Cookie Policy
Hive Bastion LLC · Version 1.0 · Effective 24 June 2026
1. Introduction and Scope
This Cookie & Tracking Technologies Policy ("Cookie Policy") explains how Hive Bastion LLC ("Hive Bastion," "we," "us," or "our") uses cookies and similar tracking technologies on our public website, https://hivebastion.com (the "Site"), and describes the choices available to you regarding their use.
Hive Bastion LLC is a Tennessee limited liability company and a disregarded entity for U.S. federal income-tax purposes. We are committed to a data-minimization posture: we strive to collect and process only the information necessary to operate our Site and serve our visitors. This Cookie Policy reflects that posture and is written to be transparent about what we actually do, rather than to reserve broad rights we do not exercise.
Scope. This Cookie Policy applies only to the public marketing Site at the domain above. It does not govern:
- Data processing performed under a signed client engagement, which is governed by the applicable Master Services Agreement, Statement of Work, and Data Processing Addendum. See the Privacy Policy for the distinction between Site-visitor data and client/engagement data.
- Third-party websites that may be linked from our Site, which are governed by their own policies.
This Cookie Policy should be read together with our Privacy Policy and Terms of Service.
Published baseline — not the contract. This Cookie Policy is a good-faith public baseline describing our current practices on the Site. Any engagement between Hive Bastion and a client is governed by a separate signed written agreement between the parties, which controls in the event of any conflict.
Order of precedence and no separate reliance. This Cookie Policy is a transparency disclosure, not a contract, and creates no rights enforceable against Hive Bastion LLC beyond those granted by applicable law. It is published together with, and is subject to, our Terms of Service, including its disclaimers and limitations of liability, and our Privacy Policy. In the event of any conflict among these documents as to data practices on the Site, the Privacy Policy controls on the substance of personal-information handling and this Cookie Policy controls on the specific operation of cookies and similar technologies. Nothing in this Cookie Policy is intended to create third-party-beneficiary rights. To the maximum extent permitted by applicable law, Hive Bastion's aggregate liability arising out of or relating to this Cookie Policy or your access to or use of the Site is limited as set forth in the Terms of Service and your separate signed agreement (if any) and, where no fees have been paid by you, to one hundred U.S. dollars (US$100).
2. What Are Cookies and Similar Technologies?
Cookies are small text files that a website places on your device (computer, tablet, or phone) when you visit. They are widely used to make websites work, to remember your preferences, and—on many sites—to collect information about browsing activity. Cookies set by the site you are visiting are called first-party cookies; cookies set by a different domain (for example, an embedded analytics or advertising service) are called third-party cookies.
Cookies can also be distinguished by how long they last:
- Session cookies exist only while your browser is open and are deleted when you close it.
- Persistent cookies remain on your device for a defined period or until you delete them.
Similar technologies that may be used in place of, or alongside, cookies include:
| Technology | What it is |
|---|---|
| Local storage / session storage | Browser-based key-value storage that a site can use to remember settings without a traditional cookie. |
| Pixels / web beacons | Tiny, often invisible images used to detect that a page or email was loaded. |
| Software development kits (SDKs) / scripts | Code embedded in a page (for example, an analytics script) that can read or write storage. |
| Device or browser fingerprinting | Techniques that infer identity from device/browser characteristics. Hive Bastion does not use, and does not direct any third party to use, device or browser fingerprinting to track you across websites or to build advertising or marketing profiles. Our security and content-delivery providers may analyze device or request characteristics solely to protect the Site against fraud and abuse; this is not used for cross-site tracking or advertising. |
In this Cookie Policy, the word "cookies" is used as shorthand to include these similar technologies unless otherwise stated.
3. Our Cookie Posture (Plain-Language Summary)
We designed the Site to function with minimal reliance on cookies. As of the date of this Cookie Policy, our marketing Site is expected to use few or no non-essential cookies. We do not run behavioral advertising on the Site, we do not sell or share personal information for cross-context behavioral advertising, and we do not use AI model training on visitor browsing data.
The detailed categories below describe the types of cookies a site can use and our position on each. Where a category is marked as "not currently used," we are stating our present practice; if that changes, we will update this Cookie Policy and the consent experience accordingly (see Section 9).
4. Categories of Cookies
We organize cookies into four standard categories. The two-layer structure below states (a) our Standard / Commitment for each category, (b) our Current Implementation Status as a marketing site, and (c) the Roadmap for maturing our cookie governance.
