K12 Student Data Privacy Addendum

Effective Date: 6/26/2023

This Parchment Student Data Privacy Addendum (“DPA”) is entered into between the Local Education Agency (the “LEA”) and © 2024 Parchment, an Instructure company (the “Provider”) (each, a “Party” andcollectively, the “Parties”). In consideration of the mutual obligations set out herein, upon execution of the K12 District Records Services Order Form, the Parties hereby agree that the terms and conditions set out below shall be added as a DPA to the Service Agreement.

WHEREAS, the Provider is providing educational or digital services to LEA;

WHEREAS, the Provider and LEA recognize the need to protect personally identifiable student information and other regulated data exchanged between them as required by applicable laws and regulations, such as the Family Educational Rights andPrivacy Act (“FERPA”) at 20 U.S.C. § 1232g (34 CFR Part 99); the Children’s Online Privacy Protection Act (“OPPA”) at 15 U.S.C. § 6501-6506 (16 CFR Part 312), and applicable state privacy laws and regulations; and

WHEREAS, the Provider and LEA desire to enter into this DPA for the purpose of establishing their respective obligations and duties in order to comply with applicable laws and regulations.

NOW THEREFORE, for good and valuable consideration, LEA and Provider agree as follows:

A description of the Services to be provided, the categories of Student Data that may be provided by LEA to Provider, and other information specific to this DPA are contained in the Exhibits hereto.
In the event there is conflict between the terms of this DPA and any other writing, including, but not limited to the Service Agreement, the terms of this DPA shall control.
The services to be provided by Provider to LEA pursuant to this DPA are detailed in Exhibit “A” (the “Services”).
Notices. All notices or other communication required or permitted to be given hereunder may be given via e-mail.

ARTICLE I: PURPOSE AND SCOPE

Purpose of DPA. The purpose of this DPA is to describe the duties and responsibilities to protect Student Data including compliance with all applicable federal, state, and local privacy laws, rules, and regulations, all as may be amended from time to time. In performing these services, the Provider shall be considered a School Official with a legitimate educational interest, performing services otherwise provided by the LEA. Provider shall be under the direct control and supervision of the LEA with respect to its use of Student Data.
Student Data to Be Provided. In order to perform the Services described above, LEA shall provide Student Data as identified in the Schedule of Data, attached hereto as Exhibit “B”.
DPA Definitions. The definition of terms used in this DPA is found in Exhibit “C”. In the event of a conflict, definitions used in this DPA shall prevail over terms used in any other writing, including, but not limited to the Service Agreement.

ARTICLE II: DATA OWNERSHIP AND AUTHORIZED ACCESS

Student Data Property of LEA. All Student Data transmitted to the Provider pursuant to the Service Agreement is and will continue to be the property of and under the control of the LEA. The Parties agree that as between them, all rights, including all intellectual property rights in and to Student Data contemplated per the Service Agreement, shall remain the exclusive property of the LEA.
Parent Access. To the extent required by law, the LEA shall establish reasonable procedures by which a parent, legal guardian, or eligible student may review Educational Records and/or Student Data, correct erroneous information, and transfer student-generated content to a personal account. To the extent LEA cannot access or correct Student Data, Provider shall respond in a reasonably timely manner (and no later than forty-five (45) days from the date of the request or pursuant to the time frame required under state law for an LEA to respond to a parent or student, whichever is sooner) to the LEA’s request for Student Data in a student’s records held by the Provider to view or correct, as necessary. In the event that a parent of a student or other individual contacts the Provider to review any of the Student Data accessed pursuant to the Services, the Provider shall refer the parent or individual to the LEA, which will follow the necessary and proper procedures regarding the requested information.
Separate Account. If Student-Generated Content is stored or maintained by the Provider as part of the Services, Provider shall, at the request of the LEA, transfer, or provide a mechanism for the LEA to transfer, said Student-Generated Content to a separate account created by the student.
Law Enforcement Requests. Should law enforcement or other government entities (each a “Requesting Party”) contact Provider with a request for Student Data held by the Provider pursuant to the Services, the Provider shall redirect the Requesting Party to request the Student Data directly from the LEA. Provider shall notify the LEA in advance of a compelled disclosure to a Requesting Party unless lawfully directed by the Requesting Party not to inform the LEA of the request.
Subprocessors. Provider shall enter into written agreements with all Subprocessors performing functions for the Provider in order for the Provider to provide the Services pursuant to the Service Agreement, whereby the Subprocessors agree to protect Student Data in a manner consistent with the terms of this DPA.

