FundMyCourse.ca — Cookie Consent Policy
Effective Date: March 27, 2026 Last Updated: May 5, 2026 Version: 1.1
Cookie Consent Banner Text
The following text is displayed to all users on their first visit. The banner must remain visible until the user makes an active choice (accept or customize). It must not use a dark pattern (e.g., a large “Accept All” button with a tiny “Customize” link). Both options must be equally prominent.
Banner (Default View)
We use cookies to keep you logged in and save your preferences.
FundMyCourse.ca uses a small number of cookies to operate. We use one essential cookie to keep your session active when you are logged in, and one optional cookie to remember your preferences (like dark mode and language). We do not use tracking cookies or advertising cookies. Our analytics provider (PostHog) is configured in cookieless mode and sets no cookies on your device. See our Privacy Policy Section 6.2 for details.
[Accept All] | [Essential Only] | [Learn More]
Expanded View (shown when user clicks “Learn More”)
What cookies does FundMyCourse.ca use?
We keep things simple. Here is exactly what we use:
Essential Cookie (Required)
- Name: session
- Purpose: Keeps you securely logged in to your account.
- Duration: Expires when you close your browser, or after 7 days if you select “Remember me.”
- Can you turn it off? No. This cookie is necessary for the site to work when you are logged in. If you browse without logging in, this cookie is not set.
Preference Cookie (Optional)
- Name: preferences
- Purpose: Remembers your display settings such as dark mode, language selection, and default search filters so you don’t have to set them every time.
- Duration: 12 months.
- Can you turn it off? Yes. The site works fine without it — you’ll just need to re-set your preferences each visit.
What we do NOT use:
- No third-party tracking cookies
- No advertising or retargeting cookies
- No Google Analytics or similar tracking
- No social media tracking pixels
- No fingerprinting or hidden identifiers
Your choice is saved and you can change it anytime from your account settings or by clearing your browser cookies.
[Accept All] | [Essential Only]
CASL Compliance Notes for Implementation
Under Canada’s Anti-Spam Legislation (CASL), the installation of cookies on a user’s device constitutes the “installation of a computer program” and requires consent. The following requirements must be met:
-
Express Consent for Optional Cookies: The preference cookie requires the user’s express, affirmative consent. The “Accept All” button constitutes express consent. The “Essential Only” button declines optional cookies. No cookies other than the essential session cookie may be set before the user makes a choice.
-
Implied Consent for Essential Cookies: CASL Section 10(8) provides an exception for cookies that are necessary to provide a service explicitly requested by the user. The session cookie falls under this exception because the user explicitly requests authentication by logging in. However, even for essential cookies, we provide clear disclosure of their use.
-
No Pre-Selection: Neither “Accept All” nor “Essential Only” is pre-selected. The user must make an active choice.
-
No Cookie Wall: Users can browse the site and view scholarship listings without accepting any cookies. The cookie banner does not block access to content.
-
Revocation: Users can change their cookie preference at any time through account settings or by clearing their browser cookies. The banner will reappear if consent is withdrawn.
-
Record-Keeping: The system must log the timestamp and choice made by each user for compliance audit purposes. Records must include: date and time of consent, version of the consent text displayed, and the choice made (Accept All or Essential Only).
Technical Implementation Requirements
Banner Behavior
- Display the banner on first visit (when no consent record exists).
- Do not set the preference cookie until the user clicks “Accept All.”
- If the user clicks “Essential Only,” set only the session cookie (when they log in) and record the opt-out.
- The banner must not reappear on subsequent page loads if a choice has been made.
- The banner must reappear if the user clears cookies (since the consent record is lost).
- The banner must be accessible (keyboard navigable, screen-reader compatible, sufficient color contrast).
Consent Record Storage
Store the consent record server-side (tied to the user’s session or account) so that it persists even if the user clears cookies. The record should include:
| Field | Value |
|---|---|
| consent_timestamp | ISO 8601 datetime |
| consent_version | Version of the cookie policy text shown (e.g., “1.0”) |
| consent_choice | ”accept_all” or “essential_only” |
| ip_address | (Hashed, for audit purposes only) |
Cookie Specifications
| Cookie Name | Domain | Path | Secure | HttpOnly | SameSite | Max-Age |
|---|---|---|---|---|---|---|
| session | fundmycourse.ca | / | Yes | Yes | Lax | Session (or 604800 if “Remember me”) |
| preferences | fundmycourse.ca | / | Yes | No | Lax | 31536000 (12 months) |
Both cookies must be set with the Secure flag (HTTPS only). The session cookie must be HttpOnly (not accessible via JavaScript) for security. The preferences cookie is not HttpOnly because the frontend needs to read display preferences.
This cookie consent policy is also available in French at fundmycourse.ca/fr/temoins.