Automize RPA SaaS Platform
Capitol Hill Consulting (Pty) Ltd

1. INTRODUCTION

This Cookie Policy explains how Capitol Hill Consulting (Pty) Ltd ("Capitol Hill", "Automize", "we", "us", or "our") uses cookies and similar technologies on:

• Our website at automize.co.za and all sub-domains (the "Sites")
• The Automize RPA Platform web application (the "Platform")

This Cookie Policy should be read together with our Privacy Policy and Terms of Service.

By using our Sites or Platform, you consent to the use of cookies as described in this Cookie Policy. You can manage your cookie preferences as explained in Section 6 below.

2. WHAT ARE COOKIES?

2.1 Definition

Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

2.2 How Cookies Work

When you visit our Sites or Platform:

1. Your browser requests a web page from our server
2. Our server sends the page along with one or more cookies
3. Your browser stores the cookie on your device
4. When you visit again, your browser sends the cookie back to our server
5. This allows us to recognize you and remember your preferences

2.3 Types of Cookies

Session Cookies:

• Temporary cookies that expire when you close your browser
• Used for essential functions like keeping you logged in
• Deleted automatically when you end your session

Persistent Cookies:

• Remain on your device for a set period or until you delete them
• Used to remember your preferences and settings
• Help us understand how you use our Sites over time

First-Party Cookies:

• Set by us (Automize/Capitol Hill)
• Used to operate our Sites and Platform
• Subject to this Cookie Policy

Third-Party Cookies:

• Set by other companies (e.g., Google Analytics)
• Used for analytics and performance monitoring
• Subject to third parties' privacy policies

3. SIMILAR TECHNOLOGIES

In addition to cookies, we use other similar technologies:

3.1 Local Storage

What it is: Browser-based storage that allows us to store data locally on your device.

How we use it:

• Display settings: We store a display variable in local storage to remember your UI preferences, such as whether certain interface elements are expanded or collapsed, which view mode you prefer, and other display-related settings
• Store user interface preferences
• Improve performance by caching display configurations
• Remember your settings between visits

Specific Local Storage Items:

• display - Stores your interface display preferences and UI state

Difference from cookies: Local storage doesn't expire automatically and holds more data than cookies. Unlike cookies, local storage data is not automatically sent to our servers with each request.

3.2 Web Beacons (Pixels)

What they are: Tiny, transparent image files embedded in web pages or emails.

How we use them:

• Track whether emails have been opened
• Understand which pages are visited
• Measure effectiveness of communications
• Work in conjunction with cookies for analytics

3.3 Session Storage

What it is: Temporary browser storage that exists only for the duration of your browsing session.

How we use it:

• Store temporary data during your session
• Maintain state during multi-step processes
• Improve performance for single-session activities

4. COOKIES WE USE

4.1 Essential Cookies (Strictly Necessary)

These cookies are necessary for the Sites and Platform to function properly. You cannot opt out of these cookies as they are essential for security and core functionality.

Legal Basis: These cookies are necessary for the performance of our contract with you and to provide the Services you've requested.

4.2 Functional Cookies (User Experience)

These cookies and local storage enable enhanced functionality and personalization. The Sites and Platform will still work without them, but your experience may be limited.

Note: We primarily use Local Storage (not cookies) for display preferences. The display variable in local storage remembers your UI settings such as sidebar state, panel expansions, and view preferences.

Local Storage (Functional): | Storage Key | Purpose | Persistence | |-------------|---------|-------------| | display | Stores UI display preferences (sidebar state, panel visibility, view modes) | Until manually cleared |

Legal Basis: Local storage items are processed based on your consent or our legitimate interest in providing you with an improved user experience.

Can be disabled: Yes - You can clear local storage through your browser settings (see Section 6.4). Note: Clearing local storage will reset all your display preferences to defaults.

4.3 Analytics Cookies (Performance & Usage)

These cookies help us understand how visitors interact with our Sites and Platform. They collect anonymous information about page visits, traffic sources, and user behavior.

What we track:

• Pages and features you visit
• Time spent on pages
• Click patterns and navigation paths
• Technical information (browser, device type, screen size)
• Performance metrics (page load times)
• Error occurrences

What we DON'T track:

• Your personal data or identity
• Your actual process data or configurations
• Content of your automated processes
• Client data processed by RPA bots
• Passwords or credentials

Legal Basis: Processed based on your consent or our legitimate interest in improving the Services.

