Cookie Policy

This Cookie Policy applies to:

• All cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies set by Served 123 LLC on served123.com and any subdomains;
• All cookies set on the Company's website by authorized third-party service providers (e.g., the website-hosting platform, analytics provider, payment processors);
• All visitors to the website, regardless of jurisdiction, including Clients, prospective Clients, and members of the public.

Capitalized terms used in this Cookie Policy have the meanings set out below or, where not defined here, the meanings ascribed in the Terms of Service and Privacy Policy.

By accessing the Company's website, you acknowledge and agree to the use of cookies as described in this Cookie Policy, subject to your consent choices made through the Consent Manager and any applicable legal requirements in your jurisdiction.

• Essential cookies are set without requiring consent, as they are strictly necessary for the website to function;
• Analytics, functional, and any marketing cookies — collectively, "non-essential cookies" — are set only after consent where required by applicable law (e.g., the EU/UK ePrivacy framework);
• Where applicable law does not require prior opt-in consent (the U.S. default), the Company may set analytics and functional cookies on an opt-out basis, and you may decline them at any time through the Consent Manager or browser settings.

The Company's governing documents operate together as an integrated framework. Where this Cookie Policy addresses a topic also addressed in another governing document, the Order of Precedence set out in Terms of Service § 35 applies:

• The Privacy Policy controls questions about the collection, use, retention, and disclosure of personal information — including personal information collected via cookies;
• The Terms of Service control questions of legal framework, governing law, dispute resolution, limitation of liability, and indemnification;
• This Cookie Policy controls the specific operational disclosures about cookies and similar tracking technologies on the Company's website.

This Cookie Policy is incorporated by reference into, and read together with, the following governing documents:

• Privacy Policy — personal information collection, use, retention, and data-subject rights;
• Terms of Service — legal framework, governing law, dispute resolution;
• Disclaimer Policy — service-nature disclosures, no-legal-advice, warranty disclaimers;
• Refund & Cancellation Policy — cancellation, refund eligibility, force majeure;
• Terms & Conditions of Service — operational service delivery, performance standards;
• Supplementary Costs & Disclosure Terms — pricing, surcharges, supplementary fees.

Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They are widely used to make websites function more efficiently, to remember user preferences across sessions, and to provide website owners with anonymized analytics about how visitors use the site.

Each cookie typically contains:

• A name identifying the cookie (e.g., _ga for Google Analytics);
• A value storing a small piece of data (e.g., a session ID or random identifier);
• A domain indicating which website set the cookie;
• An expiration date indicating when the cookie should be deleted (session cookies expire when the browser closes; persistent cookies have a defined lifespan).

In addition to cookies, websites commonly use the following similar tracking technologies. All references to "cookies" in this Policy include these technologies unless otherwise specified.

• Web beacons (pixel tags). Small transparent images embedded in web pages or emails to track whether a page was loaded or an email was opened. The Company does not currently use web beacons in marketing emails;
• Local storage (localStorage). Browser-based storage that retains certain data beyond a session without using cookies. Some platforms use local storage to remember user preferences or session state;
• Session storage (sessionStorage). Temporary browser storage that is cleared when the browser session ends;
• IndexedDB. A larger browser-based database used by some web applications for offline storage and performance optimization;
• Device identifiers. When the website is accessed via mobile devices, certain device identifiers (e.g., advertising IDs) may be present in the technical context, though the Company does not collect or store these for advertising purposes.

The cookies on our website fall into the following categories, distinguished by the color-coded badges below:

The Company uses cookies for the following defined purposes:

• Essential website operation. Maintaining secure sessions, preventing cross-site request forgery on form submissions, balancing load across the hosting platform, and supporting content-delivery infrastructure;
• Analytics and performance measurement. Understanding how visitors arrive at the website, which pages are most useful, and where the user experience could be improved;
• Functional preferences. Remembering your settings (e.g., consent choices, accessibility preferences) so they do not have to be re-entered on each visit;
• Security. Detecting and preventing fraudulent activity, abuse of the order-submission system, and unauthorized access attempts;
• Payment processing. When you initiate a payment flow with a third-party payment processor (e.g., PayPal, Square, Stripe), that processor may set its own cookies for fraud prevention, session security, and transaction completion.