ARTICLE III: DUTIES OF LEA

Provide Data in Compliance with Applicable Laws. LEA shall provide Student Data for the purposes of obtaining the Services in compliance with all applicable federal, state, and local privacy laws, rules, and regulations, all as may be amended from time to time.
Annual Notification of Rights. If the LEA has a policy of disclosing Education Records and/or Student Data under FERPA (34 CFR § 99.31(a)(1)), LEA shall include a specification of criteria for determining who constitutes a school official and what constitutes a legitimate educational interest in its annual notification of rights.
Reasonable Precautions. LEA shall take reasonable precautions to secure usernames, passwords, and any other means of gaining access to the Services and hosted Student Data.
Unauthorized Access Notification. LEA shall notify Provider promptly of any known unauthorized use or access of the Services or Student Data. LEA will assist Provider in any efforts by Provider to investigate and respond to any unauthorized access.
LEA Representative. Any notices, communications, or consents required by or relating to this DPA from Provider to the LEA will be sent to the person(s) listed K12 District Records Services Order Form (the “Principal Contact Person”). The Principal Contact Person shall be authorized to act on behalf of the LEA and to make decisions for the LEA and shall serve as the representative of the LEA for coordination and fulfillment of the duties of this DPA.

ARTICLE IV: DUTIES OF PROVIDER

Privacy Compliance. The Provider shall comply with all applicable federal and state laws, rules, and regulations pertaining to Student Data privacy and security, all as may be amended from time to time.
Authorized Use. The Student Data shared pursuant to the Service Agreement, including persistent unique identifiers, shall be used for no purpose other than the Services outlined in Exhibit A or stated in the Service Agreement and/or otherwise authorized under the statutes referred to herein this DPA, to improve the Services, as required by applicable law or court order, and as a result of a merger or acquisition of some or all of its assets or in the diligence process in contemplation thereof.
Provider Employee Obligation. Provider shall require all of Provider’s employees and agents who have access to Student Data to comply with all applicable provisions of this DPA with respect to the Student Data shared under the Service Agreement.
No Disclosure. Provider acknowledges and agrees that it shall not make any re-disclosure of any Student Data or any portion thereof, including without limitation, user content or other non- public information and/or personally identifiable information contained in the Student Data other than as directed or permitted by the LEA or this DPA or as authorized by the Student for the purposes of the Services. This prohibition against disclosure shall not apply to aggregate summaries of De-Identified information, Student Data disclosed pursuant to a lawfully issued subpoena or other legal process, or Student Data disclosed to subprocessors performing services on behalf of the Provider in connection with operating, protecting, or improving the Services. Provider will not “Sell” Student Data or “Share” Student Data for purposes of “cross-context behavioral advertising” (as such terms are defined in applicable state privacy laws).
De-Identified Data: Provider agrees not to attempt to re-identify de-identified Student Data. De- Identified Data may be used by the Provider for any lawful purpose, including, but not limited to, those purposes allowed under FERPA and the following purposes: (1) assisting the LEA or other governmental agencies in conducting research and other studies; and (2) research and product development and benchmarking of the Provider’s educational sites, services, or applications, and to demonstrate the effectiveness of the Services; and (3) for adaptive learning purpose and for customized student learning. Provider’s use of De-Identified Data shall survive termination of this DPA or any request by LEA to return or destroy Student Data.
Disposition of Data. Upon written request from the LEA, Provider shall dispose of Student Data obtained under the Service Agreement, within sixty (60) days of the date of said request, unless Provider is required to retain such information to resolve disputes, enforce its agreements, or comply with its legal obligations or with law enforcement requests. The duty to dispose of Student Data shall not extend to Student Data that has been De-Identified or placed in a separate student account pursuant to Section II 3.
Advertising Limitations. Provider is prohibited from using, disclosing, or selling Student Data to a) inform, influence, or enable Targeted Advertising; or (b) develop a profile of a student, family member/guardian or group, for any purpose other than providing the Services to LEA or as set forth in the Service Agreement. This section does not prohibit Provider from using Student Data (i) for adaptive learning or customized student learning (including generating personalized learning recommendations); or (ii) to make product recommendations to teachers or LEA employees; or (iii) to notify account holders about new education product updates, features, or services or from otherwise using Student Data as permitted in this DPA and its accompanying exhibits.