Can be disabled: Yes - See Section 6 for instructions.

Google Analytics: For more information about how Google uses data collected through our Sites, visit: https://www.google.com/policies/privacy/partners/

4.4 Security Cookies

These cookies help us detect and prevent security threats, fraud, and abuse.

Note: The token cookie serves dual purposes - both as an essential authentication cookie and as a security measure. It contains encrypted authentication data that validates each request and protects against unauthorized access.

Legal Basis: These cookies are necessary for our legitimate interests in protecting our Services and users from security threats.

Can be disabled: No - These are essential for security.

5. COOKIES WE DO NOT USE

To respect your privacy, we want to be clear about what we do NOT do:

❌ We DO NOT use:

• Advertising cookies
• Retargeting or remarketing cookies
• Social media tracking pixels (Facebook Pixel, LinkedIn Insight Tag, etc.)
• Third-party advertising networks
• Cross-site tracking cookies
• Cookies that sell your data to third parties
• Cookies for profiling or automated decision-making that affects your rights

❌ We DO NOT:

• Track you across other websites
• Share cookie data with advertisers
• Use cookies to build advertising profiles
• Respond to "Do Not Track" signals (because we don't track for advertising anyway)

6. MANAGING YOUR COOKIE PREFERENCES

6.1 Cookie Consent Banner

When you first visit our Sites, you'll see a cookie consent banner that allows you to:

• Accept All Cookies - Allow all cookies including analytics
• Essential Only - Accept only necessary cookies
• Customize - Choose which types of cookies to accept
• Reject All - Block all non-essential cookies

Your choice is stored in the cookie_consent cookie for 12 months.

6.2 Change Your Preferences

You can change your cookie preferences at any time by:

Option 1: Cookie Settings Link

• Click "Cookie Settings" in the footer of any page
• Update your preferences
• Save changes

Option 2: Browser Settings

• Configure your browser to block or delete cookies (see Section 6.4)

Option 3: Account Settings (for logged-in users)

• Go to Account Settings → Privacy & Cookies
• Manage your cookie preferences
• Save changes

6.3 Opt Out of Google Analytics

Browser Plugin: Install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Cookie Settings: Use our cookie consent banner to disable analytics cookies.

6.4 Browser Cookie Controls

Most browsers allow you to:

• View cookies stored on your device
• Delete all or specific cookies
• Block third-party cookies
• Block all cookies
• Clear cookies when you close the browser

How to manage cookies in popular browsers:

Google Chrome: Settings → Privacy and security → Cookies and other site data https://support.google.com/chrome/answer/95647

Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop

Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data https://support.microsoft.com/microsoft-edge/delete-cookies-in-microsoft-edge

Safari: Preferences → Privacy → Manage Website Data https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac

Mobile Browsers: Check your mobile browser's settings or help documentation.

6.5 Impact of Disabling Cookies

If you disable Essential Cookies:

• ⚠️ You cannot log in to the Platform (the token and email cookies are required for authentication)
• ⚠️ Account autodiscovery will not work
• ⚠️ Security features may not work
• ⚠️ The Sites may not function properly
• ⚠️ You cannot use the Services

If you disable Functional Cookies or clear Local Storage:

• Your UI preferences (stored in display local storage variable) won't be remembered between sessions
• Your language and timezone preferences won't be saved
• You'll need to reconfigure settings each visit
• The platform will work, but you'll need to adjust display settings each time

If you disable Analytics Cookies:

• ✅ Your visit won't be tracked for analytics
• ✅ Sites and Services will work normally
• We won't be able to measure usage and improve features based on your behavior

7. COOKIES AND PERSONAL DATA

7.1 Cookies Containing Personal Data

Most of our cookies do not contain personal data. However, some cookies (especially authentication cookies) may contain encrypted identifiers that link to your personal data.

