Cookies
We use cookies and similar browser storage to keep our product working, improve performance, and keep your experience consistent.
This page explains what we store and how we handle consent.
In short
- We use first-party storage on your site domain.
- We store anonymous identifiers, not direct personal details like your name or email in these cookies.
- We read consent from your consent manager (for example GA4 Consent Mode, Shoptet, or Didomi).
- If consent is not granted, we use temporary storage instead of persistent cookies.
What we store
Depending on tenant setup, the product may use:
| Name | Type | What it does | Typical lifetime |
|---|---|---|---|
_sa | Cookie | Stores an anonymous identifier (zoeId) so returning visits can be recognized. | Up to 2 years |
_saexp (or tenant override such as _saexpe) | Cookie | Stores experiment assignment so A/B test variants stay stable across visits. | Session or based on experiment |
_sa_consent_cache | localStorage key | Stores the last known granted-consent signal to improve startup behavior. | Until removed |
Cookie settings used by product code:
- First-party scope on your site domain (top-most accessible domain by default unless overridden).
- Path:
/(unless overridden). - SameSite:
Lax.
How we detect consent
Consent is detected through the consent platform configured for each tenant. The goal is to follow the consent signal already present on the website and apply that signal consistently to identifier storage behavior.
GA4 / Google Consent Mode
When Google Consent Mode is used, consent is read from updates pushed into window.dataLayer. The primary signal is analytics_storage, where a value of granted allows persistent analytics identifiers and a value of denied prevents that behavior.
Shoptet Consent
When Shoptet consent is available, consent is read from cookie_consent.analytics in window.dataLayer (or from another configured purpose key if a tenant uses one). This value is interpreted as the source of truth for analytics-related consent.
Didomi
We also support Didomi CMP to determine the current consent state. It also listens Didomi's events so any user update in the banner is reflected in product behavior without requiring a page reload.
What happens when consent changes
- If consent is granted, identifier storage can use cookies.
- If consent is denied (or unavailable after initialization timeout), storage falls back to
sessionormemory. - If consent is unknown at startup, a cached consent signal may be used briefly and then updated once CMP data is available.
- When consent changes, storage behavior updates automatically.
Your choices
- You can change consent anytime in your site's cookie banner / CMP.
- You can clear cookies and browser storage in browser settings.
Tenant note
Tenant configuration can change cookie names, domain/path, storage mode, and retention periods. Keep this document together with your tenant-specific legal/privacy cookie disclosures.
Updated 2 months ago