Novo Compliance LLC (“Novo Compliance,” “we,” “us,” “our”) Cookie Policy explains how we use cookies and similar tracking technologies on our websites, portals, and digital engagement tools in connection with our provision of professional consulting services in regulatory compliance, regulatory intelligence, and regulatory sciences. This policy complements our Privacy Policy and describes the types of cookies we use, why we use them, your choices, and how our practices align with HIPAA, GDPR, and CCPA/CPRA requirements.

We, as well as third parties that provide content, relevant, related, or complementary offers, or other functionality on our Website, use Technologies to automatically collect information through our Website. We use technologies that are essentially small data files placed on your device that allow us to record certain pieces of information whenever you visit or interact with our Website. If you would like to opt out of the cookies and similar technologies we employ on the Website, you may do so by blocking, deleting, or disabling them as your browser or device permits or by changing your settings and preferences in the preference center.

Effective Date: 27-October-2025

1. What are cookies and similar technologies

• Cookies: Small text files placed on your device by websites to store information about your visit, preferences, or device.
• Similar technologies: Local storage, web beacons, pixels, SDKs, and fingerprinting techniques that collect or transmit information for analytics, functionality, or marketing.

2. Categories of cookies we use

• Essential / Strictly Necessary Cookies: Required to operate the website and deliver services (authentication, session management, security, access to client portals). These cookies cannot be disabled if you wish to use core features.
• Performance and Analytics Cookies: Collect aggregated, anonymized or pseudonymized data about site usage, page performance, and technical errors to improve site reliability and user experience.
• Functional Cookies: Remember user preferences (language, accessibility settings), enable enriched features such as remembering contact forms or document viewing states.
• Security Cookies: Support protections such as fraud prevention, bot detection, session integrity, and secure access controls.
• Marketing and Third‑Party Cookies: Support marketing and tracking activities, including analytics and social widgets provided by third parties. We do not use cookies to build profiles containing health data or to infer sensitive health conditions.

Legal basis and compliance alignment

General Data Protection Regulation – GDPR

• Consent and legitimate interest: For non‑essential cookies (performance, functional, marketing), we rely on user consent where required, obtained via a cookie banner or preference center before setting those cookies for EEA/UK visitors. Essential cookies are processed on the basis of legitimate interests necessary to provide the service.
• Granular controls: We provide granular cookie controls and retain records of consents. Users may change preferences at any time using the cookie preference center.
• Processor obligations: Where third‑party analytics or marketing providers process EU personal data on our behalf, we have data processing agreements and appropriate safeguards in place.

California Consumer Privacy Act – CCPA / California Privacy Rights Act -CPRA

• Service provider model: For California residents, when we function as a service provider to a business client, we process personal information only according to the business instructions in contract and do not “sell” personal information.
• Do Not Sell / Share: We do not sell personal information collected via cookies. If any activity changes whereby cookies could be used in a way that constitutes a sale or sharing under applicable law, we will provide a clear opt‑out and honor Do Not Sell/Share requests.
• Consumer rights: California residents can exercise rights to know, delete, and opt out of sale via the contact channels below.

Health Insurance Portability & Accountability Act – HIPAA

• PHI and cookies: We do not use cookies to collect, store, or transfer Protected Health Information (PHI). If a client engagement requires processing of PHI via a client portal or other digital tool, we will implement technical and contractual safeguards and, where applicable, execute a Business Associate Agreement (BAA) with covered entities and ensure that cookies or tracking do not capture PHI or identifiable patient data.
• Minimum necessary: Any digital analytics or monitoring for systems that may oversee PHI will be scoped to avoid collection of PHI and to comply with the HIPAA minimum necessary principle.

Third parties and subprocessors

• Third‑party providers: We may permit trusted third parties (analytics providers, content delivery networks, marketing platforms) to place cookies on our site to provide services. We limit data shared with third parties to what is necessary and contractually require privacy and security protections.
• List and changes: A non‑exhaustive list of third‑party cookie vendors is available on request; we will update our list when vendors change and surface key changes in our cookie preference center or privacy notices.

Cookie retention and data minimization

• Retention periods: Cookie lifetimes vary by type. Session cookies expire when the browser is closed; persistent cookies have specified durations documented in our cookie preference center. We apply data minimization and retain cookie-derived data only as long as needed for the stated purposes, legal obligations, or as required by client contracts.
• Anonymization and aggregation: Where feasible, analytics are configured to collect aggregated or pseudonymized data to reduce privacy risk.

Your choices and how to manage cookies

• Cookie banner and preference center: On first visit, visitors are presented with a cookie banner describing cookie categories and obtaining consent where required. Use the preference center to accept, decline, or customize cookie settings at any time.
• Browser controls: You can control or delete cookies through your browser settings; consult your browser’s help for instructions. Disabling essential cookies may impair site functionality.
• Do Not Track: Our site does not currently honor browser Do Not Track headers for third‑party analytics unless required by contract or law; users should manage preferences through the cookie preference center.
• How to exercise rights: For GDPR requests (access, rectification, erasure, restriction, portability), CCPA requests (know, delete, opt out of sale), or questions about cookies and tracking, please contact our Privacy Officer for further information at privacy@novocompliance.com or via the mailing address below. We will verify requestor identity and respond within applicable legal timelines.

Security and implementation practices

• Secure usage: We implement technical measures to prevent cookies from exposing sensitive data (HttpOnly, Secure, SameSite flags) and avoid placing cookies that leak credentials or PHI.
  Vendor controls: We evaluate third‑party cookie vendors for security posture, data handling practices, and contractual commitments including subprocessors and international transfer safeguards (e.g., SCCs, BCRs) when EU/UK data are involved.

Changes to this Cookie Policy

• We may update this Cookie Policy to reflect changes in technology, legal requirements (HIPAA, GDPR, CCPA/CPRA), or our services. Material changes will be communicated via our website or direct notice to affected contacts as appropriate.

Contact and requests

Email: privacy@novocompliance.com

Mail: Novo Compliance, LLC ,

Attn: Privacy Officer, 626 Wilshire Boulevard, Ste 410-J30, Los Angeles, CA 90017

Use the contact channels above to request the list of cookies in use, vendor details, to withdraw consent, or to exercise any privacy rights.

By using our website and /or our digital services you acknowledge receipt of this Cookie Policy and consent to our cookie practices as governed by your selections in cookie preferences and applicable laws.