4.1 Category Table
| Category | Purpose | Consent required? | Used on this Site today? |
|---|---|---|---|
| Strictly Necessary | Enable core functionality such as page delivery, security, load balancing, and remembering your cookie choices. | No (exempt) | Likely yes — minimal. |
| Functional | Remember preferences and choices (e.g., language, region, prior form input) to improve usability. | Yes, where non-essential | Possibly — limited or none. |
| Analytics / Performance | Help us understand aggregate, de-identified usage (e.g., pages viewed, approximate region) to improve the Site. | Yes | See Section 6. |
| Marketing / Advertising | Build profiles, deliver targeted ads, or measure ad campaigns, often across sites. | Yes | No. We do not run behavioral advertising on the Site. |
4.2 Strictly Necessary Cookies
Standard / Commitment. We use strictly necessary cookies and equivalent storage only to deliver the Site you requested and to maintain its security and integrity (for example, our DNS/edge provider may set a security or load-balancing cookie, and we may store your cookie-preference choice). These are commercially reasonable, are exempt from consent under applicable law, and cannot be switched off through our consent controls because the Site cannot function properly without them.
Current Implementation Status. The Site is a static marketing site fronted by a content-delivery/edge provider (Cloudflare) and hosted on Google Cloud Platform. Strictly necessary items, if present, are expected to be limited to provider-managed security/performance cookies and a first-party preference store. Any such provider-managed items are inherited from the provider and subject to the provider's terms; Hive Bastion does not independently warrant provider controls. We do not place strictly necessary cookies that identify you as an individual for any purpose beyond operating the Site.
Roadmap. Maintain a documented inventory of all strictly necessary cookies, refreshed on a periodic cookie-scan cadence, and surface the exact names, providers, and durations in the table in Section 8 once verified.
4.3 Functional Cookies
Standard / Commitment. Where used, functional cookies are designed to remember choices you make (such as a region or display preference) so you do not have to re-enter them. We treat non-essential functional cookies as requiring consent and limit them to features that provide a clear benefit to you.
Current Implementation Status. Our marketing Site is largely informational and is expected to use few or no functional cookies. Any preference we store (for example, your cookie-banner choice) is recorded in a first-party manner and is not shared for advertising.
Roadmap. As the Site adds interactive features (for example, a contact form or scheduling embed), evaluate each for cookie/storage use, gate non-essential items behind consent, and document them here.
4.4 Analytics / Performance Cookies
Standard / Commitment. Analytics cookies, where used, are designed to give us aggregate, de-identified insight into how the Site is used so we can improve it. We strive to configure analytics in a privacy-respecting manner (for example, IP truncation/anonymization where supported, no advertising features, and no cross-site profiling), and we treat analytics as requiring consent in jurisdictions that require it.
Current Implementation Status. Our default posture is privacy-respecting, consent-gated analytics, or server-side/log-based metrics that do not set cookies. We do not use analytics data to train AI models. See Section 6 for third-party disclosure.
Roadmap. Standardize on a documented analytics configuration, record the provider and its cookie names/durations in Section 8, and add a data-processing/sub-processor entry consistent with our Subprocessor List.
4.5 Marketing / Advertising Cookies
Standard / Commitment. We do not use the Site to deliver targeted advertising, to build advertising profiles, or to share or "sell" personal information for cross-context behavioral advertising as those terms are used under U.S. state privacy laws. If we ever introduce marketing cookies, we will obtain consent where required and update this Cookie Policy and the consent experience first.
Current Implementation Status. No marketing or advertising cookies are used on the Site. We run no ad pixels, retargeting tags, or social-advertising trackers as a matter of current practice.
Roadmap. If marketing technologies are ever adopted, implement opt-in consent management, a documented "Do Not Sell or Share My Personal Information" mechanism, and an updated disclosure in this Section and in Section 8.
5. Consent Model
Standard / Commitment. Our consent model is designed to align with the ePrivacy Directive (the "cookie law") for users in the EU/UK and with U.S. state privacy laws such as the California Consumer Privacy Act, as amended by the CPRA (collectively, "CCPA"). We apply the following principles:
- Strictly necessary cookies are used without consent because they are exempt; we still disclose them.
- Non-essential cookies (functional, analytics, marketing) are, where required by law, set only after you provide consent, and you may withdraw consent at any time as easily as you gave it.