Cookies with personal identifiers:

• token - Contains encrypted authentication data linking to your user account
• email - Contains your email address for authentication
• autodiscover - May contain account configuration data

Local Storage with personal identifiers:

• display - May contain user-specific UI preferences

These cookies and local storage items are:

• Encrypted and secure (where applicable)
• Not readable by third parties
• Subject to our Privacy Policy
• Protected by appropriate security measures

7.2 Data Protection Rights

If cookies contain your personal data, you have rights under GDPR and POPIA:

• Right to Access - Request what data is stored in cookies
• Right to Erasure - Request deletion of cookie data
• Right to Restrict - Limit how cookies are used
• Right to Object - Object to cookie usage (for non-essential cookies)

To exercise these rights, contact: privacy@automize.co.za

7.3 Data Retention

Cookies are retained as follows:

• token and autodiscover: Deleted when you close your browser (session cookies)
• email: May persist longer depending on your login settings
• language and timezone: 12 months
• cookie_consent: 12 months
• After expiration, cookies are automatically deleted
• You can manually delete cookies at any time (Section 6)

Local Storage:

• display variable: Persists until you manually clear it or clear browser data
• Does not expire automatically like cookies
• Can be cleared through browser settings (see Section 6.4)

Data collected via cookies:

• Analytics data: Retained for 26 months (Google Analytics default)
• Usage data: Retained for 12 months
• Error logs: Retained for 90 days
• Security logs: Retained for 90 days

8. INTERNATIONAL TRANSFERS

8.1 Where Cookie Data is Processed

Cookies we set are stored on your device (in your location). However, data collected via cookies may be transmitted to:

• Our servers - Located in AWS Europe (Ireland) region - this provides strong data protection within the EU/EEA
• Google Analytics - Processed by Google in the United States and other locations
• Other service providers - As specified in our Privacy Policy

8.2 Safeguards for Transfers

When cookie data is transferred internationally:

• We use Standard Contractual Clauses (SCCs) approved by the EU Commission
• We ensure adequate security measures are in place
• We comply with GDPR, POPIA, and UAE data protection requirements
• Third parties are contractually bound to protect data

8.3 Your Rights

If you are in the UK or EU, you have the right to:

• Object to international transfers in certain circumstances
• Request information about safeguards in place
• Lodge a complaint with your supervisory authority

9. THIRD-PARTY COOKIES

9.1 Google Analytics

We use Google Analytics to understand how visitors use our Sites and Platform.

What Google collects:

• Pages visited and time spent
• Referring website
• Browser and device information
• Geographic location (country/city level)
• User interactions and clicks

Google's use of data: Google may use this data for its own purposes, including improving Google Analytics and other Google services.

More information:

• Google Privacy Policy: https://policies.google.com/privacy
• Google Analytics Terms: https://marketingplatform.google.com/about/analytics/terms/
• How Google uses data: https://policies.google.com/technologies/partner-sites

Opt-out:

• Use our cookie consent settings
• Install Google Analytics Opt-out Browser Add-on
• Enable "Do Not Track" in your browser settings

9.2 No Other Third Parties

We do not use cookies from:

• Social media platforms (Facebook, Twitter, LinkedIn, etc.)
• Advertising networks
• Retargeting services
• Other analytics providers (besides Google Analytics)

If we add third-party cookies in the future, we will update this Cookie Policy and notify you through the cookie consent banner.

10. COOKIES ON MOBILE APPS (FUTURE)

Currently, Automize is a web-based platform accessed through browsers. We do not have native mobile apps.

If we develop mobile apps in the future:

• Mobile apps may use similar technologies (local storage, device IDs)
• A separate Mobile Privacy Notice may be provided
• You will be notified and asked to consent to data collection
• This Cookie Policy will be updated accordingly

11. DO NOT TRACK SIGNALS

11.1 What is Do Not Track?

"Do Not Track" (DNT) is a browser setting that signals to websites that you don't want to be tracked across websites for advertising purposes.

11.2 Our Response to DNT

We do not currently respond to Do Not Track signals because:

• We don't track you for advertising purposes anyway
• We don't use cross-site tracking
• We don't share tracking data with advertisers
• Our tracking is limited to our own Sites and Platform for analytics and functionality

11.3 Your Control

Since we don't engage in the tracking behaviors DNT is designed to prevent, enabling DNT won't change how we collect data. However, you can:

• Use our cookie consent settings to control tracking
• Disable analytics cookies
• Use browser cookie controls
• Opt out of Google Analytics

12. COOKIES AND SECURITY

12.1 How We Protect Cookie Data

Security measures:

• Secure (HTTPS-only) cookies for authentication
• HttpOnly flags to prevent JavaScript access
• SameSite attributes to prevent CSRF attacks
• Encryption of sensitive cookie data
• Regular security audits
• Secure transmission (TLS 1.2+)

12.2 Cookie Security Risks

Potential risks:

