Website Compliance

1. Cookie Policy

Purpose

Disclose all cookies, tracking technologies, and similar technologies used on the website, mobile apps, dashboards, and customer portals.

Should Cover

Essential cookies

Authentication/session cookies

Analytics cookies

Advertising/remarketing cookies

Performance monitoring cookies

Third-party cookies

Embedded content tracking

Device fingerprinting disclosures

Pixel tracking disclosures

Retention periods

Cookie management instructions

Browser opt-out instructions

“Do Not Track” disclosure

International transfer disclosures

Vendor disclosure categories (Google, Meta, TikTok, Stripe, etc.)

Important Language

User consent before non-essential cookies

Continued browsing does not equal consent where legally prohibited

Right to withdraw consent

Regional compliance (GDPR/UK GDPR/CCPA/CPRA)

2. Consent Banners

Banner Requirements

Must appear before non-essential tracking activates.

Banner Should Include

Accept All

Reject Non-Essential

Customize Preferences

Link to Privacy Policy

Link to Cookie Policy

Must Disclose

Analytics usage

Advertising/remarketing usage

Session recording if applicable

Cross-site tracking

Third-party data sharing

Technical Compliance

No ad/analytics cookies before consent in regulated regions

Consent logging/audit trail retention

Ability to modify preferences later

Geo-targeted compliance logic

3. Marketing Consent

Covers

Email marketing subscriptions

Promotional offers

Product updates

Event/webinar invitations

Partner/promotional communications

Required Elements

Explicit opt-in language

No pre-checked boxes

Separate from Terms acceptance

Clear unsubscribe instructions

Consent logging timestamps/IPs

Preference management portal

Include Language

Consent is voluntary

Purchase not required for marketing consent

Frequency disclosures where applicable

Third-party marketing disclosures if ever used

4. SMS Consent

Covers

Security alerts

Installation scheduling

Billing notifications

Marketing/promotional SMS

Support communications

Required TCPA-Compliant Language

“By providing your phone number, you consent to receive automated and non-automated text messages from PerimeterEye.”

Message/data rates may apply

Consent not required for purchase

STOP/HELP instructions

Carrier disclaimer

Frequency disclosure

Must Separate

Transactional SMS consent

Marketing SMS consent

Recordkeeping

Store:

timestamp

IP address

consent language version

phone number

source form/page

5. CAN-SPAM / TCPA Compliance

CAN-SPAM Requirements

Accurate sender information

Non-deceptive subject lines

Physical business address

One-click unsubscribe

Opt-out honored within legal timelines

No purchased/spam lists

Clear ad identification where required

TCPA Requirements

Prior express written consent for marketing SMS/calls

Consent records retained

Auto-dialer disclosures

Revocation handling

Internal DNC procedures

Third-party lead source compliance

Additional Protection Language

PerimeterEye reserves the right to suspend abusive messaging behavior

Fraudulent opt-ins prohibited

User responsible for providing accurate contact information

6. Call Recording Disclosures

Should Disclose

Calls may be recorded or monitored

Purpose:

quality assurance

training

fraud prevention

support verification

dispute resolution

Compliance Requirements

State-by-state two-party consent review

Verbal IVR disclosure

Written disclosure in contact forms

Recorded consent retention

Include

Third-party call center/vendor recording disclosures

Storage/retention policies

Law enforcement disclosure rights

7. Analytics / Tracking Disclosures

Covers

Google Analytics

Meta Pixel

TikTok Pixel

Hotjar/session replay

FullStory/session recording

Device/browser fingerprinting

Event tracking

User interaction analytics

Must Disclose

Pages visited

Session duration

Click behavior

Device/browser data

Approximate location data

Referral sources

Conversion tracking

Heatmaps/session replay if used

User Rights

Opt-out mechanisms

Cookie preference controls

Ad personalization opt-outs

8. Remarketing / Ad Tracking Disclosures

Covers

Retargeting ads

Lookalike audiences

Cross-platform advertising

Behavioral advertising

Third-party ad networks

Must Disclose

Ads may appear after users visit website

Third parties may use cookies/pixels

Data sharing with advertising providers

Cross-device tracking possibility

Platforms Potentially Covered

Google Ads

Meta/Facebook

Instagram

TikTok

LinkedIn

YouTube

Additional Protection

No guarantee ads are controlled by PerimeterEye after served through third-party networks

User responsible for managing ad settings on external platforms

9. Age Restrictions / Minimum Age Requirements

Recommended

Minimum age: 18 years old.

Include

Users under 18 prohibited from creating accounts

No intentional collection of children’s data

COPPA compliance language

Parent/guardian removal request procedures

Right to terminate underage accounts

Additional Language

Product intended for property owners or authorized occupants

Users responsible for ensuring lawful surveillance use

10. Accessibility Compliance Review

Recommended Standards

WCAG 2.1 AA review

ADA-focused accessibility practices

Review Areas

Keyboard navigation

Screen reader compatibility

Color contrast

Form labeling

Mobile accessibility

Closed captions/transcripts

Error messaging accessibility

Zoom/responsive scaling

Focus indicators

Recommended Operational Items

Accessibility statement page

Accessibility contact email

Ongoing remediation commitment

Third-party widget disclosure

Vendor accessibility review procedures

Important Protection Language

PerimeterEye continuously works to improve accessibility but cannot guarantee compatibility with all third-party tools, browsers, or assistive technologies.

