Cookie & Tracking Policy

1. Our 1st-Party Architecture

AZ2 operates a strict, cookie-free and server-session-free infrastructure. We do not place stateful tracking pixels, marketing trackers, or commercial advertising cookies on your device.

To manage your account data securely without tracking cookies, we utilize isolated browser storage containers under two distinct keys: az2.aie.guest (kept only in session storage and used exclusively to secure our cryptographic login paths) and az2.aie (kept in local storage to maintain your active account context). These containers hold fully signed, encrypted JSON Web Encryption (JWE) bearer tokens.

Unlike standard tracking cookies, these variables are completely passive. They are never automatically transmitted over the network. They are only accessed locally by our platform scripts to insert your asymmetric Asymmetric Identity Encryption (AIE) keys into protected, secure Authorization: Bearer HTTP header streams during verified direct API requests.

During authentication actions (login or registration), our server utilizes a stateless, isolated challenge-response mechanism. Short-lived Challenge Transport Records are generated server-side with a strict three-minute expiration limit. These records function as single-use nonces to validate the integrity of the browser handshake. They do not track user behavior, form persistent consumer logs, or store persistent profile connections.

2. Essential Warning: Merchant-Side Tracking Realities

Crucial Action Required: While AZ2 is completely cookie-free, the independent merchant networks we partner with (including PaidOnResults) completely rely on standard browser cookies to attribute your purchases.

When you click an outbound link on AZ2 to visit a store, your browser drops our secure local container environment and passes full control over to the merchant network’s domain tracking layer. If you have cookies disabled, if you use restrictive third-party content blockers, or if you clear your local cache data immediately after leaving our path, the merchant network will fail to register your transaction.

As a direct result of blocking merchant-side tracking cookies, your cashback tracking will break, and rewards cannot be processed or applied to any transactions originating from our platform.

3. Input Integrity and Routing Privacy

To protect your shopping data from leaking into server logging caches, analytics files, or third-party web tracking databases, AZ2 enforces a zero-tolerance policy against query parameters. Your browsing paths are restricted to clean, structural alphanumeric slugs. Our server engine actively rejects any URL arguments containing tracking tokens, matching our goal to provide independent, clutter-free directory indexing.

4. Reward Eligibility & Accountability

Cashback allocation relies entirely on the outbound tracking data returned to our isolated tracking ledger from external networks. Because we have no visibility or control over your local browser configuration or cookies once you transition onto a merchant’s external checkout domain, AZ2 cannot guarantee or credit cashback claims for transactions where merchant-side tracking parameters were modified, dropped, or blocked by your browser environment.

5. Privacy-First Audience Metrics

To measure overall visitor counts and improve our catalog rendering speeds, AZ2 runs a self-hosted instance of Matomo Analytics with all tracking cookie mechanisms permanently disabled.

This system anonymises all visitor IP addresses right at the connection boundary. It does not track your behavior, create advertising profiles, or store cross-site histories. It is used strictly as an anonymous counter to measure total platform traffic volume. There is absolutely no technical bridge or tracking link connecting your anonymous visitor count to your secure AIE account identity.