Cookie Compliance Terms & Conditions

Updated April, 2026

Cookie Compliance Service Addendum
Addendum to WhatArmy Master Services Agreement

This Cookie Compliance Service Addendum ("Addendum") supplements and is incorporated into the Master Services Agreement ("MSA") between WhatArmy, Inc. ("Agency") and Client. Capitalized terms not defined here have the meanings given in the MSA. If this Addendum conflicts with the MSA, this Addendum controls with respect to Cookie Compliance Services.

1. Service Description

1.1 One-Time Setup

Agency will perform a one-time cookie compliance implementation ("Setup") consisting of:

  • Audit of cookies and tracking technologies active on Client's designated website(s)
  • Installation and configuration of a third-party consent management platform ("CMP") selected by Agency
  • Configuration of the CMP to block non-essential tracking scripts until visitor consent is obtained
  • Implementation of Google Consent Mode v2 where applicable
  • Customization of the consent banner to align with Client's branding
  • Post-implementation verification scan to confirm proper consent blocking

1.2 Setup Acceptance

The Setup is deemed accepted when Agency's post-implementation verification scan returns zero pre-consent tracking violations on the website(s) covered by the applicable SOW. This verification scan constitutes the Specification for purposes of Section 9(b)(iii) of the MSA. Issues arising after acceptance due to plugin updates, CMP vendor changes, Client modifications, or newly added tracking scripts are not covered by the Setup and are governed by the Monitoring Service (if purchased) or billable as Approved Additional Work under the MSA.

1.3 Ongoing Monitoring

If Client purchases ongoing monitoring ("Monitoring Service"), Agency will:

  • Perform automated compliance scans at regular intervals to detect new tracking violations
  • Remediate cookie-related issues detected by Agency's scanning tools, including violations introduced by plugin updates, theme changes, or CMP vendor updates
  • Provide periodic compliance summary reports
  • Respond to compliance-breaking changes detected by the scanner on a priority basis

1.4 Covered Sites

Cookie Compliance Services apply only to the specific domain(s) listed in the applicable SOW. Subdomains, staging environments, development environments, and additional domains are not covered unless explicitly included in the SOW. Each additional domain or subdomain requires separate coverage at the then-current rate.

1.5 Scope Limitations

The Cookie Compliance Services are limited to technical implementation of consent management tools and automated monitoring for cookie-related tracking violations. The Services do not include and Agency does not provide:

  • Legal advice, legal compliance audits, or legal certification of any kind
  • Monitoring of changes to privacy laws, regulations, or enforcement guidance in any jurisdiction
  • Drafting, review, or maintenance of privacy policies, cookie policies, or terms of service
  • Compliance with regulations beyond cookie consent (including but not limited to data subject access requests, data processing agreements, or cross-border data transfer mechanisms)
  • Remediation of issues not related to cookie consent (including but not limited to server-side tracking, fingerprinting, or local storage)

2. No Compliance Guarantee

CLIENT ACKNOWLEDGES AND AGREES THAT:

  • Agency provides technical implementation and automated monitoring services. Agency does not certify, warrant, or guarantee that Client's website is or will be compliant with any specific law, regulation, directive, or standard, including but not limited to GDPR, CCPA/CPRA, CIPA, ePrivacy Directive, PIPEDA, or any other privacy or data protection law.
  • Automated scanning tools have inherent limitations. Scans may fail to detect certain tracking technologies, may produce false positive or false negative results, and cannot account for all possible website configurations, third-party behaviors, or regulatory interpretations.
  • Cookie compliance is an ongoing obligation that depends on factors outside Agency's control, including but not limited to: changes in applicable law, changes in regulatory enforcement, updates to third-party plugins or services, actions by Client or Client's other vendors, and visitor behavior.
  • The Services provide Client with visibility into Client's cookie compliance posture. The Services do not provide protection from, or insurance against, regulatory action, fines, penalties, demand letters, or litigation.
  • Agency's use of terms such as "compliant," "non-compliant," "pass," "fail," or similar language in scan results, reports, or communications refers solely to the results of Agency's automated scanning tools and does not constitute a legal determination of compliance with any law or regulation.
  • All reports, scan outputs, compliance audit documents, and other deliverables produced by Agency's scanning tools are provided for informational purposes only. Such documents are not intended to be relied upon as evidence of compliance or non-compliance with any law or regulation and shall not be provided to regulators, cited in legal proceedings, or used as legal evidence without independent review by qualified legal counsel. Client assumes all risk associated with any use of Agency's reports beyond internal informational purposes.

3. Client Responsibilities

In addition to Client Obligations under the MSA, Client shall:

  • Determine which privacy laws and regulations apply to Client's business and website(s), and consult qualified legal counsel regarding compliance obligations.
  • Maintain current and accurate privacy policies, cookie policies, and terms of service as required by applicable law.
  • Provide Agency with written notice before adding new tracking scripts, marketing pixels, analytics tools, or other third-party technologies to the covered website(s). If Client adds tracking technologies without prior written notice to Agency and such technologies cause compliance violations, remediation of those violations shall be billable as Approved Additional Work at Agency's then-current hourly rate under the MSA, and shall not be covered under the Monitoring Service.
  • Provide Agency with written notice before making changes to website hosting, CMS, theme, or infrastructure that may affect consent management functionality.
  • Not modify, disable, or remove the consent management plugin or its configuration without prior written notice to Agency. Unauthorized modification of the CMP by Client or Client's other vendors voids Agency's obligation to remediate resulting violations under the Monitoring Service.
  • Review scan results and compliance reports provided by Agency and take appropriate action based on findings.