To be transparent about practices the Company avoids, the following uses are not present on the Company's website:

• Behavioral advertising. The Company does not use cookies to deliver targeted advertising based on your browsing history or inferred interests;
• Retargeting. The Company does not place retargeting pixels (e.g., Facebook Pixel, Google Ads remarketing tags, LinkedIn Insight Tag) that would follow you to other websites;
• Cross-site profiling. The Company does not combine data from cookies on our site with data from other sites to build a profile of you;
• Sale or sharing of cookie data. The Company does not sell or share cookie-derived data with third parties for their own commercial or marketing purposes — including under the definitions of "sale" and "sharing" applied by U.S. state privacy laws;
• Data broker integrations. The Company does not use cookies to feed data brokers or commercial profiling services;
• Browser fingerprinting. The Company does not use techniques that combine device or browser characteristics to create a unique fingerprint;
• Cookie walls. The Company does not block access to the website based on a refusal to accept non-essential cookies. You can decline non-essential cookies and continue to use the website normally.

Cookies are classified by duration as either session cookies (deleted when you close your browser) or persistent cookies (retained until expiration or manual deletion). The table below describes the primary cookies in use on the Company's website.

Some cookies on the Company's website are set by third-party service providers. These providers operate under their own privacy policies, which the Company does not control. Current third-party providers include:

• Webflow (Webflow, Inc.). The Company's website is hosted on the Webflow platform, which sets essential and functional cookies for website operation, load balancing, and platform security. Privacy practices at webflow.com/legal/privacy.
• Google Analytics (Google LLC). Collects anonymized usage statistics. You can opt out at tools.google.com/dlpage/gaoptout. Privacy policy at policies.google.com/privacy.
• PayPal (PayPal Holdings, Inc.). If you complete a payment through PayPal, PayPal may set its own cookies for fraud prevention, session security, and payment processing. Privacy statement at paypal.com/us/legalhub/privacy-full.
• Square (Block, Inc.). If you complete a payment through Square, Square may set session and security cookies as part of the payment workflow. Privacy policy at squareup.com/us/en/legal/general/privacy.
• Stripe (Stripe, Inc.). If you complete a payment through Stripe, Stripe may set cookies for fraud prevention, 3-D Secure authentication, and payment processing. Privacy policy at stripe.com/privacy.

When you first visit served123.com, you may be presented with a Consent Manager notice that informs you of the categories of cookies in use and gives you the ability to accept, decline, or customize cookie preferences.

• Accept All. Consents to essential, analytics, and functional cookies;
• Reject Non-Essential. Consents only to essential cookies; declines analytics and functional cookies. The website will continue to function;
• Customize. Allows you to selectively accept or decline each non-essential category individually;
• Your consent preference is stored for twelve (12) months and will not be re-requested within that period unless you clear your cookies or access the website from a new device or browser.

You may withdraw or change your cookie consent at any time. Withdrawal is as easy as the original grant of consent. Available methods:

• Re-trigger the Consent Manager. Clear the cookie-consent cookie in your browser settings (see § 16) and revisit served123.com. The Consent Manager banner will reappear on next visit, and you may make a new selection;
• Browser cookie controls. Configure your browser to block or delete cookies on a per-site or global basis (see § 16 for browser-specific instructions);
• Mobile device controls. Use your mobile device's privacy or advertising settings (see § 17);
• Email request. Email info@served123.com with the subject line "Cookie Consent Withdrawal" and we will assist with the request;
• Privacy signals. Configure your browser to send a Global Privacy Control signal (see § 18), which the Company treats as a valid opt-out request for "sale" and "sharing" of Personal Information.

All modern browsers allow you to view, delete, block, or restrict cookies on a per-site or global basis. Instructions for the most common desktop browsers:

If you access the website on a mobile device, you can also use your device's privacy settings to manage tracking and cookies:

• iOS (Apple). Settings → Safari → Privacy & Security includes controls for "Block All Cookies," "Prevent Cross-Site Tracking," and "Hide IP Address from Trackers." App Tracking Transparency (Settings → Privacy & Security → Tracking) governs app-to-app tracking but does not affect website cookies;
• Android. Cookie controls are managed inside the browser app (typically Chrome): Chrome menu → Settings → Site settings → Cookies. The device-level "Ads" setting (Settings → Google → Ads) controls the Android Advertising ID, which is not used by this website;
• Mobile browsers. The same cookie controls available in desktop browsers (§ 16) are typically available in the mobile versions, though the menu paths differ;
• Private / Incognito browsing. Most mobile browsers offer a "Private," "Incognito," or "InPrivate" mode that automatically clears cookies and other site data when the browsing session ends.

