Cookie Policy โ CP4U Platform
Operator: Sunrise Recruit Sdn Bhd (Agensi Pekerjaan Sunrise Recruit), JTKSM-licensed employment agency, operating the CP4U Platform at sunriserecruit.com. Cookie Policy Version: 1.0 (Approved Following Legal Review) Last updated: June 2026
1. What this policy covers
This Cookie Policy describes how CP4U Platform (sunriserecruit.com) and its related subdomains use cookies and similar technologies, and what choices you have. It complements (and does not replace) our Privacy Policy and Terms of Service.
2. What we do NOT do
To be explicit and ensure complete data transparency regarding our Platform's operational infrastructure:
- No advertising cookies. CP4U does not deploy, execute, or maintain third-party commercial advertisements.
- No retargeting pixels. The Platform contains no Facebook Pixel, no Google Ads Conversion tags, and no LinkedIn Insight tags.
- No cross-site tracking. We do not sell, license, lease, or share user behavioral profiles with ad networks, demand-side platforms, or data brokers.
- No fingerprinting. We do not engage in browser or device fingerprinting techniques for commercial profiling or advertising purposes.
- No vendor opt-out list. CP4U maintains zero active operational relationships with commercial advertising vendors; hence, no third-party vendor tracking opt-out mechanism is required on the interface.
3. The three categories
We group cookies and browser storage assets into three strict structural categories:
3.1 Strictly necessary (always on, cannot be disabled)
These tracking assets are mandatory for core system functionality. Disabling them via local browser manipulation will terminate session persistence, operational security, and cross-border payment processing modules. They are not used for tracking or behavioral user profiling.
| Cookie / Storage Asset | Operational Purpose | Set By | Retention Duration |
|---|---|---|---|
| Firebase Auth session cookies | Maintains encrypted persistent user sign-in status across views | Firebase (Google) | Session + refresh authorization |
__session / Firebase ID token |
Encrypted authentication tokens required for secure server communication | Firebase (Google) | 1 hour, automated token refresh |
cp4u_consent |
Saves and records your specific technical cookie-consent profile choices | First-party | 365 calendar days |
| Stripe checkout cookies | Encrypted payment validation modules, executed exclusively within checkout flows | Stripe | Subject to Stripe's strict global policy |
| CSRF / security tokens | State-token mitigation assets deployed to shield server endpoints against malicious actions | First-party | Session lifetime |
3.2 Functional (optional โ default off until you opt in)
These tracking assets preserve localized layout preferences but are completely non-essential for platform traversal.
| Cookie / Storage Asset | Operational Purpose | Set By | Retention Duration |
|---|---|---|---|
cp4u_lang (planned deployment) |
Preserves your explicit selected localization interface language configuration | First-party | 365 calendar days |
cp4u_theme (planned deployment) |
Preserves your explicit layout preference configuration (Light / Dark UI interface) | First-party | 365 calendar days |
3.3 Analytics (optional โ default off until you opt in)
These tracking modules capture completely anonymized behavioral signals to optimize platform ergonomics. Zero analytics telemetry is ever dispatched to third-party ad networks or global data aggregates.
| Cookie / Storage Asset | Operational Purpose | Set By | Retention Duration |
|---|---|---|---|
| PostHog (planned deployment) | Anonymized technical workflow and behavioral user traversal metrics | PostHog (Self-hosted environment) | Maximum of 365 calendar days |
| Sentry (planned deployment) | Automated error reporting, crash trace isolation, and performance latency telemetry | Sentry | Maximum of 90 calendar days |
Note: PostHog and Sentry deployment modules remain inactive. They will execute and collect telemetry exclusively following explicit user opt-in authorization via the Cookie consent banner.
4. Your choices
Upon initialization of your first Platform traversal, an integrated modal banner presents three clear interactive vectors:
- Accept all โ grants immediate processing authorization for all three asset categories.
- Reject non-essential โ disables optional scripts; only Strictly Necessary assets remain operational.
- Customise โ launches granular controls to toggle functional or analytical frameworks independently.
You may review or revoke consent profiles at any interval by clicking the "Cookie preferences" control located permanently within the Platform footer. If all optional assets are rejected, Platform core services (including candidate matching, dashboard utilities, and job hunting) will remain fully operational.
5. Material changes
In the event of technical stack adjustments, vendor configuration modifications, or category expansions, we will increase the Cookie Policy version metadata at the header of this page. Such modification automatically forces the initialization of the cookie consent banner on the user's subsequent traversal, requesting renewed opt-in confirmation.
6. Browser-level controls
The Platform operates in full alignment with native browser cookie restriction frameworks, private browsing modalities, and client-side storage clearance executions. We deploy zero technical countermeasures to bypass or circumvent client-side browser restrictions.
7. Children
The Platform's services are structurally limited to individuals aged 18 and older, aligning with statutory legal working age caps in Malaysia and Singapore. We do not intentionally gather, process, or maintain storage telemetry belonging to minors.
8. Contact
For comprehensive inquiries regarding this Cookie Policy, data protection parameters, or storage mechanisms, all communications shall be centralized and dispatched exclusively to:
- Primary Point of Contact:
sean@sunriserecruit.com
9. Governing Law and Jurisdiction
This Cookie Policy is governed by and construed in accordance with the laws of Malaysia (incorporating compliance practices aligned with PDPA Malaysia 2010 and PDPA Singapore 2012, where applicable). Any dispute, controversy, difference, or claim arising out of or relating to this Policy, including its existence, validity, interpretation, performance, breach, or termination thereof, shall be referred to and finally resolved by binding arbitration administered by the Asian International Arbitration Centre ("AIAC") in Malaysia, in accordance with the AIAC Arbitration Rules in force at the time of commencement of the arbitration. The seat of arbitration shall be Malaysia. The language of the arbitration shall be English.
End of Cookie Policy