Cookie Policy
Last updated:
This Cookie Policy explains how Cornerstone Global Partners Pte Ltd and its related corporations within the CGP Group, including Cornerstone Global Partners Columbus Inc in the United States (collectively, "we," "us," or "our"), use cookies and similar tracking technologies on the Keystone AI product platform at https://gokeystone.ai.
This Cookie Policy complies with applicable cookie and electronic communications laws across the jurisdictions in which we operate or receive personal data, including but not limited to: Singapore's Personal Data Protection Act (PDPA), Malaysia's Personal Data Protection Act, Vietnam's Personal Data Protection Law (PDPL), Thailand's Personal Data Protection Act, China's Personal Information Protection Law (PIPL), Colombia's Ley 1581 de 2012 (Habeas Data), the European Union's General Data Protection Regulation (GDPR) and ePrivacy Directive, the United Kingdom's Data Protection Act 2018, UK GDPR, and Privacy and Electronic Communications Regulations (PECR), and applicable United States federal and state privacy laws (including the California Consumer Privacy Act / California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and Utah Consumer Privacy Act).
This Cookie Policy supplements our Privacy Policy and applies specifically to the Keystone AI product platform. For cookies used on the CGP Group corporate website, please refer to the CGP Group Cookie Policy at https://www.cgpgroup.com/cookie-policy. For cookies used on the Keystone EOR product, please refer to the Keystone EOR Cookie Policy at https://eor.gokeystone.ai/cookie-policy.
Note: Terms governing your use of the Keystone AI product are set out in the Keystone AI Terms of Service, available at https://gokeystone.ai/terms-of-service.
By signing into the Keystone AI platform and using the Service, you agree to the use of cookies in accordance with this Policy and the choices you make through our consent banner or in-product preferences.
1. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile) by websites or web applications that you use. They are widely used to make products work efficiently, remember user preferences, enable secure authentication, and provide information about how the product is being used.
In a logged-in product context like Keystone AI, cookies play an essential role in maintaining your session, protecting your account from unauthorised access, and remembering your in-product preferences. We also use similar technologies including pixels, tags, local storage, and session storage. For convenience, all of these technologies are referred to as "cookies" in this Policy.
2. Categories of Cookies We Use
Our cookies are grouped into six categories, matching the categories shown in our cookie consent banner. Categories aside from "Necessary" can be toggled on or off in the banner. Under the hood, our consent infrastructure uses Google Consent Mode v2 (advanced) — see Section 3.
Necessary
Required to enable basic product features, such as authentication (via Clerk), session management, and remembering your consent preferences. These cookies cannot be disabled — without them, you cannot log in or use the product securely.
Functional
Help the product provide enhanced functionality such as remembering your in-product preferences (language, time zone, theme), supporting content sharing, collecting feedback, and supporting selected third-party features. These cookies are loaded only after you grant consent through our cookie banner.
Analytics
Help us understand how users interact with the Keystone AI platform — which features are used most, where users encounter friction, and how to improve product design. Includes visitor counts, feature usage, navigation patterns, and similar aggregated metrics. Under Google Consent Mode v2, this category corresponds to the parameter analytics_storage. These cookies are loaded only after you grant consent.
Performance
Help us understand and improve key performance indicators so we can deliver a better experience — including page load times, error tracking, and real user monitoring. These cookies are loaded only after you grant consent through our cookie banner.
Advertisement
Help provide more relevant advertising based on pages visited previously and measure campaign effectiveness. If we run marketing campaigns inside the product (such as feature announcements or upgrade prompts), these cookies may be used to deliver and measure them. Under Google Consent Mode v2, this category corresponds to:
- ad_storage — storage related to advertising cookies
- ad_user_data — consent for sending user data related to advertising to Google
- ad_personalization — consent for personalized advertising
These cookies are loaded only after you grant consent through our cookie banner or in-product preferences. As noted in Section 4, we do not currently use any advertisement cookies — this category exists in the consent banner, so future infrastructure can be activated transparently.
Uncategorized
Cover cookies that are still being reviewed and have not yet been assigned to another category. These cookies are loaded only after you grant consent through our cookie banner.
