Cookie Policy

Back to thirdrailsystems.ee
LEGALCookies

Cookie & Tracking Notice

Version v0.1Last updated 2026-04-20Effective TBD (on counsel sign-off)
Draft — for counsel reviewThis document is a structured draft authored by the Third Rail Systems founding team and is pending sign-off from Estonian counsel. It does not yet constitute a binding legal commitment. For contracted pilots, the governing document is the pilot agreement executed between your organization and Third Rail Systems OÜ. Questions: legal@thirdrailsystems.ee.

1. Summary

A "cookie" is a small text file stored on your device by a website to remember state between requests. Some cookies are strictly necessary to operate a site; others are optional. Under the EU ePrivacy Directive (as implemented in Estonia) non-essential cookies and equivalent tracking technologies require informed consent. This notice tells you exactly what we use, why, and how to control it.

2. What we use

Strictly necessary
Session state, CSRF protection, and anti-abuse controls for the pilot-request form. These are first-party, short-lived, and essential to operate the Website. No consent required (ePrivacy Dir. Art. 5(3), exception for communications strictly necessary to deliver a service explicitly requested by the user).
Product analytics (PostHog)
We use PostHog to measure aggregate usage of the Website (e.g. which sections of the Strategic Memo are read, how many visitors reach the pilot-request form). PostHog may set first-party cookies/local-storage keys on your device for the purposes of deduplicating events from the same browser session. We rely on your informed consent for this processing, and we operate PostHog in its EU data region.
Admin localStorage (/admin only)
If you authenticate into the administrative console at /admin, a single localStorage key (trs.admin_token) holds your admin token locally on your device so you do not need to re-authenticate on every page load. This applies only to authorized operators of Third Rail Systems OÜ.
Memo read-progress (localStorage)
If you scroll through our Strategic Memo to completion, we record a single boolean flag (trs.memo_read) on your device. If you subsequently submit the pilot-request form, this flag is sent with your submission solely so we can qualify your enquiry (it helps us know whether to lead with the memo content on our follow-up call). You can clear this value at any time by clearing site storage for this domain.

3. What we do not use

  • No advertising cookies.
  • No cross-site tracking or ad-network pixels.
  • No social-media share trackers.
  • No fingerprinting or probabilistic identity-matching of visitors.

4. How to control these

You can refuse or withdraw consent to product analytics at any time. We offer two controls:

  • Browser-level: disable third-party cookies and/or local storage in your browser settings. Modern privacy browsers (e.g. Safari Intelligent Tracking Prevention, Firefox Total Cookie Protection) already limit what PostHog can persist.
  • Do Not Track / Global Privacy Control: our analytics layer honours DNT: 1 and the Sec-GPC: 1 header where sent.
  • Opt-out email: write to privacy@thirdrailsystems.ee and we will suppress your analytics identifier server-side.

A consent banner compliant with the EDPB's Guidelines 03/2022 on deceptive design patterns is deployed across the Website. PostHog is not initialised at page load — it is loaded only after a visitor explicitly clicks "Accept all" in that banner. Visitors who select "Reject non-essential" never have the analytics library loaded into their browser. Either choice can be revoked at any time via the "Cookie settings" link in the site footer. Where session recording is enabled, it runs with the most conservative defaults (recording disabled for authenticated sessions, IPs anonymised).

5. Contact

Questions about this notice: privacy@thirdrailsystems.ee.

v1.0 · Tallinn · EU-Native