# Compliance

AlumnIQ can provide documentation for compliance with the following standards:

* [PCI](https://www.alumniq.com/compliance/#pci)
* SOC2 Type 2 (NDA required)
* [VPAT](https://www.alumniq.com/compliance/#vpat)
* HECVAT (NDA required)
* [Privacy Policies](https://www.alumniq.com/compliance/#privacy)

Please file a ticket to request any of the non-public resources. Some contain sensitive information about our infrastructure, security practices, and development practices.

## Cookie Inventory

These are the only cookies AlumnIQ injects into client responses by design. If a customer chooses to use the GA4/GTM functionality, additional Google cookies will be inserted into the request/response payload.

| Cookie name           | Module             | Type      | Domain                                                             | Lifetime | Notes                                                                                                                                                                                        |
| --------------------- | ------------------ | --------- | ------------------------------------------------------------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| IQ-PUBLIC             | Core               | Necessary | client domain                                                      | session  | Session Id (for public-facing pages)                                                                                                                                                         |
| IQ-ADMIN              | Admin              | Necessary | client domain                                                      | session  | Session Id (for admin users only)                                                                                                                                                            |
| IQCLIENTID            | Event Registration | Necessary | client domain                                                      | session  | Persist in-progress registration across multiple browsing sessions. (If user closes the tab, they don't have to lose their progress)                                                         |
| cookieconsent\_status | Core               | Necessary | client domain                                                      | 1 week   | Tracks that you've consented to our cookies, to avoid showing cookie banner on every pageview                                                                                                |
| aws-waf-token         | Giving             | Necessary | client domain                                                      | 4 days   | WAF challenge to avoid scripted attacks against giving credit card forms                                                                                                                     |
| alumniq-online-giving | Giving             | Necessary | client domain                                                      | session  | Session Id (for legacy giving)                                                                                                                                                               |
| \[varies]             | \[varies]          | Necessary | spreedly.com/braintreepayments.com/blackbaud.com (and derivatives) | varies   | Payment Service Providers (Spreedly, Braintree, Blackbaud) add cookies they consider strictly necessary for the purposes of processing transactions. No options for exclusion are available. |

Revisions:\
9 April 2025: updated cookieconsent\_status to Necessary