Protos Labs Pte. Ltd. | Effective Date: 19 March 2026 | Last Updated: 19 March 2026

This Cookie Policy explains how Protos Labs Pte. Ltd. uses cookies and similar tracking technologies on our website (www.protoslabs.io) and the Protos AI platform (app.protoslabs.io). It should be read alongside our Privacy Policy.

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website or use a web application. They are widely used to make websites and platforms work, to improve performance, and to provide information to website owners. Similar technologies include web beacons, pixels, and local storage — we refer to all of these collectively as “cookies” in this policy.

2. How We Use Cookies

We use cookies to: keep you signed in and maintain your session securely via Microsoft Entra ID (SSO); identify your active organisation for correct platform routing; understand how you use our platform so we can improve it; track marketing and campaign performance; and communicate with you via in-app messaging and support tools (for applicable user groups). We do not use cookies to serve third-party advertising to you directly on our platform.

3. Categories of Cookies We Use

Strictly Necessary: Essential for the platform to function and cannot be switched off. Set in response to actions you take, such as logging in. No consent required. Analytics: Help us understand how visitors interact with our website and platform. Information is used to improve our services. Only set with your consent. Marketing / Tracking: Used to track visitors across our website and platform for marketing and CRM purposes, including measuring campaign effectiveness. Only set with your consent. Functional (Conditional): Enable enhanced functionality such as in-app chat and support. Only set for specific user groups where applicable. Only set with your consent.

4. Cookies We Use

Strictly Necessary: msal.cache.encryption (Microsoft MSAL) — Encryption key for authentication token cache used by Microsoft Entra ID SSO, expires Session. OrgID (Protos Labs) — Identifies the user’s active organisation for correct API routing, expires 1 year.

Analytics Cookies: _ga (Google Analytics) — Distinguishes unique users and tracks sessions, expires 2 years. _ga_* multiple streams (Google Analytics) — Maintains session state for GA4 across data streams G-03ZC6GG6S2, G-8P3WKL13VQ, G-R3MB7BR6DL, expires 2 years. _gcl_au (Google Ads) — Stores conversion linker data for advertising attribution, expires 90 days. ph_phc_*_posthog (PostHog) — Tracks user sessions and analytics events across platform instances, expires 1 year. Note: Google Analytics and PostHog cookies are loaded via Google Tag Manager (GTM-NQH9FKDP). Analytics cookies are only set following your consent via our cookie consent banner.

Marketing / Tracking Cookies: hubspotutk (HubSpot) — Tracks visitor identity for CRM and marketing analytics, expires 6 months. __hstc (HubSpot) — Tracks visitor sessions including first visit, last visit, and session count, expires 6 months. __hssrc (HubSpot) — Determines if the visitor has restarted their browser (new session detection), expires Session. Note: HubSpot tracking scripts are injected via Google Tag Manager. These cookies are only set following your consent via our cookie consent banner.

Functional Cookies (Conditional): intercom-id-* (Intercom) — Identifies returning users for in-app messaging and support, expires 9 months. intercom-session-* (Intercom) — Maintains the active Intercom session, expires 1 week. intercom-device-id-* (Intercom) — Identifies the device for Intercom messaging continuity, expires 9 months. Note: Intercom cookies are only set for users in the “Insurance Professional” user group. They are not set for all platform users.

5. Your Cookie Choices

Cookie Consent Banner: When you first visit our website or platform, a cookie consent banner will appear. Non-essential cookies (analytics, marketing, functional) will not be loaded until you click “Accept.” You can opt out at any time. Do Not Sell or Share My Personal Information: California residents and all other users may opt out of non-essential cookies at any time by clicking “Do Not Sell or Share My Personal Information” in the footer of our website or platform. Your preference will be saved and respected on all future visits. Browser Settings: You can also control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

Opt-Out Links for Specific Providers: Google Analytics — Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout. PostHog — Contact us at marketing@protoslabs.io to opt out of PostHog analytics. HubSpot — Contact us at marketing@protoslabs.io to opt out of HubSpot tracking. Intercom — Manage preferences via the Intercom messenger within the platform.

6. Google Tag Manager

We use Google Tag Manager (container ID: GTM-NQH9FKDP) to manage and deploy tracking scripts on our website and platform. Google Tag Manager itself does not collect personal data, but it loads third-party scripts (including Google Analytics and HubSpot) that may set cookies. All non-essential scripts loaded via Google Tag Manager are blocked until you have given your consent via our cookie consent banner.

7. Data Processing Agreements

We have data processing agreements in place with the following third-party cookie providers: Google (Analytics & Ads) — DPA in place. PostHog — DPA in place. HubSpot — DPA in place. Intercom — DPA in place. Microsoft (MSAL/Entra ID) — DPA in place.

8. Changes to This Policy

We may update this Cookie Policy from time to time. If we make material changes, we will notify you via our website or by email. The “Last Updated” date at the top of this page reflects the most recent revision. We will re-seek your cookie consent if changes materially affect how we use non-essential cookies.

9. Contact Us

If you have any questions about our use of cookies, please contact our Data Protection Officer: Name: Simeon Tan | Email: marketing@protoslabs.io | Subject: ATTENTION DATA PROTECTION OFFICER — COOKIE ENQUIRY

Effective Date: 19 March 2026 | Last Updated: 19 March 2026