4. Third-Party Consent Management Platform

Agency will select, install, and configure a third-party CMP (such as CookieYes, Complianz, CookieBot, or similar). Client acknowledges and agrees that:

  • The CMP is a third-party product not developed, owned, or controlled by Agency. Agency is not responsible for defects, failures, or limitations of the CMP software.
  • CMP updates, changes, or discontinuations by the third-party vendor may affect consent management functionality. Agency will use commercially reasonable efforts to address such changes but does not guarantee uninterrupted consent blocking.
  • The CMP license is provided by Agency as part of the Monitoring Service. Client's right to use the CMP is contingent on maintaining an active Monitoring Service subscription. Upon termination or non-renewal of the Monitoring Service, Agency will remove the CMP and its configuration from Client's website as described in Section 9.2.
  • Agency reserves the right to substitute the CMP with a functionally equivalent alternative at Agency's sole discretion. Agency will provide Client with written notice of any CMP substitution. Such substitution shall not constitute a breach of this Addendum or the MSA.

This section supplements and does not replace Section 12 (Third-Party Technologies) of the MSA.

5. Monitoring Limitations

If Client purchases the Monitoring Service, Client acknowledges that:

  • Monitoring is performed by automated scanning tools that simulate a visitor's experience. Scans may not detect all tracking technologies, particularly those that employ bot detection, fingerprinting, server-side tracking, or dynamic script loading.
  • Scan results may include false positives (flagging compliant behavior as a violation) or false negatives (failing to detect actual violations). Agency will use commercially reasonable efforts to minimize inaccurate results but cannot guarantee accuracy.
  • Monitoring frequency is determined by Agency and may vary. Monitoring does not provide real-time or continuous observation of Client's website.
  • Remediation under the Monitoring Service is limited to cookie consent-related issues detected by Agency's scanning tools. Issues requiring custom development, third-party vendor engagement, or architectural changes may require separate SOWs at additional cost.
  • Agency is not liable for violations that occur between scans, violations that the scanning tools fail to detect, or violations caused by Client's actions or third-party services.

6. Indemnification

Client agrees to indemnify and hold Agency harmless from any claims, lawsuits, demands, fines, penalties, damages, or expenses (including reasonable attorney's fees) arising from or related to:

  • Allegations that Client's website fails to comply with any privacy, cookie consent, data protection, or similar law or regulation, regardless of whether Agency performed Cookie Compliance Services for Client.
  • Client's failure to maintain adequate privacy policies, cookie policies, or terms of service.
  • Client's addition of tracking technologies, marketing pixels, or third-party scripts without providing prior written notice to Agency as required by Section 3(c).
  • Client's modification, removal, or disabling of the consent management plugin or its configuration in violation of Section 3(e).
  • Third-party demand letters, class actions, or regulatory enforcement actions related to cookie consent, tracking, or data privacy on Client's website(s).
  • Client's use of Agency's scan results, reports, or compliance audit documents in legal proceedings, regulatory submissions, or any context beyond internal informational purposes.

This indemnification supplements and does not replace Section 11 of the MSA.

7. Limitation of Liability

AGENCY'S TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THE COOKIE COMPLIANCE SERVICES SHALL NOT EXCEED THE TOTAL FEES PAID BY CLIENT FOR COOKIE COMPLIANCE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

WITHOUT LIMITING THE FOREGOING, AGENCY SHALL NOT BE LIABLE FOR ANY FINES, PENALTIES, SANCTIONS, DEMAND LETTERS, REGULATORY ACTIONS, OR CLASS ACTION CLAIMS IMPOSED ON OR BROUGHT AGAINST CLIENT BY ANY REGULATORY AUTHORITY, PLAINTIFF, OR THIRD PARTY RELATING TO CLIENT'S COOKIE CONSENT PRACTICES, DATA COLLECTION, OR PRIVACY COMPLIANCE.

This limitation supplements the limitation of liability in Section 11(c) of the MSA.

8. Pricing

8.1 Setup Fee

The one-time Setup fee is as specified in the applicable SOW.

8.2 Monitoring Service Fee

The annual Monitoring Service fee is as specified in the applicable SOW. Monitoring Service pricing may increase annually in accordance with the Support Plan Pricing section of the MSA. Agency will provide 60 days written notice before any price increase. Price increases take effect at Client's next renewal date.

9. Term and Termination

9.1 Setup

The one-time Setup is governed by the applicable SOW and the MSA's termination provisions.

9.2 Monitoring Service

The Monitoring Service renews annually unless Client provides written notice of non-renewal at least 30 days before the end of the current annual term. Client's 30-day cancellation notice serves as the transition period during which Client may procure an alternative consent management solution. Agency will remove the CMP and its configuration within 5 business days following the termination effective date. Upon the effective date of termination or non-renewal:

  • Agency will remove the CMP and its configuration from Client's website(s) within 5 business days
  • Agency will cease all automated scanning and monitoring
  • Client assumes sole responsibility for cookie consent management and compliance from the date the CMP is removed
  • Agency bears no responsibility for tracking violations, regulatory exposure, or compliance failures that occur after CMP removal
  • No refunds will be issued for unused portions of the annual Monitoring Service term

10. Recommendation

Agency strongly recommends that Client consult with qualified legal counsel regarding Client's specific compliance obligations under applicable privacy and data protection laws. The Cookie Compliance Services are a technical implementation and monitoring service and are not a substitute for legal advice.

11. Contact Information

WhatArmy, Inc.
1981 Memorial Dr
#235
Chicopee, MA 01020

Email: go@whatarmy.com
Legal Notices: go@whatarmy.com