Login

Language

Cookie Policy

COOKIE & TRACKING TECHNOLOGIES POLICY

BLACK PANTERA LLC

November 2025
---------------------------------------------------------

1. INTRODUCTION

This Cookie & Tracking Technologies Policy (“Policy”) explains how Black Pantera LLC, a company incorporated in the State of Florida (“Black Pantera,” “we,” “us,” “our”), uses, deploys, governs, and manages Cookies, pixels, tags, scripts, SDKs, and other online identifiers (collectively, “Cookies”) on our website, Shopify store, landing pages, marketing pages, and any digital property that we own or control (collectively, the “Site”).

This Policy is designed to comply with global regulatory requirements, including:

  • EU General Data Protection Regulation (GDPR)
  • UK GDPR & ICO Guidance
  • EU ePrivacy Directive (Article 5(3))
  • California Consumer Privacy Act (CCPA) & CPRA
  • U.S. State Privacy Acts (VA, CO, CT, UT)
  • Brazil LGPD
  • Canada PIPEDA
  • Global Privacy Control (GPC)
  • IAB Transparency & Consent Framework (TCF) 2.2
  • Shopify, Google, Meta, TikTok, and ad network compliance

If you reside in a country or region requiring prior consent before loading non-essential cookies, such Cookies will not be deployed until you have provided valid consent through our CMP (Consent Management Platform).

Your continued use of the Site constitutes acceptance of this Policy under applicable laws.

2. AGE RESTRICTION (STRICTLY 18+)

This Site and all Black Pantera products are intended exclusively for adults aged 18 years or older.

We do not knowingly:

  • deploy Cookies to minors,
  • track or monitor users under 18,
  • store minors’ data,
  • permit minors to access our Site or services.

If we become aware that a minor has accessed our Site, all Cookies associated with that user will be cleared, blocked, and deleted, and the incident will be documented for compliance purposes.

3. WHAT ARE COOKIES & TRACKING TECHNOLOGIES?

Cookies consist of text files or script elements placed on your device to:

  • secure your session,
  • enable checkout functionality,
  • perform fraud prevention,
  • allow analytics and business intelligence,
  • improve site performance and user experience,
  • support advertising, retargeting, and measurement (where legally permitted),
  • allow heatmaps and session replay tools (with consent),
  • enable account functionality and preference storage.

Cookies may be:

  • First-party (set by us),
  • Third-party (set by partners such as Shopify, Google, Meta, TikTok),
  • Persistent or Session-based.

4. CATEGORIES OF COOKIES WE USE

4.1 Strictly Necessary Cookies (No Consent Required)

These are essential for:

  • security,
  • checkout,
  • fraud detection,
  • load balancing,
  • navigation,
  • service continuity.

Blocking these cookies may cause the Site to malfunction.

4.2 Functional Cookies (Consent Required in EU/UK)

Used for:

  • language preferences,
  • region and currency selection,
  • UI customization.

4.3 Performance Cookies (Consent Required)

Used for:

  • site optimization,
  • speed monitoring,
  • basic performance metrics.

4.4 Analytics Cookies (Consent Required)

Examples:

  • Google Analytics
  • Shopify Analytics
  • Klaviyo analytics cookies

Uses include:

  • understanding user behavior,
  • evaluating marketing performance,
  • optimizing product presentation.

We do not use analytics to infer sexual preferences, sexual behavior, or intimate activity.

4.5 Advertising & Targeting Cookies (Consent Required in EU/UK; Opt-Out in California)

Examples:

  • Meta Pixel
  • TikTok Pixel
  • Google Ads
  • Pinterest Tag (if used)

Used for:

  • campaign measurement,
  • ad delivery,
  • conversion tracking.

We do NOT use these cookies to analyze, infer, or track sexual identity or sexual behavior.

4.6 Security & Fraud Cookies (Legitimate Interest / Contract)

Used to:

  • detect bots,
  • verify transactions,
  • prevent abuse,
  • mitigate chargebacks.

Consent is not required because these cookies are essential.

4.7 Session Replay, Heatmaps & Behavioral UX Tools (Consent Required)

Examples:

  • Hotjar
  • Microsoft Clarity
  • FullStory
  • Lucky Orange

These tools:

  • mask keystrokes in sensitive fields,
  • do not collect payment information,
  • do not record intimate data,
  • do not infer sexual behavior.

They help us understand navigation paths and improve UX.

