consent Framework used by parts of the ad industry in the EU/UK (if integrated, our CMP documentation explains).
36. Vendor due diligence summary
Before onboarding analytics or advertising vendors, we review documentation, data processing terms, security practices, subprocessor lists, and regional compliance claims. We prefer vendors that support IP anonymisation, configurable retention, and region-specific data routing where feasible.
37. Scientific and aggregate research uses
Rarely, aggregated cookie-derived metrics may inform published research (for example industry benchmark reports). Such outputs should not identify individuals.
38. Contractual commitments to enterprise visitors
If you visit our Site on behalf of an enterprise evaluating Leadpipe, your organisation’s procurement policy may impose additional requirements. We can provide supplementary schedules under NDA where justified.
39. Accessibility of preference controls
Cookie banners and preference centres should be operable via keyboard and screen readers where we control implementation. If you encounter barriers, tell us so we can improve.
40. Contact
Cookie-related questions: support@leadpipe.com. Midbound Limited, Spaceworks Building, 21 Plumbers Row, London, United Kingdom E1 1AG. For regulatory correspondence, mark the subject line clearly (for example “Cookie / PECR enquiry”) so we can route your message to the appropriate internal owner without delay.
41. Layered notices and UX design principles
Regulators encourage layered information: a short summary at the point of choice with links to deeper detail. This Policy is the deep layer. Our banner (if shown) should present equal prominence for accept and reject where required, avoid dark patterns such as misleading colour contrast or confusing navigation, and avoid bundling unrelated purposes into a single consent if granularity is mandated. We review banner copy against ICO and EDPB guidance as updated. Where we use only strictly necessary cookies, we may not show a consent banner but will still provide information in this Policy and in the Privacy Policy.
42. Logging consent events for accountability
To demonstrate compliance, we may log timestamps, a hashed identifier, consent scope (which categories were accepted), and the banner version shown. These logs are themselves personal data if identifiable and are protected under our security programme. Retention aligns with statutory limitation periods and internal policy.
43. Third-party responsibility boundaries
When a third party sets cookies via our Site, that party acts as an independent or joint controller depending on facts. Their policies govern additional processing. We select partners carefully but cannot fully control their downstream subprocessors; contracts impose flow-down requirements where possible.
44. Cookie sync and identifier matching
In advertising ecosystems, vendors sometimes synchronise cookie IDs to recognise the same browser across domains. Sync pixels can cause chains of requests. Such practices heighten transparency obligations; we limit partners and document purposes.
45. Frequency capping and creative rotation
Advertisers use cookies or ad platform IDs to limit how often you see the same creative. While user-friendly, the underlying storage still generally requires consent when not strictly necessary.
46. Geo-targeting and regulatory messaging
We may infer approximate jurisdiction from IP to decide which banner text or default settings to show. That inference uses personal data and should be proportionate; we do not use precise geolocation from browser APIs for banners unless you allow related features.
47. Impact of browser deprecation of third-party cookies
Industry migration toward privacy-preserving advertising APIs changes how conversions are measured. Our Policy will evolve as we adopt new techniques; core principles, minimisation, transparency, and lawful basis, remain.
48. Academic note on “zombie” and supercookies
Historically, some techniques attempted to recreate identifiers after deletion (for example using unusual storage locations). Such practices are widely condemned and may violate law. We do not use them.
49. Enterprise single sign-on and cookie scope
If customers authenticate via SSO, identity providers set their own cookies on their domains. Those are outside our control when on the IdP’s origin.
50. Final acknowledgement
This Cookie Policy is part of Leadpipe’s transparency programme. It does not replace bespoke legal advice for your organisation’s own website or product, especially if you process special category data or operate in regulated sectors. We will continue to refine both technical implementation and documentation as standards mature.
51. Granular purposes and the IAB Transparency and Consent Framework (conceptual overview)
In parts of the digital advertising industry, participants use the IAB Europe Transparency and Consent Framework (“TCF”) or successor standards to signal consent and legitimate-interest choices across vendors. If we integrate a TCF-compatible CMP, the framework maps purposes (such as storing and/or accessing information on a device, selecting personalised advertising, measuring ad performance, and using limited data to select content) to vendor-specific signals. The TCF does not replace GDPR or PECR but provides a structured way to propagate choices to many ad tech participants. Users can review vendor lists and purposes within the CMP interface. We remain responsible for ensuring our deployment matches our actual tag behaviour; misconfigured tags that fire despite negative signals create regulatory risk. We test consent strings after major releases.
Special feature flags within TCF may relate to precise geolocation or sensitive data processing in advertising contexts. We aim not to activate such features on a general corporate marketing site unless there is a clear, lawful basis and configuration aligned with our risk assessment.
52. Consent string storage, integrity, and audits
Consent strings or TC strings may be stored in first-party cookies or passed to vendors via APIs. Integrity matters: tampering could misrepresent user choice. Server-side validation may compare signals to allowed vendors. Internal audits sample sessions to verify that tags respect stored preferences. External auditors or customers may request evidence of testing methodology under NDA.
53. Worked example: analytics after rejection
Suppose you reject analytics cookies. Our Site should still load core navigation and content. Page views might be counted in aggregate server logs without persistent identifiers tied to your device, or analytics may be disabled entirely for your session. Some implementations use a short-lived session cookie strictly necessary for load balancing; that is distinct from analytics. If you still see analytics network requests, that may indicate a misconfiguration, please report it.