3. Google Consent Mode v2 (Advanced)
Like our corporate site, the Keystone AI product implements Google Consent Mode v2 in advanced mode, deployed via Google Tag Manager (GTM). By default, all four consent parameters are set to denied until you grant consent through our cookie banner or in-product preferences. Google tags will not store cookies on your device or send identifiable data to Google until you accept.
The consent parameters tracked are:
- analytics_storage (Analytics) — default denied. Enables storage for analytics (page views, feature usage).
- ad_storage (Marketing) — default denied. Enables storage for advertising cookies.
- ad_user_data (Marketing) — default denied. Sets consent for sending user data to Google for advertising.
- ad_personalization (Marketing) — default denied. Sets consent for personalised advertising.
If you do not grant consent for analytics or advertising cookies, our Google tags continue to run in a privacy-preserving mode — no identifiable cookies are written and no personal identifiers are sent. You can change your consent preferences at any time through the "Manage Cookies" link in the footer or via your account settings.
4. Specific Cookies We Use
Necessary
Authentication is provided by Clerk. Keystone AI does not set a custom session cookie — Clerk's cookies are used instead. There is no separate CSRF cookie; protection is via Clerk session security and stateless JWT verification (Authorization: Bearer header on the GraphQL API, with the __session cookie as an optional fallback).
Hosting is on AWS ECS Fargate behind CloudFront and an Application Load Balancer (ALB). ALB stickiness is not configured and CloudFront does not set visitor cookies on gokeystone.ai, so no AWSALB / AWSALBCORS cookies are present.
- __session (Clerk) — authenticated session JWT. Duration: session; extended when you select "Remember me".
- __client (Clerk) — browser / client identification for session security. Duration: persistent (managed by Clerk).
- __client_uat (Clerk) — last activity timestamp. Duration: short-lived.
- keystone_cookie_consent (Keystone AI) — stores your cookie consent preferences (also persisted in browser localStorage). Duration: 12 months.
Analytics — Google Analytics 4 (GA4) via Google Tag Manager
GA4 is loaded through our Google Tag Manager container (ID: GTM-WSKZCRH4). The GA4 measurement ID is configured inside GTM and is not embedded in the application code.
- _ga (Google Analytics) — distinguishes unique users. Duration: 2 years.
- _ga_* (Google Analytics 4) — persists session state for the GA4 property (the * is replaced with our specific GA4 container ID). Duration: 2 years.
Performance — Datadog Browser RUM
We use Datadog Browser Real User Monitoring (RUM) to measure page load times, errors, and overall performance of the platform. Datadog RUM cookies are loaded only after you grant consent for the Performance category through our cookie banner or account settings.
- _dd_s_v2 (Datadog Browser RUM) — stores the RUM session identifier, sampling decision, session expiration timestamp, and an anonymous user ID used to correlate sessions from the same browser across visits. Duration: 1 year (the session itself expires after 4 hours of activity / 15 minutes of inactivity; the cookie persists longer to retain the anonymous identifier).
- dd_cookie_test_{uuid} / dd_site_test_{uuid} (Datadog Browser RUM) — ephemeral probe cookies used by the SDK on initialization to detect whether the browser accepts cookies and determine the correct domain scope. They are set, read, and immediately deleted within the same page load. Duration: instant (never persist beyond the detection check).
All Datadog RUM cookies are first-party. No cross-site or third-party cookies are set by the Datadog RUM SDK.
Functional / Preferences
- keystone_cookie_consent (Cookie + localStorage, Keystone AI) — consent preferences (mirrored from Necessary). Duration: 12 months.
- sidebar_state (Cookie, Keystone AI) — sidebar expanded / collapsed state. Duration: 7 days.
- theme (localStorage, Keystone AI) — light / dark / system theme preference. Duration: until cleared.
There is no language cookie (the product is English-only). There is no onboarding_complete cookie — onboarding state is stored in the database and routed within the product.
Advertisement
We do not currently use advertisement cookies inside the product. As of the "Last updated" date of this Cookie Policy, the only analytics we deploy is Google Analytics 4. If we add in-product advertisement cookies in the future (such as LinkedIn Insight Tag for B2B remarketing or Google Ads conversion tracking), we will update this Cookie Policy and adjust our consent banner accordingly.