ARTICLE V: DATA PROVISIONS

Data Storage. Student Data shall be stored within the United States.
Audits. No more than once a year, or following unauthorized access, upon receipt of a written request from the LEA with at least ten (10) business days’ notice and upon the execution of an appropriate confidentiality agreement, the Provider will provide copy of the providers SOC2 Type II report, conducted by an independent third party If such report does not reasonably satisfy LEA’s obligations under applicable law, Provider will work with LEA in good faith to provide LEA additional information reasonably necessary to enable LEA to comply with law to assess Provider’s protection of Student Data as required by this DPA. .
Data Security. The Parties agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on NIST Cybersecurity Framework (CSF) v1.1. LEA and its users are solely responsible for choosing secure credentials (“Access Credentials”) to access the Services and for keeping such Access Credentials confidential. LEA is responsible for any use of the Services using its and its users’ Access Credentials, except to the extent such Access Credentials were obtained directly from Provider.
Security Incident. In the event that Provider becomes aware of any unauthorized access to, or unauthorized release, disclosure or acquisition of, Student Data in Provider’s possession or control (other than unauthorized access to, or unauthorized release, disclosure, or acquisition of, Student Data resulting from the LEA’s failure to keep its Access Credentials secure or confidential as set forth in section 3(2) above) that compromises the security, confidentiality or integrity of the Student Data (“Security Incident”) maintained by the Provider, the Provider shall provide notification to the impacted LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process:
1. The Security Incident notification described above shall include the following information to the extent known by the Provider and as it becomes available:
  1. A list of the types of personal information that were or are reasonably believed to have been the subject of a Security Incident.
  2. Either (1) the date of the Security Incident , (2) the estimated date of the Security Incident , or (3) the date range within which the Security Incident occurred.
  3. Whether the notification was delayed as a result of a law enforcement investigation or request, if permitted.
  4. A general description of the Security Incident,
2. Provider agrees to adhere to all federal and state legal requirements with respect to a Security Incident, including, when required, the responsibilities and procedures for notification and mitigation of any such Security Incident.
3. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident and agrees to provide LEA, upon request, with a summary of said written incident response plan.
4. In the event of a Security Incident originating from LEA’s use of the Services, Provider shall make information available to LEA to the extent reasonably necessary to allow the LEA to secure Student Data.

ARTICLE VI: MISCELLANEOUS

Termination. In the event that either party seeks to terminate this DPA, they may do so so long as the LEA terminated its use of Provider’s Service. The Provider shall destroy all of LEA’s Student Data pursuant to Article IV, section 6.
Priority of Agreements. This DPA shall govern the treatment of Student Data in order to comply with the privacy protections, including those found in FERPA and all applicable privacy statutes identified in this DPA.
Entire Agreement. This DPA and the Service Agreement constitute the entire agreement of the Parties relating to the subject matter hereof and supersede all prior communications, representations, or agreements, oral or written, by the Parties relating thereto. This DPA may be amended and the observance of any provision of this DPA may be waived (either generally or in any particular instance and either retroactively or prospectively) only with the signed written consent of both Parties. Neither failure nor delay on the part of any party in exercising any right, power, or privilege hereunder shall operate as a waiver of such right, nor shall any single or partial exercise of any such right, power, or privilege preclude any further exercise thereof or the exercise of any other right, power, or privilege.
Severability. Any provision of this DPA that is prohibited or unenforceable in any jurisdiction shall, as to such jurisdiction, be ineffective to the extent of such prohibition or unenforceability without invalidating the remaining provisions of this DPA, and any such prohibition or unenforceability in any jurisdiction shall not invalidate or render unenforceable such provision in any other jurisdiction. Notwithstanding the foregoing, if such provision could be more narrowly drawn so as not to be prohibited or unenforceable in such jurisdiction while, at the same time, maintaining the intent of the Parties, it shall, as to such jurisdiction, be so narrowly drawn without invalidating the remaining provisions of this DPA or affecting the validity or enforceability of such provision in any other jurisdiction.
Governing Law; Venue and Jurisdiction. THIS DPA WILL BE GOVERNED BY AND CONSTRUED IN ACCORDANCE WITH THE LAWS OF THE STATE OF THE LEA, WITHOUT REGARD TO CONFLICTS OF LAW PRINCIPLES. EACH PARTY CONSENTS AND SUBMITS TO THE SOLE AND EXCLUSIVE JURISDICTION TO THE STATE AND FEDERAL COURTS FOR THE COUNTY OF THE LEA FOR ANY DISPUTE ARISING OUT OF OR RELATING TO THIS DPA OR THE TRANSACTIONS CONTEMPLATED HEREBY.
Successors Bound: This DPA is and shall be binding upon the respective successors in interest to Provider in the event of a merger, acquisition, consolidation or other business reorganization or sale of all or substantially all of the assets of such business In the event that the Provider sells, merges, or otherwise disposes of its business to a successor during the term of this DPA, the Provider shall provide written notice to the LEA no later than sixty (60) days after the closing date of sale, merger, or disposal. Such notice shall include a written, signed assurance that the successor will assume the obligations of the DPA and any obligations with respect to Student Data within the Service Agreement. The LEA has the authority to terminate the DPA if it disapproves of the successor to whom the Provider is selling, merging, or otherwise disposing of its business.
Authority. Each party represents that it is authorized to bind to the terms of this DPA, including confidentiality and destruction of Student Data and any portion thereof contained therein, all related or associated institutions, individuals, employees or contractors who may have access to the Student Data and/or any portion thereof.
Waiver. No delay or omission by either party to exercise any right hereunder shall be construed as a waiver of any such right and both parties reserve the right to exercise any such right from time to time, as often as may be deemed expedient.