11. Session Replay Disclosure

Covers

Session replay technologies

User interaction recordings

Website usability monitoring

Error diagnostics

Fraud/security monitoring

Must Disclose

Mouse movements

Click behavior

Scroll activity

Navigation patterns

Device/browser information

Session duration

Sensitive Data Protections

Password masking

Payment field masking

Sensitive input exclusions

Authentication token protection

PCI-sensitive field exclusion procedures

User Rights

Opt-out mechanisms where legally required

Cookie preference integration

Consent requirements in regulated jurisdictions

Vendor Disclosure

Disclose use of technologies such as:

Hotjar

FullStory

Microsoft Clarity

Similar behavioral analytics/session replay tools

Additional Protection Language

Session replay technologies are used solely for analytics, troubleshooting, fraud prevention, and product improvement purposes.

PerimeterEye does not intentionally capture sensitive financial credentials or payment card information through session replay technologies.

12. AI Interaction Disclosure

Covers

AI-assisted monitoring

AI-generated alerts

Automated threat analysis

AI-assisted support/chat systems

AI-driven recommendations

AI event classification

Must Disclose

AI outputs may not always be accurate

Human review may be required

AI-generated decisions may affect notifications/escalations

AI systems may generate false positives/false negatives

AI functionality may evolve over time

User Rights

Ability to contact human support

Ability to override certain automated workflows where applicable

Request review of disputed automated actions

Data Usage

AI systems may process:

video footage

audio data

event metadata

behavioral patterns

device/network information

Additional Protection Language

AI functionality is assistive in nature and does not guarantee detection, prevention, or prediction of criminal activity, emergencies, or threats.

PerimeterEye reserves the right to improve, retrain, modify, or update AI systems and models over time.

13. Security Disclosure

Covers

Platform security measures

Encryption standards

Account protections

Data handling safeguards

Incident response procedures

Must Disclose

Encryption in transit

Encryption at rest where applicable

Access controls

Authentication protections

Security monitoring

Logging/auditing procedures

Customer Responsibilities

Maintaining secure passwords

Protecting account credentials

Securing local networks/internet

Updating authorized contact information

Vulnerability Reporting

Security contact/reporting channel

Responsible disclosure procedures

Unauthorized testing restrictions without written approval

Additional Protection Language

No system can be guaranteed fully secure.

Users acknowledge cybersecurity threats may evolve over time.

PerimeterEye may suspend access during active security incidents or emergency maintenance.

14. State Privacy Law Addendum

Purpose

Provide supplemental disclosures and rights required under applicable U.S. state privacy laws.

Laws Potentially Covered

California Consumer Privacy Act (CCPA)

California Privacy Rights Act (CPRA)

Colorado Privacy Act (CPA)

Virginia Consumer Data Protection Act (VCDPA)

Connecticut Data Privacy Act (CTDPA)

Utah Consumer Privacy Act (UCPA)

Future enacted state privacy laws

Consumer Rights Disclosures

Where applicable, users may have rights to:

Access personal information

Correct inaccurate information

Delete personal information

Opt out of targeted advertising

Opt out of profiling/automated decision-making

Request data portability

Limit use of sensitive personal information

Required Operational Procedures

Identity verification procedures

Appeal procedures

Data request workflows

Authorized agent procedures

Retention/deletion handling

Sensitive Data Disclosures

Potential categories:

Video footage

Audio recordings

Device identifiers

IP addresses

Geolocation data

Account credentials

AI-generated event classifications

Sale/Sharing Disclosures

Whether data is “sold” or “shared” as legally defined

Advertising/analytics partner disclosures

Opt-out rights for targeted advertising

“Do Not Sell or Share” Rights

If applicable:

Dedicated opt-out mechanism

Footer link

Preference center integration

Retention Disclosures

Data retention periods

Criteria for retention determination

Legal/compliance retention exceptions

Additional Protection Language

PerimeterEye may deny requests where permitted by law, including fraud prevention, legal compliance, security obligations, contractual requirements, or protection of company rights and property.

15. International Privacy & Data Transfer Addendum

Covers

International visitors/users

Cross-border data transfers

International hosting/processing

Global compliance standards

Frameworks Potentially Covered

GDPR

UK GDPR

ePrivacy Directive

International transfer regulations

Must Disclose

Data storage regions

Cross-border transfers

International vendors/processors

Legal bases for processing

Legitimate interest processing

Consent-based processing

User Rights

Where applicable:

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to object

Right to data portability

Right to withdraw consent

International Transfer Mechanisms

Potentially include:

Standard Contractual Clauses (SCCs)

Vendor transfer agreements

Other legally recognized transfer mechanisms

Additional Protection Language

By using PerimeterEye services, users acknowledge that data may be processed in countries with different privacy laws than their jurisdiction of residence.