Legal

Cookie Policy

Effective: May 15, 2026

Governing law: Commonwealth of Pennsylvania.


Scope of this document

This Cookie Policy describes how cookies and similar technologies are used on the rubicontrading.io website (the "Site"). This Cookie Policy applies to the Site only; the Rubicon desktop platform itself does not use browser cookies.

This Cookie Policy supplements the Company's Privacy Policy, which describes the broader collection, use, retention, and sharing of personal information by the Company. Where this Cookie Policy and the Privacy Policy address the same subject matter, the more specific provision controls; the Privacy Policy is otherwise the canonical document for data-handling practices.

1. What cookies are

1.1 A cookie is a small text file that a website stores on the device through which a visitor accesses the website. Cookies allow the website to recognize the visitor's device on subsequent visits and to retain information about the visitor's interaction with the website (such as login state, preferences, or analytics identifiers).

1.2 The Site may also use similar technologies that function comparably to cookies, including local storage (HTML5 Web Storage, IndexedDB), session storage, pixel tags (also known as web beacons or clear GIFs), and similar tracking identifiers. References to "cookies" in this Cookie Policy include these similar technologies.

1.3 Cookies may be session cookies (deleted when the browser session ends) or persistent cookies (retained for a defined period or until the visitor clears them). Cookies may be first-party (set by the Site directly) or third-party (set by a third-party service the Site uses).

2. Cookie categories used by the Site

2.1 Essential cookies. Cookies that are strictly necessary for the Site to function and for the Company to provide the services the visitor has requested. Essential cookies typically include session cookies that maintain login state, cookies that remember items in a checkout flow, cookies that maintain CSRF protection state, and cookies that record cookie-preference selections.

2.2 Functionality cookies. Cookies that enable enhanced functionality on the Site (such as remembering visitor preferences, language settings, or interface customizations) but are not strictly necessary for the Site to function.

2.3 Analytics cookies. Cookies that the Company or its third-party analytics providers use to understand how visitors interact with the Site (such as which pages are visited, how long a visitor stays on a page, and which links a visitor follows). Analytics cookies help the Company improve the Site.

2.4 Advertising cookies. Cookies that the Company or its advertising partners (if any) use to deliver advertising relevant to the visitor's interests, to measure advertising effectiveness, or to limit the number of times the visitor sees a specific advertisement. The Company does not currently operate a paid advertising program; this category is reserved for future disclosure if advertising cookies are added.

2.5 Cookie inventory. A specific, up-to-date inventory of cookies used by the Site (including each cookie's name, category, provider, purpose, and retention period) is published at a "Cookie Inventory" sub-page on the Site, accessible from the Site's footer.

3. Why the Site uses cookies

The Site uses cookies for the following purposes:

(a) to authenticate visitors who have signed in to a Company account and to maintain session state;

(b) to remember items in a checkout flow during a Subscription signup or plan change;

(c) to operate the Stripe-hosted payment flow (described in §4 below);

(d) to remember the visitor's cookie-preference selections under §5 below;

(e) to operate the Site's basic functionality (CSRF protection, load balancing, security event detection);

(f) where the visitor has consented (under §7 for visitors subject to GDPR) or has not exercised an opt-out (under §6 for visitors subject to CCPA), to collect aggregated analytics about how visitors use the Site; and

(g) to remember visitor preferences and Site customizations (language, theme).

4. Third-party cookies

4.1 Stripe. When a visitor proceeds through the Stripe-hosted checkout flow for a Subscription purchase, Stripe sets cookies on the visitor's device to operate Stripe's checkout functionality (including fraud-prevention features). Stripe's use of cookies is governed by Stripe's own cookie notice and privacy policy available at stripe.com.

4.2 Sentry. The Company uses Sentry for Site error monitoring. Sentry may set cookies in connection with Site error-event collection. Sentry's use of cookies is governed by Sentry's own cookie notice and privacy policy.

4.3 Analytics provider (if applicable). If the Site uses a third-party analytics provider, that provider may set analytics cookies on the visitor's device. The current analytics provider, if any, is identified in the Cookie Inventory referenced in §2.5. The Company does not currently use any analytics provider on the Site that sells visitor data; the Company will update this Cookie Policy and the Privacy Policy if that changes.

4.4 No advertising third parties. The Site does not currently load cookies from advertising third parties (such as Google Ads, Meta, or other ad networks). The Company will update this Cookie Policy if that changes.

5. How to manage cookie preferences

5.1 Browser settings. Most browsers allow visitors to manage cookies through browser-level settings, including options to: (a) block all cookies; (b) block third-party cookies only; (c) delete cookies on browser exit; and (d) delete specific cookies individually. Visitors should consult their browser's documentation for instructions.