EXHIBIT “A”

DESCRIPTION OF SERVICES

DESCRIPTION OF PARCHMENT AWARD: DISTRICT RECORDS SERVICES. The Parchment Services ordered and described herein shall enable Credential Owners to order and request delivery of Credentials from the Credential holding institution to Credential Recipients (referred to as “Parchment Award District Records Services”). Parchment Award District Records Services also provides a number of additional features and functions, including Credential retrieval and the delivery of Analytics. Subject to Member’s compliance with this Agreement, Parchment will use commercially reasonable efforts to electronically deliver and/or to print and manually send Credentials to Credential Recipients. Member hereby designates Parchment as the Member’s authorized provider in sending official copies of Credentials, on paper or electronically, to Credential Recipients, and agrees to provide such documents and certificates as Parchment reasonably requests, to confirm such authority to prospective Credential Recipients. The Parchment Services provides Member with several processing options, while providing a secure and intuitive online workflow for current students/alumni to request their credentials to be sent to any recipient worldwide. The Parchment Services provide full tracking, notifications, and reporting to both the Member’s administrators and current students/alumni.

EXHIBIT “B”

SCHEDULE OF DATA

	Student class attendance data; LEA must opt-in	Check if Used
Communications	Online communications captured (emails, blog entries)	x
Conduct	Conduct or behavioral data
Demographics	Date of Birth, optional	x
	Place of Birth
	Gender, optional	x
	Ethnicity or race, optional
	Language information (native, or primary language spoken by student), optional
	Other demographic information-Please specify:
Enrollment	Student school enrollment	x
	Student grade level, optional	x
	Homeroom, optional
	Guidance counselor
	Specific curriculum programs
	Year of graduation, optional	x
	Other enrollment information-Please specify:
Parent/Guardian Contact Information	Address	x
	Email, optional	x
	Phone, optional	x
Parent/Guardian ID	Parent ID number (created to link parents to students)
Parent/Guardian Name	First and/or Last, optional	x
Schedule	Student scheduled courses

	Teacher names	Check if Used
Special Indicator	English language learner information, optional
	Low-income status
	Medical alerts/ health data
	Student disability information
	Specialized education services (IEP or 504), optional
	Living situations (homeless/foster care)
	Other indicator information-Please specify:
Student Contact	Address, optional	x
	Email, optional	x
	Phone	x
Student Identifiers	Local (School district) ID number	x
	State ID number, optional	x
	Provider/App assigned student ID number
	Student app username	x
	Student app passwords	x
Student Name	First and/or Last	x
Student In App Performance	Program/application performance (typing program-student types 60 wpm, reading program-student reads below grade level)
Student Program Membership	Academic or extracurricular activities a student may belong to or participate in
Student Survey Responses	Student responses to surveys or questionnaires	x
Student work	Student generated content; writing, pictures, etc.
Student work	Other student work data -Please specify:
Transcript	Student course grades	x
	Student course data	x
	Student course grades/ performance scores	x
	Other transcript data – Please specify:	x
Transportation	Student bus assignment
	Students pick up and/or drop off location
	Student bus card ID number
	Other transportation data – Please specify:
Other	Please list each additional data element used, stored, or collected by your application: Driver’s License (optional based on member configuration)
None	No Student Data collected at this time. Provider will immediately notify LEA if this designation is no longer applicable.