54. Worked example: marketing after acceptance
Suppose you accept marketing cookies. An ad platform may set its cookie or use a first-party identifier to attribute a later visit to an ad click. The platform’s policy governs additional uses. You may later withdraw consent; subsequent tag loads should stop setting new marketing cookies, though previously set cookies may persist until expiry or manual deletion, withdrawal stops further processing to the extent technically feasible going forward.
55. Interaction with soft opt-in for email (PECR context)
PECR contains specific rules for electronic mail marketing to individuals, including the “soft opt-in” for existing customers in certain circumstances. That regime is distinct from cookies but often discussed together in compliance programmes. Our email practices are described in the Privacy Policy; this Policy focuses on web storage. We do not treat email soft opt-in as permission to drop non-essential cookies without appropriate grounds.
56. Corporate devices, bring-your-own-device, and shared terminals
On shared computers, consent choices may reflect the last user. Enterprises may deploy group policies that clear cookies on exit. We recommend signing out and clearing Site data on public kiosks after use where sensitive business information was entered.
57. VPNs, proxies, and geolocation uncertainty
VPNs may route traffic through other countries, affecting which banner variant you see and which ad partners are eligible to bid. IP-derived location may not reflect your true jurisdiction; legal rights depend on your actual circumstances, not solely on IP.
58. Cookies in downloadable resources
PDFs or other downloads generally do not execute JavaScript cookies in the same way browsers do, but opening a PDF online in a viewer may still involve network requests. Offline copies do not phone home unless you later use linked features.
59. Security cookies vs tracking: a practical distinction
A cookie that rotates session tokens to prevent fixation is security-focused. A cookie that solely builds cross-site behavioural profiles is not. Borderline cases exist (for example fraud scores); we document rationale and seek advice where unclear.
60. Frequently asked questions (illustrative)
Do cookies contain viruses? Cookies are text, not executable programs, but they can be used in combination with exploits in rare scenarios; keep browsers updated.
Why do I see more cookies after accepting all? Marketing and analytics vendors set additional cookies or use local storage when activated.
Can I use ad blockers? Yes; they may block tags entirely. Some Site features might degrade.
Does Leadpipe read cookies from other companies’ sites? Our Site cannot read third-party cookies from unrelated domains due to browser same-origin policy; partners may read their own cookies when loaded here.
61. Versioning and archived Policy text
We may archive prior versions internally or upon request for transparency. The “Last updated” date reflects the current public version. Substantive changes may be summarised in release notes for enterprise customers where contractually relevant.
62. Relationship to product dashboard cookies
Authenticated Leadpipe product experiences may use additional cookies or tokens for sessions and CSRF protection governed by product security documentation and customer agreements. This Policy primarily addresses the public marketing Site; logged-in areas may share some infrastructure and security cookies.
63. Cookieless analytics and privacy-preserving techniques
Techniques such as differential privacy, k-anonymity in reporting, and aggregated conversion measurement APIs seek to reduce individual-level tracking. We evaluate these tools as they mature. Adoption depends on accuracy trade-offs and partner support.
64. Legal hold and investigations
If we preserve logs or consent records subject to legal hold, deletion timelines in ordinary policies may be paused for affected datasets until the matter resolves.
65. Transparency reports (future)
We may publish high-level statistics on consent rates or tag prevalence. Such reports should avoid re-identifying individuals.
66. Closing summary
Cookies and similar technologies are tools. Their lawfulness depends on purpose, necessity, transparency, and user control. This Policy explains Leadpipe’s approach in depth so that visitors, customers, and regulators can assess our practices. We welcome feedback on clarity and completeness and will iterate as technologies and law evolve. Thank you for taking the time to read this document carefully; we appreciate your attention to these important details.
67. Extended discussion: proportionality and data minimisation on the web
Data protection principles require that personal data be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. On websites, that principle translates into choices about which tags load by default, how long identifiers persist, whether IP full addresses are stored or truncated, whether user-level IDs are needed or cohort-level metrics suffice, and whether expensive cross-site identity graphs are justified for a given campaign. We periodically review our tag inventory and remove dormant pixels, consolidate vendors where possible, and shorten retention in partner consoles when product requirements allow. Minimisation is not a one-time task: each new landing page experiment, personalisation rule, or integration can reintroduce breadth; governance checkpoints help catch drift before it accumulates into compliance debt.
Proportionality also interacts with security: collecting more telemetry can improve detection of attacks, but excessive collection increases risk if logs leak. We balance these needs through tiered logging, sampling, and role-based access. For cookie-specific harms, disproportionate tracking can enable profiling that individuals find intrusive; offering meaningful opt-outs and clear language mitigates impact even when law permits certain processing.
Finally, documentation proportionality matters for readers: this Policy is long because regulators expect demonstrable understanding of complex stacks, but we still strive for plain-language summaries at the point of choice. If you believe any section could be clearer without losing accuracy, email support@leadpipe.com with the section heading and your suggestion. We review substantive feedback in our regular privacy working-group meetings and may publish clarifications or minor revisions outside the formal “Last updated” cycle when we fix typographical errors or broken links.