How FindTheBreach uses cookies on findthebreach.com, your choices, and how to manage your preferences.
This Cookie Policy explains what cookies are, how FindTheBreach ("we," "us," or "our"), a penetration testing software-as-a-service platform headquartered in Bothell, Washington, uses cookies and similar tracking technologies when you visit our website at findthebreach.com (the "Site"), and what choices you have regarding their use.
Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They are widely used to make websites function properly, to improve efficiency, and to provide reporting and analytical information to site operators. Cookies set by the website owner (in this case, FindTheBreach) are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the Site, such as analytics, advertising, and interactive content.
This policy is provided in compliance with the EU ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable Washington State law. By continuing to use our Site, you acknowledge that you have read and understand this Cookie Policy.
We use cookies and similar technologies for the following purposes:
These cookies are essential for the operation of our Site. They enable core functionality such as session management, security protections, and consent storage. Without these cookies, services you have requested cannot be provided. These cookies do not require your consent under the ePrivacy Directive, as they are strictly necessary for the provision of the service.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| session_id | FindTheBreach | Maintains your authenticated session state across page requests | First-party | Session |
| csrf_token | FindTheBreach | Protects against cross-site request forgery attacks by validating form submissions | First-party | Session |
| auth_token | FindTheBreach | Stores encrypted authentication credentials for persistent login | First-party | 30 days |
| consent | FindTheBreach | Records your cookie consent preferences | First-party | 1 year |
These cookies collect information about how visitors use our Site, such as which pages are visited most frequently and whether users encounter error messages. All information collected by these cookies is aggregated and therefore anonymous. These cookies are used solely to improve the performance of our Site. Under the ePrivacy Directive, these cookies require your prior consent before they are placed on your device.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users by assigning a randomly generated identifier | Third-party | 2 years |
| _gid | Google Analytics | Distinguishes unique users for session-level analytics aggregation | Third-party | 24 hours |
| _gat | Google Analytics | Throttles the request rate to Google Analytics to limit data collection on high-traffic sites | Third-party | 1 minute |
These cookies allow our Site to remember choices you have made, such as your preferred display theme or language, and provide enhanced, personalized features. They may be set by us or by third-party providers whose services we have integrated into our pages. If you do not allow these cookies, some or all of these personalization features may not function properly.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| theme | FindTheBreach | Stores your dark or light mode display preference | First-party | 1 year |
| locale | FindTheBreach | Stores your preferred language and regional format settings | First-party | 1 year |
These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They are typically placed by advertising networks with our permission. They remember that you have visited our Site, and this information may be shared with other organizations, such as advertisers. These cookies require your explicit consent.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _gcl_au | Google Ads | Stores conversion data for Google Ads campaigns when a user clicks an ad | Third-party | 90 days |
| _fbp | Meta (Facebook) | Identifies browsers for advertising and site analytics served by Meta | Third-party | 90 days |
| li_sugr | Used for LinkedIn Insight Tag conversion tracking and retargeting | Third-party | 90 days |
First-party cookies are set directly by FindTheBreach when you visit findthebreach.com. These cookies are under our control and are used for essential site operations, user authentication, and preference storage. Only our servers can read these cookies.
Third-party cookies are set by external services that we integrate into our Site, such as Google Analytics, Google Ads, Meta (Facebook), and LinkedIn. These cookies are controlled by their respective providers, and the data they collect is subject to the privacy policies of those third parties. We do not have direct control over the information collected by third-party cookies.
We regularly review the third-party cookies used on our Site and will update this policy when changes occur. You may choose to block third-party cookies through your browser settings without affecting the core functionality of our platform.
Cookies used on our Site fall into two categories based on their duration:
Session Cookies: These are temporary cookies that are stored in your browser's memory only during the duration of your browsing session. They are automatically deleted when you close your browser. On our Site, session_id and csrf_token are session cookies that are essential for secure operation during your visit.
Persistent Cookies: These cookies remain on your device for a predetermined period or until you manually delete them. They are activated each time you visit the Site. Examples include auth_token (30 days), consent (1 year), theme (1 year), locale (1 year), and _ga (2 years). Persistent cookies help us recognize you as a returning user and tailor the Site experience accordingly.
The following table provides a comprehensive list of all cookies that may be placed on your device when you use our Site.
| Name | Provider | Purpose | Category | Type | Duration |
|---|---|---|---|---|---|
| session_id | FindTheBreach | Maintains authenticated session state across page requests | Strictly Necessary | First-party | Session |
| csrf_token | FindTheBreach | Validates form submissions to prevent cross-site request forgery | Strictly Necessary | First-party | Session |
| auth_token | FindTheBreach | Encrypted authentication credential for persistent login | Strictly Necessary | First-party | 30 days |
| consent | FindTheBreach | Stores your cookie category consent preferences | Strictly Necessary | First-party | 1 year |
| theme | FindTheBreach | Stores dark or light mode display preference | Functionality | First-party | 1 year |
| locale | FindTheBreach | Stores preferred language and regional format settings | Functionality | First-party | 1 year |
| _ga | Google Analytics | Assigns a randomly generated identifier to distinguish unique users | Analytics | Third-party | 2 years |
| _gid | Google Analytics | Distinguishes unique users for session-level data aggregation | Analytics | Third-party | 24 hours |
| _gat | Google Analytics | Throttles request rate to Google Analytics on high-traffic pages | Analytics | Third-party | 1 minute |
| _gcl_au | Google Ads | Stores conversion data when a user arrives via a Google Ads campaign | Advertising | Third-party | 90 days |
| _fbp | Meta (Facebook) | Identifies browsers for advertising and site analytics served by Meta | Advertising | Third-party | 90 days |
| li_sugr | Facilitates LinkedIn Insight Tag conversion tracking and retargeting | Advertising | Third-party | 90 days |
You have the right to decide whether to accept or reject cookies (other than strictly necessary cookies). You can exercise your cookie preferences by using the cookie consent banner presented when you first visit our Site, or by adjusting your browser settings as described below.