- Opt-out preference signals (GPC). Where the Site processes any personal information subject to an opt-out right under applicable U.S. state law, we are committed to treating a detected Global Privacy Control (GPC) signal as a valid opt-out of any sale or sharing of personal information for cross-context behavioral advertising and of non-essential analytics, to the extent required by applicable law. Because the Site does not currently sell or share personal information for advertising and runs few or no non-essential cookies, a GPC signal confirms a posture we already maintain.
- Do-Not-Track (DNT). There is no industry-standard or legally mandated response to browser Do-Not-Track signals, and signals are sent inconsistently across browsers. Consistent with California Business & Professions Code §22575, we disclose our practice: we do not use the Site to track you across third-party websites over time, and we do not respond differently to DNT signals because we do not engage in the cross-site tracking that DNT is designed to limit.
- We do not use dark patterns to coerce consent, and declining non-essential cookies will not prevent you from accessing the core content of the Site.
Current Implementation Status. Because the Site is expected to deploy few or no non-essential cookies today, the consent experience is correspondingly lightweight. If non-essential cookies are introduced, a consent banner and preference center will be required before they load. Where a GPC signal is detected, our default posture is to treat it as a request to disable non-essential analytics and any sharing/sale of personal information for advertising.
Roadmap. Deploy or formalize a consent-management mechanism (banner + granular preference center) that (a) blocks non-essential cookies until consent is given in consent-required jurisdictions, (b) records and timestamps consent — with such consent records retained for a defined period (target: 24 months) to demonstrate compliance, (c) auto-honors GPC, and (d) is reviewed when any new third-party tag is added to the Site.
5.1 Your Opt-Out Rights (U.S. State Privacy Laws)
Residents of California and other U.S. states with comprehensive privacy laws have the right to opt out of the sale of personal information, the sharing of personal information for cross-context behavioral advertising, and targeted advertising. Hive Bastion does not engage in any of these activities on the Site; there is accordingly nothing to opt out of, and a detected Global Privacy Control signal will be honored as confirming that status. If we ever introduce such activities, we will first provide a clearly labeled "Do Not Sell or Share My Personal Information" link and an opt-out preference center. We do not use cookies or similar technologies to collect sensitive personal information (such as precise geolocation) for the purpose of inferring characteristics about you.
6. Third-Party and Analytics Disclosure
Some cookies or storage items may be set by third parties that provide services to us. Where third parties are used, the relevant entity acts as a service provider/processor under written terms, and we list infrastructure and processing vendors in our Subprocessor List (Public) and internal Subprocessor Register.
Potential third-party sources of cookies/storage on the Site:
| Third party | Role | Cookie/storage purpose | Data residency |
|---|---|---|---|
| Cloudflare, Inc. | DNS, CDN/edge, security | Strictly necessary security/performance items | Designed for US; see residency note below |
| Google LLC / Google Cloud Platform | Hosting/compute, logging | Operational; server-side logs (not necessarily cookies) | Designed for US; see residency note below |
| Web analytics provider | Analytics/performance | Aggregate, de-identified usage metrics | Designed for US; see residency note below |
| Embedded media / form / scheduling widget | Functional | Set only if/when such a widget is added | — |
Data residency note. Hive Bastion is designed to process and store Site data in the United States. Certain global infrastructure providers (for example, Google, Cloudflare, and GitHub/Microsoft) may process limited operational or transit metadata outside the United States in the ordinary operation of their global networks. Where an engagement requires strict US-only processing or restricts international transfers, that requirement is addressed in the governing Data Processing Addendum, including any applicable transfer mechanism (such as the EU Standard Contractual Clauses or the UK IDTA).
Important honesty note: We have not asserted that any specific analytics or advertising third party is active on the Site. The presence, identity, and configuration of any analytics or embedded third-party tool must be confirmed by a live cookie audit before this Cookie Policy is published, and the table above updated to reflect reality. We do not knowingly permit third parties to use Site data for their own cross-site advertising, and we do not permit any party to use Site data to train AI models.
7. How to Control Cookies
You have several ways to control or limit cookies and similar technologies:
7.1 On-Site Controls
Where a cookie-consent banner or preference center is presented on the Site, you may use it to accept or decline non-essential categories and to change your choices later.