EXHIBIT “C”

DEFINITIONS

De-Identified Data and De-Identification: Records and information are considered to be de-identified when personally identifiable information has been removed or obscured, such that the remaining information does not reasonably identify a specific individual, including, but not limited to, any information that, alone or in combination is linkable to a specific student.

Educational Records: Educational Records are records, files, documents, and other materials directly related to a student and maintained by the school or local education agency, or by a person acting for such school or local education agency, including but not limited to, records encompassing all the material kept in the student’s cumulative folder, such as general identifying data, records of attendance and of academic work completed, records of achievement, and results of evaluative tests, test protocols and individualized education programs.

Operator: means the operator of an internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used for K–12 school purposes. Any entity that operates an internet website, online service, online application, or mobile application that has entered into a signed, written agreement with an LEA to provide a service to that LEA shall be considered an “operator” for the purposes of this section.

Provider: For purposes of the DPA, the term “Provider” means provider of digital educational software or services, including cloud-based services, for the digital storage, management, and retrieval of Student Data. Within the DPA the term “Provider” includes the term “Third Party” and the term “Operator” as used in applicable state statutes.

Student Generated Content: The term “student-generated content” means materials or content created by a student in the services including, but not limited to, essays, research reports, portfolios, creative writing, music or other audio files, photographs, videos, and account information that enables ongoing ownership of student content.

School Official: For the purposes of this DPA and pursuant to 34 CFR § 99.31(b), a School Official is a contractor that: (1) Performs an institutional service or function for which the agency or institution would otherwise use employees; (2) Is under the direct control of the agency or institution with respect to the use and maintenance of Student Data including Education Records; and (3) Is subject to 34 CFR § 99.33(a) governing the use and re- disclosure of personally identifiable information from Education Records.

Service Agreement: Refers to the General Terms of Use, Additional Terms of Use for Schools, and Privacy Policy.

Student Data: Student Data includes any data, whether gathered by Provider or provided by LEA or its users, students, or students’ parents/guardians in connection with the Services, that can reasonably be used to identify or contact a particular student, including, but not limited to, information in the Educational Record or email, first and last name, birthdate, home or other physical address, telephone number, email address, or other information allowing physical or online contact, discipline records, videos, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security numbers, biometric information, disabilities, socioeconomic information, individual purchasing behavior or preferences, food purchases, political affiliations, religious information, text messages, documents, student identifiers, search activity, photos, voice recordings, geolocation information, parents’ names, or any other information or identification number that would provide information about a specific student. Student Data further includes “personally identifiable information (PII),” as defined in 34 C.F.R. § 99.3 and as defined under any applicable state law. Student Data shall constitute Education Records for the purposes of this DPA, and for the purposes of federal, state, and local laws and regulations. Student Data as specified in Exhibit “B” is confirmed to be collected or processed by the Provider pursuant to the Services and as described in this DPA. Student Data shall not constitute that information that has been anonymized or de-identified, or anonymous usage data regarding a student’s use of Provider’s services. Student Data shall not include data Provider receives independently from Student or Student’s parent or guardian, including through other services or features offered by Provider.

Subprocessor: For the purposes of this DPA, the term “Subprocessor” (sometimes referred to as the “Subcontractor”) means a party other than LEA or Provider, who Provider uses for data collection, analytics, storage, or other service to operate and/or improve its service, and who has access to Student Data.

Targeted Advertising: means presenting an advertisement to a student where the selection of the advertisement is based on Student Data or inferred over time from the usage of the operator’s Internet web site, online service or mobile application by such student or the retention of such student’s online activities or requests over time for the purpose of targeting subsequent advertisements. “Targeted advertising” does not include any advertising to a student on an Internet web site based on the content of the web page or in response to a student’s response or request for information or feedback.

Third Party: The term “Third Party” means a provider of digital educational software or services, including cloud- based services, for the digital storage, management, and retrieval of Education Records and/or Student Data, as that term is used in some state statutes. However, for the purpose of this DPA, the term “Third Party” when used to indicate the provider of digital educational software or services is replaced by the term “Provider.”