5.2 Cookie-preference center on the Site. The Site presents a cookie-preference banner on first visit (subject to §7 for visitors in jurisdictions requiring affirmative consent) and a persistent cookie-preference link in the Site footer. The preference center allows visitors to:

(a) accept all non-essential cookie categories;

(b) reject all non-essential cookie categories;

(c) accept some non-essential categories and reject others; and

(d) change a prior preference at any time.

5.3 Global Privacy Control (GPC). The Site honors the Global Privacy Control signal as a "Do Not Sell or Share My Personal Information" opt-out for visitors subject to CCPA per §6 below. Visitors who have GPC enabled in their browser do not need to take any additional action on the Site to exercise the CCPA opt-out.

5.4 Blocking essential cookies. Blocking essential cookies may render portions of the Site (such as account sign-in or checkout) non-functional. The Company does not provide a "reject all" option that includes essential cookies; visitors who do not consent to essential cookies must not use the affected Site features.

6. CCPA "Do Not Sell or Share My Personal Information"

6.1 Applicability. This §6 applies to visitors who are California residents at the time of Site use and are otherwise within the scope of the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.), as amended by the California Privacy Rights Act (collectively, "CCPA").

6.2 No sale of personal information. The Company does not "sell" personal information as that term is defined in CCPA.

6.3 "Sharing" for cross-context behavioral advertising. The Company does not currently "share" personal information for cross-context behavioral advertising as that term is defined in CCPA. If that changes, the Company will update this Cookie Policy and the Privacy Policy.

6.4 GPC honored. The Company honors the Global Privacy Control signal as a valid opt-out under CCPA per §5.3.

6.5 Right to opt out. California-resident visitors may also opt out of any future sale or sharing by sending an email to contact@rubicontrading.io with the subject line "CCPA Opt-Out" or by using the "Do Not Sell or Share My Personal Information" link in the Site footer.

7. GDPR consent mechanism

7.1 Applicability. This §7 applies to visitors who are within the scope of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") or the United Kingdom General Data Protection Regulation ("UK GDPR") at the time of Site use.

7.2 Affirmative consent for non-essential cookies. For visitors subject to GDPR or UK GDPR, the Site presents a cookie banner on first visit requesting affirmative consent to non-essential cookie categories before any non-essential cookies are set. The banner permits the visitor to:

(a) Accept all non-essential categories;

(b) Reject all non-essential categories;

(c) Customize acceptance on a per-category basis; and

(d) review the Site's Cookie Policy and Cookie Inventory before deciding.

7.3 No pre-checked boxes. Pre-checked consent boxes are not used. The Site does not interpret non-action (such as scrolling or closing the banner) as consent.

7.4 Withdrawal of consent. Visitors may withdraw consent at any time through the cookie-preference center in the Site footer. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

7.5 Essential cookies. Essential cookies are set without consent under the GDPR strictly-necessary exception. The Site's strictly-necessary cookies are identified in the Cookie Inventory.

7.6 Data subject rights. The Privacy Policy describes the broader set of data-subject rights available to visitors subject to GDPR or UK GDPR, including the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object.

8. Changes to this Cookie Policy

8.1 The Company may modify this Cookie Policy from time to time. Material modifications (including the addition of new cookie categories, new third-party cookie providers, or material changes to the consent or opt-out mechanisms) will be communicated through:

(a) a notice on the Site;

(b) for visitors with a Company account, an email to the address associated with the account; and

(c) a refreshed cookie-preference banner that requires the visitor to re-confirm prior preferences in light of the change.

8.2 The "Effective date" at the top of this document reflects the date of the most recent revision.

9. Contact

Questions about this Cookie Policy or about cookies used by the Site may be directed to contact@rubicontrading.io or by mail to ShapeUp LLC, Attn: Privacy, 2040 Linglestown Road, Suite 109, Harrisburg, PA 17110.

10. Governing law

10.1 This Cookie Policy is governed by, and construed in accordance with, the laws of the Commonwealth of Pennsylvania, without regard to its conflict-of-laws principles, except as applicable consumer-protection statutes of other U.S. or non-U.S. jurisdictions extend additional rights or obligations to visitors in those jurisdictions (including CCPA in California and GDPR / UK GDPR in Europe).

10.2 Venue and dispute-resolution provisions for disputes arising under this Cookie Policy track the Terms of Service §7.3 (binding individual arbitration administered by the American Arbitration Association under its Consumer Arbitration Rules; seat in Harrisburg, Pennsylvania; class-action waiver with severability rebound; 30-day opt-out per ToS §7.3(e)).

10.3 If any provision of this Cookie Policy is held invalid or unenforceable, the remaining provisions remain in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to render it enforceable while preserving the parties' intent (severability rebound).