Most web browsers allow you to manage cookies through their settings. The following links provide instructions for the most commonly used browsers:
Please be aware that if you choose to disable or delete cookies, certain features and functionality of our Site may become unavailable or may not operate as intended. In particular, disabling strictly necessary cookies will prevent you from authenticating, submitting forms securely, or maintaining a persistent session. Disabling functionality cookies will reset your theme and language preferences on each visit. Disabling analytics cookies will not affect your ability to use the Site but will limit our ability to improve it based on usage patterns.
Some web browsers transmit "Do Not Track" (DNT) signals to the websites and other online services with which the browser communicates. There is currently no universally accepted standard for how organizations should respond to DNT signals. As of the effective date of this policy, the World Wide Web Consortium (W3C) has discontinued its efforts to produce a DNT specification.
At this time, FindTheBreach does not alter its data collection and use practices in response to DNT signals. If a uniform standard for responding to DNT signals is adopted in the future, we will update this policy to reflect our compliance with such standard. For California residents, please note that under the California Online Privacy Protection Act (CalOPPA), we are required to disclose how we respond to DNT signals, which we have done in this section.
In accordance with the EU ePrivacy Directive and the GDPR, we obtain your informed, affirmative consent before placing any non-essential cookies on your device. When you first visit our Site, a cookie consent banner will be displayed, allowing you to:
Your consent preferences are stored in the consent cookie for a period of one year. You may withdraw or modify your consent at any time by accessing the cookie settings link in the footer of any page on our Site.
Under the CCPA, California residents have the right to opt out of the "sale" or "sharing" of personal information, which may include certain cookie-based data sharing with third-party advertising partners. To exercise this right, please use our cookie consent tool or contact us using the information provided in Section 12 below.
Find The Breach implements Google Consent Mode v2 to ensure compliance with EU/EEA privacy regulations. By default, all non-essential Google services are configured with denied consent signals until you provide explicit consent through our cookie banner:
When you adjust your cookie preferences via our consent banner, these consent signals are updated in real-time using gtag('consent', 'update', ...) to reflect your choices. Google's tools then respect these signals — for example, Google Analytics will not store analytics cookies unless you grant analytics consent.
Additionally, we enable ads_data_redaction: true to redact ad click identifiers in cookies when ad_storage consent is denied, and url_passthrough: true to pass ad click, client ID, and session ID information through URL parameters for conversion measurement without relying on cookies.
This implementation ensures compliance with GDPR Article 6(1)(a), the ePrivacy Directive (2002/58/EC), and Google's EU user consent policy (effective March 2024).
IAB Transparency & Consent Framework. Find The Breach does not currently participate in programmatic advertising and therefore does not implement the IAB TCF 2.2 framework. If we introduce ad-supported features in the future, we will implement TCF 2.2 and update this policy accordingly. Our current cookie consent mechanism is designed to be compatible with TCF 2.2 standards should adoption become necessary.
The third-party services we use set their own cookies and are governed by their own privacy and cookie policies. We encourage you to review the policies of these third parties to understand how they collect and use your data:
FindTheBreach does not control and is not responsible for the data collection and use practices of these third-party providers. Your interactions with these third-party services are governed solely by their respective terms and policies.
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in technology, changes in applicable law, or for other operational, legal, or regulatory reasons. When we make material changes to this policy, we will notify you by posting the revised policy on this page with an updated "Effective Date" and, where required by law, by providing additional notice such as a banner on our Site or a direct communication to your registered email address.
We encourage you to review this Cookie Policy periodically to stay informed about our use of cookies and related technologies. Your continued use of the Site after any changes to this policy constitutes your acceptance of the updated terms.
If you have any questions, concerns, or requests regarding this Cookie Policy, our use of cookies, or your cookie preferences, please contact us:
FindTheBreach
Bothell, WA 98011
United States
Email: contact@findthebreach.com
Website: findthebreach.com
For GDPR-related inquiries, including requests to exercise your rights under Article 77 of the GDPR to lodge a complaint with a supervisory authority, please include "GDPR Request" in the subject line of your communication. For CCPA-related requests, including requests to opt out of the sale or sharing of personal information, please include "CCPA Request" in the subject line.
This Cookie Policy is effective as of February 1, 2026. This policy was last reviewed and updated on February 1, 2026. Previous versions of this policy, if any, are available upon request by contacting us at contact@findthebreach.com.
Last updated: February 2026