Cookie Policy

Last updated: 20 April 2026

1. What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are used to make sites work, to remember your preferences, and to provide information about how the site is used. Similar technologies include local storage (data stored in your browser that persists beyond a session) and session storage (data that clears when you close the browser tab).

Under UK GDPR, EU GDPR, and the UK Privacy and Electronic Communications Regulations (PECR), analytics cookies require your consent before being set. Strictly necessary cookies do not require consent.

2. Cookies We Use

The table below lists every cookie set by quantumsecuritydefence.com, its purpose, the party that sets it, and how long it lasts.

Category 1: Strictly Necessary

These cookies are required for the site to function. They do not track you across sites and do not require your consent under PECR.

Cookie Name Purpose Provider Duration Type
__cf_bm Set by Cloudflare to distinguish between humans and bots. Required for Cloudflare's bot management and DDoS protection to function. Cloudflare (third party) 30 minutes HTTP cookie, security
__cfruid Set by Cloudflare for load balancing. Associates the visitor with a specific server in Cloudflare's infrastructure. Cloudflare (third party) Session HTTP cookie, security
CSRF token (session storage) Protects form submissions against cross-site request forgery attacks. Stored in session storage, not a cookie. QSECDEF (first party) Session Session storage

Category 2: Analytics Cookies (Require Consent)

Before you make a consent choice, PostHog runs in a cookieless memory-only mode: no cookie is set, no identifier is stored on your device, and the IP address received in transit is stripped before any event data is written to PostHog's EU servers. This limited pre-consent data collection does not require your consent under Art. 5(3) of the ePrivacy Directive (no storage on your device) and is carried out under legitimate interests for site analytics purposes.

The cookies below are set only when you accept analytics cookies via the consent banner. If you decline, these cookies are not set and no persistent analytics data is associated with your visit. Accepting upgrades PostHog from memory-only to full cookie-based tracking, which allows us to link your session across page loads and, if you submit an email form, to associate your browsing session with your email address via posthog.identify().

Cookie Name Provider Duration Type
ph_phc_[token]_posthog PostHog Inc. (third party, EU-hosted at eu.i.posthog.com) 1 year from last activity HTTP cookie, persistent, analytics
Purpose: PostHog's primary analytics cookie. Stores a pseudonymous distinct_id to identify your browser session across pages and visits. This ID links pageviews, click events, feature flag assignments, and other PostHog events to a single session. If you submit an email form, your email address is linked to this ID (see Privacy Policy, Section 2b). Also stores: last event timestamp, session ID, feature flag variant assignments (for A/B tests currently running: homepage-variant A/B/C and email-cta-copy 4-arm test). Data is retained for 1 year.
ph_phc_[token]_posthog_ses_ PostHog Inc. (third party, EU-hosted) 30 minutes of inactivity HTTP cookie, session, analytics
Purpose: PostHog session cookie. Tracks the current browsing session separately from the persistent distinct_id cookie. Used to group events into sessions for session analysis.

The [token] in the PostHog cookie names is replaced by the first characters of QSECDEF's PostHog project token. You can identify these cookies in your browser by looking for cookies whose name begins with ph_.

Category 3: Functional Cookies

Functional cookies remember your choices to improve your experience. They do not track you for advertising purposes.

Cookie Name Provider Duration Type
qsecdef_cookie_consent QSECDEF (first party) 12 months HTTP cookie, persistent, functional
Purpose: Records your cookie consent choice (accepted / rejected / settings saved) so the consent banner does not reappear on every page visit. Also records the date your consent was given, so we can present the banner again if our cookie use changes materially.

The qsecdef_cookie_consent cookie is set when the consent management banner is implemented. Ellis must implement this as part of the CMP build.

Category 4: Marketing and Advertising Cookies

We do not currently use any advertising or retargeting cookies. We do not share visitor data with advertising networks. If this changes, this policy will be updated before any advertising cookies are set.

3. Consent Management

Who sees the consent banner

The cookie consent banner is displayed to visitors from the following jurisdictions only:

  • United Kingdom (GB)
  • European Union member states: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden (27 member states).
  • European Economic Area (non-EU): Iceland, Liechtenstein, Norway.
  • Switzerland
  • Brazil

Visitors from all other jurisdictions receive PostHog analytics automatically under a legitimate interests basis. No consent banner is shown.

What the banner offers

For in-scope visitors, the banner presents three options:

  • Accept all cookies: sets analytics cookies (PostHog) and functional cookies. You will be tracked anonymously across your visit, and if you submit a form, your email address will be linked to your session.
  • Reject all: only strictly necessary cookies are set. Analytics cookies are not set. The site continues to function fully. A dismissible soft prompt will appear offering the QSECDEF LinkedIn page (linkedin.com/company/quantum-security-defence) as a voluntary alternative channel for updates. This is not a forced redirect.
  • Cookie settings: opens a settings panel where you can accept or decline each category individually.

Your consent choice is stored in the qsecdef_cookie_consent cookie for 12 months. To change your choice at any time, clear your browser cookies and revisit the site.

Why we do not redirect visitors who decline

Automatically redirecting visitors who decline cookies to another platform constitutes a "cookie wall" under EDPB guidance. The European Data Protection Board's Opinion 05/2019 on the interplay between the ePrivacy Directive and GDPR, and subsequent enforcement practice, indicate that requiring visitors to accept tracking as a condition of accessing content is not a valid form of consent under Art. 7 GDPR. We therefore offer LinkedIn as a voluntary option, not a mandatory redirect.

4. Managing Cookies via Your Browser

You can control and delete cookies directly through your browser settings. Instructions for common browsers:

  • Chrome: Settings > Privacy and security > Cookies and other site data
  • Firefox: Preferences > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Cookies and site permissions

Deleting cookies will reset your consent preference, and the consent banner will reappear on your next visit if you are in an in-scope jurisdiction.

5. Third-Party Cookies from Embedded Content

Some pages on this site may embed third-party content (for example, video recordings of lectures hosted on external platforms). Embedded third-party content may set its own cookies. We do not control these cookies. Where a page contains embedded content, we will note this and link to the relevant third party's cookie policy.

6. Changes to This Policy

We update this policy when we change which cookies we use, introduce new analytics features, or implement new third-party services. We will update the "last updated" date at the top of this page. For material changes that affect analytics cookies (for example, adding new tracking services), we will re-present the consent banner to existing visitors in in-scope jurisdictions.

7. Contact

For questions about our use of cookies, email info@quantumsecuritydefence.com or visit our contact page.