5. LEGAL BASES FOR PROCESSING (GDPR)

Category

Legal Basis

Strictly Necessary

Contract & Legitimate Interest

Functional

Consent

Performance

Consent

Analytics

Consent

Advertising

Consent

Security/Fraud

Legitimate Interest

Session Replay

Consent

6. CONSENT MANAGEMENT PLATFORM (CMP)

6.1 Mandatory Pre-Blocking Before Consent

No non-essential Cookies load before you consent, including:

  • analytics,
  • ads,
  • session replay,
  • personalization,
  • marketing tracking.

6.2 CMP Compliance Features

Our CMP:

  • Displays Accept All, Reject All, and Customize with equal prominence,
  • Blocks scripts until consent is captured,
  • Logs: timestamp, region, user-agent, IP, consent string, and policy version,
  • Supports IAB TCF 2.2,
  • Honors Global Privacy Control (GPC),
  • Allows withdrawal of consent at any time,
  • Stores consent logs for 24 months.

6.3 No Dark Patterns

Black Pantera declares:

We do not use deceptive design patterns to influence consent. Reject All is always accessible and equally prominent.

6.4 Scroll, Continued Use, and Banner Dismissal Are NOT Consent

Valid only if:

  • You click "Accept All", or
  • You enable categories individually.

7. COOKIE BANNER REQUIREMENTS

Our banner contains:

  • clear explanation of cookie categories,
  • purpose-based consent,
  • a link to this full Policy,
  • equal prominence for Accept/Reject,
  • granular controls.

8. WITHDRAWING CONSENT

You may withdraw consent at any time via:

  • the CMP link in the footer (“Manage Cookies”),
  • adjusting browser settings,
  • deleting cookies manually.

Withdrawal does not invalidate processing performed before withdrawal.

9. CPRA/CCPA — CALIFORNIA PRIVACY RIGHTS

Advertising Cookies may constitute “Sharing” under CPRA.

California users may:

  • opt-out of Sale/Share,
  • limit sensitive data usage,
  • send GPC signals to disable tracking,
  • request deletion.

When a user opts-out:

  • all ad cookies cease,
  • restricted signals (LDU) are sent to ad partners.

10. DO NOT SELL OR SHARE MY PERSONAL INFORMATION

We provide an always-on footer link.

Upon activation:

  • All third-party ad technologies are disabled,
  • A CPRA-compliant opt-out signal is stored,
  • GPC signals are enforced.

11. LIMIT THE USE OF MY SENSITIVE PERSONAL INFORMATION

Although we do NOT process sensitive personal information, we provide an opt-out mechanism to comply with CPRA.

Sensitive personal information includes:

  • sexual orientation,
  • sexual behavior,
  • intimate health data.

Black Pantera does not track, analyze, or infer any of the above through Cookies.

12. THIRD-PARTY COOKIES & INDEPENDENT CONTROLLERS

Some partners (Meta, Google, TikTok, Shopify, Hotjar) act as independent controllers.
We are not responsible for how they handle data once their Cookies are activated.

You should refer to their privacy policies to understand how they process data.

13. INTERNATIONAL TRANSFERS

Your data may be transferred outside your country, including:

  • United States,
  • Canada,
  • European Union,
  • Brazil.

We rely on:

  • Standard Contractual Clauses (SCCs),
  • Transfer Impact Assessments (TIAs),
  • technical & contractual safeguards.

14. RETENTION OF COOKIES

Category

Retention

Strictly Necessary

Session – 24 months

Functional

1–24 months

Analytics

1–24 months

Advertising

30 days – 24 months

Fraud/Security

Session – 12 months

Session Replay

Session – 12 months

15. COMPLETE COOKIE INVENTORY (TECHNICAL MATRIX)

Full List of Cookies, Pixels, Scripts & Tracking Technologies Used by Black Pantera LLC

15.1 STRICTLY NECESSARY COOKIES

----------------------------------------------------------

Cookie Name

Provider

Duration

Type

Category

Purpose

Data Collected

Legal Basis

CMP Blocked?