7.2 Browser Controls
Most browsers let you view, manage, block, and delete cookies through their settings. Blocking strictly necessary cookies may cause parts of the Site to function improperly. Vendor instructions are available here:
- Google Chrome: Settings → Privacy and security → Cookies and other site data
- Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
- Apple Safari: Settings/Preferences → Privacy
- Microsoft Edge: Settings → Cookies and site permissions
You can typically also browse in a private/incognito window to limit persistent cookies for that session.
7.3 Global Privacy Control (GPC) and Do-Not-Track (DNT)
Global Privacy Control (GPC). Where the Site processes any personal information subject to an opt-out right under applicable U.S. state law, we are committed to treating a detected GPC signal as a valid opt-out of any sale or sharing of personal information for cross-context behavioral advertising and of non-essential analytics, to the extent required by applicable law. GPC can be enabled through a supporting browser or extension. Because the Site does not currently sell or share personal information for cross-context behavioral advertising and runs few or no non-essential cookies, a GPC signal confirms a posture we already maintain.
Do-Not-Track (DNT). There is no industry-standard or legally mandated response to browser Do-Not-Track signals, and signals are sent inconsistently across browsers. Consistent with California Business & Professions Code §22575, we disclose our practice: we do not use the Site to track you across third-party websites over time, and we do not respond differently to DNT signals because we do not engage in the cross-site tracking that DNT is designed to limit.
7.4 Mobile and Device Controls
On mobile devices, operating-system settings allow you to limit ad tracking and to clear stored site data for your browser.
8. Cookie Inventory
The table below is the canonical inventory of cookies and storage items in use on the Site. It is intentionally left pending a live cookie audit rather than populated with assumed values, consistent with our two-layer honesty posture.
| Cookie / storage name | Category | First/Third party | Provider | Purpose | Duration |
|---|---|---|---|---|---|
| — | — | — | — | — | — |
Current Implementation Status. Not yet populated. A cookie scan of https://hivebastion.com is required to enumerate the exact names, providers, and durations. Until completed, visitors should treat Sections 3–4 as our good-faith description and rely on browser controls (Section 7) for assurance.
Roadmap. Populate this table from a documented cookie scan, refresh it on a periodic cadence and whenever a new third-party tag is added, and reconcile it with the Subprocessor List (Public).
9. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in the technologies we use, in applicable law, or in our practices. When we make material changes—such as introducing a new category of non-essential cookies—we will update the version and date below and, where required, refresh the consent experience before the new cookies load.
We will post the updated Cookie Policy with a revised version and date. For non-essential cookies in jurisdictions that require prior consent (including the EU/UK), we will obtain your fresh consent through the consent experience before any new non-essential cookies load; continued use of the Site is not a substitute for that consent. For changes that do not require consent, your continued use of the Site after the effective date reflects your awareness of the updated Cookie Policy. We encourage you to review this Cookie Policy periodically.
10. Relationship to AI-Generated Content
Portions of this document and of materials on the Site may be produced with the assistance of AI systems. The following disclosure applies:
This document contains content generated, in whole or in part, by AI systems operated by Hive Bastion LLC. AI can make mistakes. Every result herein is an estimate produced for the named recipient's professional review - not a regulated determination, not an underwriting decision, not a rate quote, not legal advice, not medical advice, not investment advice. The named recipient is responsible for the final decision and for verifying any factual claim before acting on it.
11. Contact Us
If you have questions about this Cookie Policy or our use of cookies and tracking technologies, contact us:
Hive Bastion LLC
Attn: Privacy
1556 Hankook Rd Suite A, PMB 1021
Clarksville, TN 37043
- Contact: david@hivebastion.com
- Website: https://hivebastion.com
Frameworks and Controls Referenced
This Cookie Policy is written to support the following:
- ePrivacy Directive (2002/58/EC, as amended) — cookie consent and exemptions for EU/UK visitors.
- California Consumer Privacy Act (CCPA), as amended by the CPRA — opt-out preference signals (GPC), "Do Not Sell or Share," and disclosure obligations.
- California Business & Professions Code §22575 (CalOPPA) — Do-Not-Track disclosure obligation.
- SOC 2 Trust Services Criteria — Privacy (P) and Confidentiality (C) criteria, supporting CC-series controls.
- NIST CSF 2.0 — GV (Govern) and ID (Identify) functions, as they relate to data-processing transparency and inventory.
- ISO/IEC 27001:2022 Annex A — A.5 Organizational controls (policies, supplier relationships) and A.8 Technological controls (data handling).