Uncategorized
Cookies in this category have not yet been classified. We review newly discovered cookies regularly and reassign them to the appropriate category.
5. Third-Party Cookies and Services
Some cookies are set by third-party services integrated into Keystone AI. These third parties use cookies for their own purposes, governed by their own privacy policies:
- Clerk (authentication) — cookies on gokeystone.ai: yes (__session, __client, __client_uat). Privacy policy: clerk.com/privacy.
- Google Analytics 4 (via GTM, container GTM-WSKZCRH4) — analytics. Cookies on gokeystone.ai: yes, after Analytics consent. Privacy policy: policies.google.com/privacy.
- Datadog Browser RUM (performance monitoring) — cookies on gokeystone.ai: yes, after Performance consent. Privacy policy: datadoghq.com/legal/privacy.
- Spott (CRM + demo scheduling) — stores form submissions (contact, demo, newsletter, pricing enquiries) and powers "Book a Demo". Cookies on gokeystone.ai: none on product pages; yes on spott.io if you follow "Book a Demo". Privacy policy: spott.io/cookie-policy.
We do not control the cookies set by third-party services. Please refer to their respective privacy policies for more information.
6. Managing Your Cookie Preferences
You can manage your cookie preferences in three ways:
Through our cookie banner
Use the "Manage Cookies" link in the product footer or at the bottom of any page to revisit your consent choices at any time. You can grant or deny consent by category (Analytics, Functionality, Payment, Marketing). Strictly Necessary cookies cannot be disabled because they are required for the product to function.
Through your account settings
Logged-in users can also manage cookie preferences from inside the product via the "Cookie settings" entry in the account menu, or via the "Cookie settings" link in the public footer.
Through your browser settings
Most web browsers allow you to manage cookies through their settings. You can typically view, delete, block, or receive alerts about cookies. Note that if you block or delete strictly necessary cookies, you will not be able to log in or use the product.
For instructions on managing cookies in your browser, please refer to:
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
- Apple Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471
- Microsoft Edge: https://support.microsoft.com/microsoft-edge
7. Global Opt-In Default and US State Rights
Our cookie consent banner applies the same opt-in default for all visitors regardless of location: all cookies aside from "Necessary" are blocked until you grant consent through the banner. Under the hood, this is implemented using Google Consent Mode v2 in advanced mode, with all consent parameters defaulting to denied until you interact with the banner. This approach meets the strictest legal requirements (such as the GDPR for EEA visitors and the UK Privacy and Electronic Communications Regulations) and exceeds the minimum requirements for visitors in jurisdictions with more permissive defaults.
Visitors who are residents of California, Virginia, Colorado, Connecticut, or Utah have additional rights under their respective state privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA), including the right to opt out of the sale or sharing of personal information for cross-context behavioural advertising. To exercise these rights, please refer to our Privacy Policy or contact our Data Protection Officer.
8. Special Considerations for Logged-in Users
Because Keystone AI is a logged-in product platform, certain cookie practices differ from anonymous website visitors:
- Your consent choices are stored on your browser and device (in the keystone_cookie_consent cookie and browser localStorage) and apply across sessions on that device until you change them or clear site data.
- Strictly necessary cookies (Clerk authentication, consent storage) cannot be disabled — disabling them would prevent you from logging in or using the product securely.
- Optional cookies (Analytics, Functional, Performance) load only after you grant the relevant category through our cookie banner or account menu.
- If you delete your Keystone AI account, personal data tied to your account is handled as described in our Privacy Policy. Browser-stored consent and preference data may remain until you clear site data in your browser.
9. Your Rights
You have certain rights regarding your personal data, including the right to access, correct, delete, and (where applicable) port your data. To learn more about your rights, please see our Privacy Policy or contact our Data Protection Officer at the details below.
10. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our cookie practices, new product features, new third-party integrations, or legal requirements. The "Last updated" date at the top of this Policy indicates when it was last revised. Material changes will be communicated through an in-product notice or via email to logged-in users.
11. Contact Us
If you have any questions about this Cookie Policy or our data practices, please contact our Data Protection Officer:
Email: dpo@cgpgroup.com