_shopify_y

Shopify

1 year

First-party

Strictly Necessary

Shopify internal operations, security

Anonymous session ID

Contract / Legitimate Interest

No

_shopify_s

Shopify

30 min

First-party

Strictly Necessary

Session management

Session token

Contract / Legitimate Interest

No

cart

Shopify

Session

First-party

Strictly Necessary

Enables cart functionality

Cart ID

Contract

No

checkout_token

Shopify

Session

First-party

Strictly Necessary

Checkout session continuity

Tokenized checkout ID

Contract

No

secure_customer_sig

Shopify

1 year

First-party

Strictly Necessary

Customer login security

Encrypted session token

Contract / Security

No

_pay_session

Shopify Payments

Session

Third-party

Strictly Necessary

Payment transaction continuity

Payment session info

Contract

No

localization

Shopify

2 years

First-party

Strictly Necessary

Storefront geo-localization

Region/currency

Legitimate Interest

No

----------------------------------------------------------

15.2 FUNCTIONAL COOKIES

----------------------------------------------------------

Cookie Name

Provider

Duration

Type

Purpose

Data Collected

CMP Blocked?

_shopify_country

Shopify

Session

First-party

Geo-based settings

Country code

Yes

_shopify_locale

Shopify

1 year

First-party

Language settings

Language preference

Yes

----------------------------------------------------------

15.3 PERFORMANCE COOKIES

----------------------------------------------------------

Cookie Name

Provider

Duration

Purpose

Data Collected

CMP Blocked?

_shopify_d

Shopify

Session

Performance diagnostics

Site performance metrics

Yes

_landing_page

Shopify

2 weeks

Landing page attribution

First page visited

Yes

----------------------------------------------------------

15.4 ANALYTICS COOKIES

----------------------------------------------------------

Google Analytics 4

Cookie Name

Duration

Purpose

Data Collected

Transfers Internationally?

CMP Blocked?

_ga

2 years

Unique visitor analytics

Randomized ID

Yes (SCCs)

Yes

**gacontainer **

2 years

Session analytics

Session identifiers

Yes

Yes

_gid

24 hours

Pageview analytics

Randomized ID

Yes

Yes

Note: GA4 does not collect sexual or intimate behavior data.

Shopify Analytics

Cookie Name

Duration

Purpose

Data Collected

CMP Blocked?

_shopify_fs

Session

Analytics

Browser info, timestamp

Yes

_s

30 min

Visit analytics

Session ID

Yes

Klaviyo Analytics

Cookie Name

Duration

Purpose

Data Collected

CMP Blocked?

_kla_id

2 years

Email attribution tracking

Email-to-site interaction

Yes

----------------------------------------------------------

15.5 ADVERTISING & TARGETING COOKIES

----------------------------------------------------------

Meta (Facebook) Pixel

Identifier

Purpose

Data Collected

Transfers?

CMP Blocked?

_fbp

Ad attribution & retargeting

Hashed IP, device type, events

Yes

Yes

Pixel events (PageView, ViewContent, AddToCart, Purchase)

Campaign optimization

Commerce event metadata

Yes

Yes

Black Pantera never uses Meta data to infer sexual activity or orientation.

TikTok Pixel

Identifier

Purpose

Data Collected

Transfers?

CMP Blocked?

_ttp

Ad performance & targeting

Event metadata, hashed signals

Yes

Yes

Compliance mode: “Restricted Data Mode” activated for California.

Google Ads / Conversion Tracking

Identifier

Duration

Purpose

CMP Blocked?

_gcl_au

90 days

Conversion measurement

Yes

----------------------------------------------------------

15.6 SECURITY, FRAUD & ABUSE PREVENTION COOKIES

----------------------------------------------------------

Cookie Name

Provider

Purpose

CMP Blocked?

Shopify Bot Protection Cookies

Shopify

Detect fake traffic

No

Shopify Fraud Analysis cookies

Shopify

Payment risk scoring

No

Cloudflare cookies (if used)

Cloudflare

DDoS mitigation

No

These cookies do not track user behavior for marketing.

----------------------------------------------------------

15.7 SESSION REPLAY & HEATMAP COOKIES

----------------------------------------------------------

Hotjar

Cookie Name

Duration

Purpose

Data Collected

Privacy Protections

CMP Blocked?

hjSessionUser*

1 year

User session analytics

Random ID

Keystroke masking

Yes

hjSession*

Session

Session continuity

Session ID

No sensitive fields captured

Yes

Microsoft Clarity

Identifier

Purpose

Notes

CMP Blocked?

_clck

Return visitor analytics

Anonymous

Yes

_clsk

Session replay

Sensitive fields auto-masked

Yes

Black Pantera never records intimate or sexual behavior.

