Cookie Policy for EPM Universe

This Cookie Policy explains how EPM Universe (“we”, “us”, “our”) uses cookies and related tracking technologies across our platform (“Site”). These technologies help us provide a secure, personalized, and optimized learning experience. For additional details on how we process personal data, please review our Privacy Notice.

What are cookies and related technologies

Cookies are small text files stored on your device when you visit our Site. They help the Site recognize your browser, maintain session continuity, preserve your preferences, and enhance overall usability.

Alongside cookies, we also use tracking pixels, tags, device identifiers, web beacons, and local storage objects. These technologies may collect signals such as page interactions, navigation paths, device attributes, and browser metadata. They support secure authentication, content optimization, and personalized engagement.

Cookies may be session-based or persistent, and may originate from EPM Universe (first-party) or from approved third-party partners that support analytics, integrations, or marketing functions.

How we use cookies and related technologies

We use cookies, pixels, tags, device identifiers, and related technologies to streamline platform operations, provide secure access, improve learning workflows, and tailor your experience. These technologies may activate upon visiting the Site to:

Authenticate user sessions securely
Track navigation paths and usage patterns
Improve platform performance
Personalize content delivery
Assess feature adoption and content effectiveness
Support analytics, security, and marketing operations

Where any collected data qualifies as personal data, we process it in accordance with our Privacy Notice.

Cookies set by EPM Universe (detailed)

Note: the following names and attributes are aligned with our Login controller and token-based “remember me” approach. If you change cookie names in code or CI config (for example sess_cookie_name or csrf_cookie_name) update this policy accordingly.

1) Essential cookies (First-party)

These cookies are required for core functionality: login, sessions, CSRF protection and basic site behavior.

Cookie name	First / Third	Purpose	Expiration	Security attributes
`ci_session` (or configured `sess_cookie_name`)	First-party	Stores the CodeIgniter session identifier used to maintain authenticated sessions and server-side session state (user id, sso flags, etc.).	Session (or configured session lifetime)	`HttpOnly=true`, `Secure=true` (when HTTPS), `SameSite=Lax` (recommended)
`csrf_cookie` (e.g. configured `csrf_cookie_name`)	First-party	CSRF protection token used by forms and AJAX requests (readable by client JS when necessary).	Session	`HttpOnly=false` (so client JS can read), `Secure=true`, `SameSite=Strict` or `Lax`
`remember_me` (or `remember_token`)	First-party	Token used for persistent login when "Remember me" is selected. The server stores a matching persistent token record; cookie contains token identifier only.	30 days (recommended) — configurable	`HttpOnly=true`, `Secure=true`, `SameSite=Lax`
sso_login (server session flag)	First-party	Not a cookie. SSO login state is held in the server session (e.g. `$this->session->set_userdata('sso_login', true)`).	N/A	N/A

2) Performance / analytics cookies (Third-party)

We use trusted analytics tools to identify usage patterns, performance issues and improve the platform. Examples:

Cookie name	Provider	Purpose	Expiration
`_ga`	Google Analytics	Distinguish users	2 years
`_gid`	Google Analytics	Distinguish users	24 hours
`_gat`	Google Analytics	Throttle analytics requests	1 minute

These cookies are typically third-party and controlled by the analytics provider. We only enable them for performance evaluation and never use these to store raw passwords or full personal data.

3) Functionality cookies (First-party)

Used to preserve user preferences and UI choices.

Cookie name	Purpose	Expiration
`language_pref`	Stores chosen language	1 year
`theme_mode`	Light/Dark UI preference	1 year
`layout_settings`	Dashboard layout state	6 months
`recent_courses`	IDs of recently viewed courses (non-sensitive)	30 days
`notification_pref`	Browser/portal notification preferences	6 months

All functionality cookies are safe to disable (experience will be less personalized) and are set with Secure=true when possible.

Cookie attributes and best practices

HttpOnly: prevents JavaScript access (used for sensitive cookies such as session identifiers and remember tokens).
Secure: ensures cookies are only transmitted over HTTPS. We set Secure=true for all cookies when HTTPS is used.
SameSite: recommended to be Lax for session cookies (protects from CSRF while preserving normal navigation); Strict can be used for more privacy but may break some cross-site flows (e.g., SSO redirects).
Token-based remember-me: we store a short, random persistent token (not credentials) in the remember_me cookie and keep a hashed token record server-side. Tokens are rotated and can be revoked by the server (e.g., on logout or when the user disables remembered sessions).
No passwords in cookies: our code does not store plaintext or hashed passwords in client cookies. If any legacy cookies (like userpassword) exist, they are deprecated and will be removed.

Managing or disabling cookies

You can manage or withdraw consent for non-essential cookies through your browser settings or the cookie controls available on the Site.

Blocking essential cookies will disrupt login, session continuity, and course access.
Disabling third-party cookies will not affect core learning or purchase functionality but may reduce analytics and marketing personalization.
Blocking all cookies may prevent the Site from functioning correctly.

If you want to revoke persistent sign-in devices, you can:

Log out from the account (this invalidates server-side session and remember token).
Visit your account settings → “Active sessions / Devices” (if available) and revoke remembered tokens.
Contact support at info@epmuniverse.com to force logout across all devices.

Data sharing and third-party access

We may share cookie-derived data with select third-party partners that support:

Analytics and performance monitoring
Security and fraud prevention
Infrastructure and hosting services
Marketing and engagement measurement
Integration and personalization tools

These partners operate under strict confidentiality, data-processing, and security obligations and may process data in multiple regions as part of their global infrastructure. All data flows are protected by contractual safeguards and our Privacy Notice.

Updates to this Cookie Policy

We may update this Cookie Policy to reflect regulatory changes, technology updates, or enhancements to our platform. Any updates will be posted on this page, and material changes will be communicated through prominent notices on the Site. Continued use of the platform after updates indicates acceptance of the revised terms.

Contact Us

If you have questions about this Cookie Policy or our use of cookies, you can contact us at:

Email: info@epmuniverse.com

Back to login