EXHIBIT “D”

DATA SECURITY REQUIREMENTS

https://www.parchment.com/resources/trust/

Cybersecurity Frameworks

	MAINTAINING ORGANIZATION/GROUP	FRAMEWORK(S)
x	National Institute of Standards and Technology	NIST Cybersecurity Framework Version 1.1
	National Institute of Standards and Technology	NIST SP 800-53, Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity (CSF), Special Publication 800-171
x	International Standards Organization	Information technology — Security techniques — Information security management systems (ISO 27000 series)
	Secure Controls Framework Council, LLC	Security Controls Framework (SCF)
	Center for Internet Security	CIS Critical Security Controls (CSC, CIS Top 20)
	Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))	Cybersecurity Maturity Model Certification (CMMC, ~FAR/DFAR)

Cookie	Duration	Description
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
BIGipServer*	session	Marketo sets this cookie to collect information about the user's online activity and build a profile about their interests to provide advertisements relevant to the user.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-essential	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category “Necessary”.
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
STYXKEY_api_token	1 hour	AWS Cloud API
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
webinarVideo	never	Recursive support screen share session tracking cookie

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__sharethis_cookie_test__	session	ShareThis sets this cookie to track which pages are being shared and by whom.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	5 months 27 days	This is a cookie from LinkedIn and is used for storing visitors' consent regarding the use of cookies for non-essential purposes
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
liveagent_oref	1 year	This cookie is set by LiveAgent to allow Live Chat assistance for existing customers.
liveagent_ptid	1 year	LiveAgent sets this cookie to link previous chats and transcripts from a single visitor.
liveagent_sid	session	LiveAgent sets this cookie to capture a unique pseudonymous ID when a user requests a chat during an active session.
liveagent_vc	1 year	This cookie is set by LiveAgent to allow Live Chat assistance for existing customers.
NextPage	past	This cookie tracks the previous page to allow users to go back and forth between pages using the user interface buttons.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
X-Salesforce-CHAT	session	This cookie is set by LiveAgent to allow Live Chat assistance for existing customers.

Cookie	Duration	Description
__jid	30 minutes	Cookie used to remember the user's Disqus login credentials across websites that use Disqus.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
_clck	1 year	Persists the Clarity User ID and preferences, unique to that site, on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_clsk	session	Connects multiple page views by a user into a single Clarity session recording.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_ga_N0Q7GW0J6L	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_335339_11	2 hours	Set by Google to distinguish users.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gat_UA-335339-11	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory	1 month	No description
ANONCHK	10 minutes	The Microsoft Clarity ANONCHK cookie, indicates whether MUID is transferred to ANID, which is a cookie used for advertising. Clarity doesn't use ANID and so this is always set to 0 indicating not for advertising.
CLID	1 year	Used by Microsoft Clarity. The cookie is set by embedded Microsoft Clarity scripts. The purpose of this cookie is for heatmap and session recording.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
disqus_unique	1 year	Set by Disqus to record internal statistics for anonymous visitors.
loglevel	never	Collects data on visitor interaction with the website's video-content - This data is used to make the website's video-content more relevant towards the visitor.
SM	session	This Microsoft Clarity cookie is used in synchronizing the MUID across Microsoft domains.
SRM_B	1 year 24 days	Used by Microsoft Clarity as a unique ID for visitors.
ti_	2 years	This cookie is set by Triblio to track the way a visitor uses the website and to monitor the performance of marketing campaigns.
VISITOR_PRIVACY_METADATA	5 months 27 days	YouTube meta data

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bito	1 year 1 month	This cookie is set by Beeswax for advertisement purposes.
bitoIsSecure	1 year 1 month	Beeswax sets this cookie for targeting and advertising. The cookie is used to serve the user with relevant advertisements based on real time bidding.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
NID	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
S	1 hour	Used by Yahoo to provide ads, content or analytics.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
tuuid	2 years	The tuuid cookie, set by Demandbase via BidSwitch, stores an unique ID to determine what adverts the users have seen if they have visited any of the advertiser's websites. The information is used to decide when and how often users will see a certain banner.
tuuid_lu	2 years	This cookie, set by Demandbase via BidSwitch, stores a unique ID to determine what adverts the users have seen while visiting an advertiser's website. This information is then used to understand when and how often users will see a certain banner.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.