• Session hijacking - If cookies are intercepted, attackers could access your account
• Cross-site scripting (XSS) - Malicious scripts could steal cookies
• Cross-site request forgery (CSRF) - Unauthorized actions using your cookies

How we mitigate risks:

• Use HttpOnly and Secure flags
• Implement CSRF tokens
• Encrypt sensitive cookies
• Monitor for suspicious activity
• Use short session timeouts
• Require re-authentication for sensitive actions

12.3 Your Responsibilities

To protect your cookies:

• Use secure, private networks (avoid public Wi-Fi for sensitive activities)
• Keep your browser and operating system updated
• Use strong, unique passwords
• Log out when finished (especially on shared computers)
• Clear cookies on shared/public computers
• Enable browser security features
• Report suspicious activity immediately: security@automize.co.za

13. CHILDREN'S PRIVACY

13.1 Age Restrictions

Our Services are not intended for children under 18 years of age. We do not knowingly collect information from children through cookies or any other means.

13.2 Parental Rights

If you believe we have inadvertently collected information from a child through cookies:

• Contact us immediately: privacy@automize.co.za
• We will delete the information promptly
• We will investigate how the information was collected

14. CHANGES TO THIS COOKIE POLICY

14.1 Updates

We may update this Cookie Policy from time to time to reflect:

• Changes in cookies we use
• New technologies
• Changes in law or regulations
• Improvements to our Services
• Feedback from users

14.2 Notification

Material changes:

• Email notification to registered users
• Prominent notice on the Sites
• New cookie consent banner
• 30 days' notice before changes take effect

Minor changes:

• Updated "Last Updated" date
• Notice in cookie consent settings
• Effective immediately upon posting

14.3 Your Acceptance

Continued use of the Sites or Services after changes constitutes acceptance of the updated Cookie Policy. If you don't agree:

• You may adjust your cookie settings
• You may discontinue use of the Services
• Contact us with concerns: privacy@automize.co.za

15. CONTACT US

15.1 Questions About Cookies

If you have questions about this Cookie Policy or our use of cookies:

Email: privacy@automize.co.za
Subject line: "Cookie Policy Inquiry"

Mail: Capitol Hill Consulting (Pty) Ltd
Attn: Privacy Officer
4 Muller Street
Bethlehem, 9701
South Africa

15.2 Data Subject Requests

To exercise your rights regarding cookie data:

Email: privacy@automize.co.za
Subject line: "Data Subject Request - Cookies"

Online form: https://automize.co.za/data-subject-access-rights-request-form

We will respond within 30 days.

15.3 Complaints

If you're unhappy with how we use cookies:

Contact us first: privacy@automize.co.za

Supervisory authorities:

United Kingdom (GDPR): Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113
Email: casework@ico.org.uk

South Africa (POPIA): Information Regulator
Website: https://www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za
Phone: +27 10 023 5200

United Arab Emirates: [Contact relevant emirate authority based on your location]

16. COOKIE CONSENT RECORD

For your reference, we maintain a record of your cookie consent choices:

What we record:

• Date and time of consent
• Cookies you accepted/rejected
• Version of Cookie Policy you consented to
• Method of consent (banner, settings page, etc.)
• IP address (for security purposes)

Why we record this:

• Legal compliance (GDPR Article 7)
• Honor your choices
• Demonstrate compliance to regulators
• Resolve disputes about consent

How long we keep it:

• Duration of your account + 3 years
• Or as required by law

Your rights:

• Request a copy of your consent record
• Request deletion (subject to legal retention requirements)
• Update your preferences at any time

APPENDIX: COOKIE REFERENCE TABLE

Quick Reference - All Cookies We Use

SUMMARY FOR QUICK REFERENCE

✅ What we use cookies for:

• Keeping you logged in securely
• Remembering your preferences
• Understanding how people use our platform
• Improving our services
• Protecting against security threats

❌ What we DON'T use cookies for:

• Advertising or marketing to you on other websites
• Selling your data
• Tracking you across the internet
• Building advertising profiles

🔒 Your control:

• Accept or reject non-essential cookies
• Change preferences at any time
• Delete cookies through browser settings
• Opt out of Google Analytics

Questions? privacy@automize.co.za

© 2025 Capitol Hill Consulting (Pty) Ltd. All rights reserved.

Document Version: 1.0
Effective Date: November 2025
Last Updated: November 2025

QUICK LINKS

• Privacy Policy
• Terms of Service
• Cookie Settings - Manage your preferences
• Contact Us