----------------------------------------------------------

15.8 OTHER TECHNOLOGIES

----------------------------------------------------------

15.8.1 SDKs and Script Libraries

Examples:

  • Shopify storefront APIs
  • Klaviyo script
  • Meta Pixel script
  • TikTok script
  • Google Tag Manager

All non-essential SDKs are blocked until CMP consent.

15.8.2 Local Storage / Session Storage Elements

Used for:

  • cart status,
  • preference settings,
  • fraud detection.

These follow the same consent rules as cookies.

15.8.3 Fingerprinting Technologies (Limited & Non-invasive)

We use basic device fingerprinting only for:

  • fraud detection,
  • chargeback mitigation,
  • bot defense.

Never for behavioral profiling.

----------------------------------------------------------

15.9 INTERNATIONAL TRANSFERS (COOKIE-RELATED DATA)

----------------------------------------------------------

Tool

Transfer Destination

Safeguard

Shopify

USA/Canada

SCCs, encryption

Google

Worldwide

SCCs, TIA

Meta

USA

SCCs, LDU for California

TikTok

USA/International

SCCs

Hotjar/Clarity

EU/USA

SCCs

----------------------------------------------------------

15.10 COOKIE RISK CLASSIFICATION

----------------------------------------------------------

Risk Level

Category

Notes

Low

Strictly Necessary

No consent, low privacy impact

Medium

Functional & Performance

Requires consent in EU/UK

High

Analytics & Ads

Strict consent requirements

Variable

Session Replay

High transparency requirements

----------------------------------------------------------

15.11 AUDITABILITY & VERSION CONTROL

----------------------------------------------------------

We maintain:

  • cookie inventory logs,
  • CMP version history,
  • script change logs,
  • third-party vendor updates,
  • annual cookie audits.

All changes are documented in accordance with GDPR accountability standards.

16. HOW TO MANAGE COOKIES VIA BROWSER SETTINGS

You may manage, block, or delete Cookies at any time through your browser or device settings.
For more information, please refer to the following official support links:

Google Chrome

https://support.google.com/chrome/answer/95647

Mozilla Firefox

https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Safari (macOS)

https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Safari (iPhone / iPad)

https://support.apple.com/en-us/HT201265

Microsoft Edge

https://support.microsoft.com/en-us/microsoft-edge/view-cookies-in-microsoft-edge-a7a89859-7925-466a-b96d-932186f39de5

Opera

https://help.opera.com/en/latest/security-and-privacy/

Android (Chrome for Android)

https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DAndroid

iOS Safari (Privacy & Tracking Protection)

 https://support.apple.com/en-us/HT212793

If any of the links above become unavailable or are updated, you may also access the most current instructions directly from your browser’s official support or help center.

Black Pantera is not responsible for the availability, accuracy, or content of external third-party support pages.

17. SECURITY, FRAUD & ABUSE PREVENTION COOKIES

These cookies are essential to:

  • prevent chargebacks,
  • identify bots,
  • secure Shopify checkout,
  • block malicious traffic.

They cannot be disabled.

18. CHILDREN’S PRIVACY

We do not deploy Cookies on minors intentionally.
If detected, we immediately delete associated data.

19. TRANSPARENCY, USER EXPECTATION & INTIMATE PRODUCT COMPLIANCE

Due to the intimate nature of our products:

  • We do NOT infer sexual orientation or behavior,
  • We do NOT monitor sexual activity,
  • We do NOT profile intimate habits,
  • We do NOT process intimate content,
  • Session replay tools are masked and never record sensitive fields.

20. DPIA (DATA PROTECTION IMPACT ASSESSMENT)

We conduct DPIAs for:

  • new tracking technologies,
  • session replay deployment,
  • changes in advertising infrastructure,
  • new regions subject to GDPR.

21. TIA (TRANSFER IMPACT ASSESSMENT)

We conduct TIAs for:

  • Shopify
  • Google
  • Meta
  • TikTok
  • Other cross-border providers

Assessments include:

  • encryption,
  • access controls,
  • proportionality assessments,
  • third-country risk.

22. POLICY VERSION CONTROL & AUDITABILITY

We maintain:

  • version logs,
  • change history,
  • revision rationale,
  • compliance approvals,
  • retention of prior versions for regulatory audit.

23. CHANGES TO THIS POLICY

We may update this Policy at any time.
Updates take effect upon posting.
Your continued use constitutes acceptance.

24. CONTACT INFORMATION