1. What cookies are
Cookies are small text files stored on your device by your browser when you visit a website. "Similar technologies" includes localStorage, sessionStorage, IndexedDB, and pixel tags — we treat all of these as cookies for purposes of this policy.
2. How we categorize them
We use Google Consent Mode v2. By default, only strictly necessary storage is granted. Analytics and any future ad-related storage are denied by default until you opt in via our cookie banner.
- Strictly necessary — required for the site or product to work (authentication, session, your consent choice). No opt-out: turning these off breaks the site.
- Functional — remember preferences (theme, dismissed banners). Optional.
- Analytics — help us understand which pages are useful, aggregated and IP-anonymized. Optional; off by default.
- Marketing / Advertising — we do not use these today and have no current plans to.
3. Cookies we set
| Name | Category | Purpose | Provider | Duration |
|---|---|---|---|---|
fw_consent_v1 (localStorage) | Strictly necessary | Stores your cookie consent choice so we do not re-prompt. | Fotowall | Persistent until cleared |
fw_exp_* (localStorage) | Functional | Sticky A/B test variant assignment so you see a consistent experience across visits. | Fotowall | Persistent until cleared |
__session / Firebase auth tokens | Strictly necessary | Keeps you signed in to the admin dashboard. | Google (Firebase) | Session / up to 1 year (refresh token) |
| Firebase App Check token (sessionStorage) | Strictly necessary | Verifies that requests come from a legitimate browser, preventing abuse. | Google (Firebase reCAPTCHA Enterprise) | Session |
_ga, _ga_* | Analytics | Aggregate page-view and session analytics (Google Analytics 4). | Up to 2 years (set only after consent) | |
Cloudflare __cf_bm | Strictly necessary | Bot management and DDoS protection. | Cloudflare | 30 minutes |
Stripe __stripe_mid, __stripe_sid | Strictly necessary | Fraud prevention during checkout (only set on payment pages). | Stripe | Session / 1 year |
This list is reviewed quarterly. Where a third-party page (e.g., embedded video) sets additional cookies, those are governed by the third party's own policies.
4. How to control cookies
- On Fotowall: use the banner that appears on your first visit. To change your choice later, clear
fw_consent_v1from localStorage (browser devtools), or visit /cookies#reset and click the reset button below. - In your browser: all major browsers let you block or delete cookies. See the help pages for Chrome, Firefox, Safari, or Edge.
- Global Privacy Control: if your browser sends a GPC signal, we treat it as an opt-out for analytics/marketing where required by law.
- Opt out of Google Analytics: install the GA opt-out browser add-on.
Reset your choice on this device. This clears the saved consent and re-shows the banner.
5. Changes to this policy
We will update the "Last updated" date when this policy changes. Material changes affecting consent will trigger the banner to re-appear so you can review and re-confirm.
6. Contact
Questions: privacy@fotowall.io. See also our Privacy Policy.