Cookie policy

Last updated: 11 May 2026

This Cookie Policy explains how BITEBACK uses cookies and similar technologies on bitebackdefense.com (the "Site"), what choices you have, and how to manage your preferences. It complements our Privacy Policy.

If you have any questions, contact us at privacy@bitebackdefense.com.

1. What is a cookie?

A cookie is a small text file stored in your browser when you visit a website. Cookies let the site remember things — what's in your cart, that you've already accepted our cookie banner, what your language preference is — so the next page or the next visit isn't a fresh start. Some cookies are essential; others help us measure how the Site is performing or show you relevant ads on Meta or TikTok.

We also use similar technologies — local storage, session storage, pixel beacons, and server-side analytics — covered by the same rules described below.

2. The four categories of cookies we use

Strictly necessary

These cookies are required for the Site to function. They handle your shopping cart, your checkout session, security tokens, and the cookie banner itself. They cannot be switched off — without them, you cannot place an order. Specific cookies in this category include Shopify's session and cart cookies (such as _shopify_s, cart, _secure_session_id) and our own consent record (biteback_consent_v1 in your browser's local storage).

Analytics

These cookies help us understand how visitors use the Site — which pages they view, which products they look at, where they get stuck. Data is processed in aggregate; we don't try to identify individual visitors from analytics traces. Specific cookies include Shopify's storefront analytics cookies (such as _shopify_y and Shopify Trekkie). Analytics cookies fire only after you've consented (in GDPR-equivalent jurisdictions) or unless you've opted out (elsewhere).

Marketing

These cookies measure the effectiveness of our advertising on Meta (Facebook / Instagram) and TikTok and help personalise the ads you see. We use a server-side attribution layer (FirstTrack) so customer-identifiable data is never shared with ad platforms beyond what's necessary for measurement. Marketing cookies fire only after you've consented (GDPR-equivalent jurisdictions) or unless you've opted out (elsewhere).

Preferences

These cookies remember non-essential choices — language, currency, recently viewed products, whether you've dismissed a promotional banner. They make return visits smoother but aren't required to use the Site.

3. How to manage your cookie preferences

There are four ways to control cookies on the Site:

Our cookie banner

The cookie banner appears the first time you visit the Site. It offers two equally-prominent buttons — Accept all and Reject all — plus a Manage your preferences link that lets you choose categories individually. Your choice is remembered for 13 months, after which we'll ask again. If you change country between visits (for example, you travel from Canada to the United States), we'll also ask again because the default rules differ by jurisdiction.

You can reopen the preferences dialog at any time by clicking "Do Not Sell or Share My Personal Information" at the bottom of any page on the Site.

Global Privacy Control (Sec-GPC)

If your browser sends a Sec-GPC: 1 signal — supported by Firefox, Brave, DuckDuckGo, and several privacy extensions — we automatically decline analytics and marketing cookies on your behalf, without showing the banner. This satisfies the CCPA / CPRA opt-out signal requirement for California residents and equivalent rules in other U.S. states.

Your browser settings

Every major browser lets you block, delete, or selectively allow cookies. Instructions: Chrome, Safari (iOS), Safari (macOS), Firefox, Edge. Blocking strictly necessary cookies at the browser level will break the cart and checkout.

Opt-out signals for advertising platforms

You can also opt out of personalised advertising at the platform level: Meta (Facebook / Instagram) Ad Preferences, TikTok Cookie Settings. These platform-level opt-outs cover ads served on those platforms regardless of your choices here.

4. Cookies set by third parties

Some cookies on the Site are set by service providers we work with. We list the relevant ones in our Privacy Policy; this page focuses on cookie-specific behaviour.

  • Shopify — sets session, cart, checkout, and analytics cookies. Required for the Site to function.
  • FirstTrack (when active) — our ad-tracking layer; sets a first-party measurement cookie used to attribute purchases to ad campaigns without sharing customer-identifying data with ad platforms.
  • Meta & TikTok — when you've consented to marketing cookies, our ads platforms may set their own cookies on the Site to measure ad performance.
  • biteback-reviews (reviews.bitebackdefense.com) — our own first-party reviews backend; sets a session cookie when you submit a review so we can verify the submission.
  • Cloudflare — provides DNS, CDN, and security for the Site; sets cookies (__cf_bm, cf_clearance) for bot protection. These are strictly necessary and cannot be disabled.

5. California residents — "Do Not Sell or Share"

The CCPA / CPRA give California residents the right to opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell personal information for cash. Some of our advertising activity may qualify as "sharing" under California's broad definition.

You can opt out at any time by clicking "Do Not Sell or Share My Personal Information" in the Site footer, by sending a Sec-GPC signal (see Section 3), or by emailing privacy@bitebackdefense.com from the address associated with your account.

6. EU, UK, Switzerland — GDPR / UK GDPR

If you access the Site from the EU, UK, Switzerland, or another GDPR-equivalent jurisdiction, our cookie banner runs in opt-in mode — analytics and marketing cookies are blocked until you explicitly consent. You may withdraw consent at any time via the preferences dialog (see Section 3) or your browser settings. Withdrawing consent does not affect cookies that were lawful before your withdrawal.

Where we rely on legitimate interest as a legal basis for processing (strictly necessary cookies), you have the right to object — email privacy@bitebackdefense.com.

7. Canada — PIPEDA & Quebec Law 25

For visitors from Canada, our cookie banner runs in opt-in mode in compliance with PIPEDA and Quebec's Law 25. Analytics and marketing cookies are off by default; we'll only set them after you click Accept all or specifically enable the relevant category. Strictly necessary cookies are exempt from this rule.

The Accept and Reject buttons on our banner are presented with equal visual prominence, in line with Law 25's prohibition on dark patterns.

8. Changes to this policy

We may update this Cookie Policy from time to time — for example, when we add a new service provider or change which cookies are set. The "Last updated" date at the top reflects the most recent change. If the change is material (a new category of tracking, a new third-party partner), we'll re-prompt the banner so you can review your choices.

9. Contact

For cookie or privacy questions, contact:

BITEBACK
Email: privacy@bitebackdefense.com

This policy reflects our current cookie practices. We recommend reviewing it with qualified counsel before relying on it in any dispute.