• When a GPC signal is detected from a visitor's browser, the Company treats it as a valid opt-out of the "sale" or "sharing" of Personal Information under applicable U.S. state laws — even though the Company does not engage in either activity;
• GPC also informs the Consent Manager's default selection: when GPC is detected, non-essential analytics and functional cookies are not set unless the visitor affirmatively opts in;
• GPC signals are processed automatically and do not require account creation or identity verification;
• Because GPC operates at the browser level, an opt-out signal applies to that specific browser on that specific device; clearing cookies or switching browsers may require re-sending the signal.

Some browsers include a legacy "Do Not Track" (DNT) feature that signals a preference not to be tracked across websites. Because there is no universally accepted standard for how websites should respond to DNT signals, and because the broader industry has moved toward GPC as a successor framework, the Company does not currently alter its data collection practices based on DNT browser signals.

Residents of U.S. states with comprehensive consumer privacy laws have statutory rights to opt out of certain processing activities, including the use of cookies for "sale," "sharing," targeted advertising, or significant profiling. As disclosed throughout this Policy, the Company does not engage in those activities — but residents are still entitled to exercise the right and receive confirmation.

• California (CCPA / CPRA). California residents may exercise the right to opt out of the sale or sharing of Personal Information at any time. See Privacy Policy § 21 for details;
• Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states. Residents may exercise the right to opt out of sale, targeted advertising, and significant profiling. See Privacy Policy §§ 22–28 for state-by-state detail;
• Universal Opt-Out Mechanism. In states whose laws recognize universal opt-out mechanisms (CO, CT, OR, TX, and others), the Company honors GPC signals as a valid opt-out (see § 18);
• How to exercise. Submit a rights request to info@served123.com with the subject line "Privacy Rights Request," as detailed in Privacy Policy § 18.

The Company's website and Services are intended for adults aged 18 years or older. The Company does not knowingly direct cookies or tracking technologies at children under 13 (or under 16 in jurisdictions where that threshold applies), and does not knowingly collect Personal Information from minors through cookies for commercial or marketing purposes.

• The cookies used on the website (see § 12) are not designed for child audiences and are not used to target advertising to minors;
• The Company complies with the U.S. Children's Online Privacy Protection Act (COPPA) and analogous foreign laws regarding minors;
• Parents or guardians who believe a minor under their care has interacted with the website may request deletion of any associated Personal Information by emailing info@served123.com with the subject line "Minor Data Deletion Request."

• Prior opt-in consent. Non-essential cookies are not set until you provide affirmative, specific consent through the Consent Manager. Pre-ticked boxes are not used, and continued use of the site is not, by itself, treated as consent;
• Granular control. The Consent Manager allows you to accept or decline each category of non-essential cookie individually (analytics, functional);
• Withdrawal as easy as grant. You may withdraw consent at any time through the methods described in § 15. Withdrawal is forward-looking and does not affect the lawfulness of Processing performed before withdrawal;
• Right to complain. You may submit a complaint to the supervisory authority in your member state of residence, place of work, or alleged infringement; UK residents may complain to the Information Commissioner's Office (ICO);
• International transfers. Where personal information collected via cookies is transferred outside the EU/EEA/UK, the Company implements appropriate safeguards as described in Privacy Policy § 30.

This Cookie Policy is provided for informational purposes and is subject to the following limitations:

• Best-effort accuracy. Cookie names, durations, third-party providers, and Consent Manager behavior may change as the website, hosting platform, or analytics provider updates. The Company refreshes this Policy when material changes occur but does not warrant that the disclosures are exhaustive of every cookie set in real time;
• Third-party providers. The Company does not control how third-party providers implement cookies. Where a provider's behavior changes between Policy updates, the provider's published privacy policy is the authoritative source;
• No legal advice. Nothing in this Cookie Policy constitutes legal advice about your rights or obligations. See the Disclaimer Policy for the Company's broader no-legal-advice and no-attorney-client disclosures;
• Limitation of liability. Any liability arising from the use of cookies on the website is subject to the limitation-of-liability provisions in the Terms of Service.

This Cookie Policy may be updated from time to time to reflect changes in our cookie practices, third-party provider relationships, or applicable law. The most current version is always available at served123.com/cookie-policy with a revised effective date.

• Material changes — changes that introduce new cookie categories, new third-party providers, or new purposes of use — will be communicated by prominent notice on the website (and, where required, by re-triggering the Consent Manager) prior to taking effect;
• Non-material changes — corrections, clarifications, and refreshes to the reference table — may take effect upon posting;
• Continued use of the Company's website following any change constitutes acceptance of the updated Policy. Where prior consent was obtained, the prior consent will remain effective unless the change materially expands the categories or purposes covered, in which case fresh consent will be requested.

Questions about this Cookie Policy, requests to manage your consent, or notifications about suspected cookie issues should be directed to: