Cookies
This policy explains in full which cookies, browser-storage mechanisms (localStorage, sessionStorage), server-side tracking mechanisms and bot-protection technologies Emoria uses. It covers necessary functional cookies (login, visibility of protected memorial pages, cart, preferences), server-side analytics (Google Analytics 4 Measurement Protocol without browser cookies), marketing technologies (Meta Pixel, Meta Conversions API) as well as technically necessary third-party cookies from Cloudflare, Vercel and Stripe.
Emoria uses cookies and local storage mechanisms primarily to enable login sessions, technically unlock protected memorial pages, store preferences, retain consent decisions and provide cart functions.
For analytics, Emoria uses server-side analytics without classic browser-side analytics cookies. Marketing technologies such as Meta Pixel and associated marketing cookies are only activated after express consent.
The following overview describes the cookies and browser-storage mechanisms currently technically relevant which Emoria uses on the product side. Placeholders with `{...}` represent variable IDs or page-specific keys.
| Name / key | Storage location | Category | Purpose | Runtime |
|---|---|---|---|---|
| authjs.session-token / __Secure-authjs.session-token | Cookie | Necessary | Keeps signed-in users logged in and protects account-related sessions. | Session or server-side invalidation |
| emoria_cookie_consent | Cookie | Necessary | Stores your selection regarding analytics and marketing consent. | Up to 12 months |
| emoria_cart | Cookie | Necessary | Stores the cart for tribute and checkout processes. | Up to 7 days |
| emoria_memorial_access_{memorialId} | Cookie | Necessary | Remembers successful password access to protected memorial pages. | Up to 7 days |
| emoria_preferred_locale | Cookie + localStorage | Functional | Stores the preferred language for navigation and entry logic. | Up to 12 months |
| emoria_preferred_region | Cookie + localStorage | Functional | Stores the preferred region for navigation and regional entry points. | Up to 12 months |
| emoria_preferred_region_slug | Cookie + localStorage | Functional | Stores the associated region slug for regional links and context switches. | Up to 12 months |
| _fbc | Cookie | Marketing | Stores a Meta campaign reference from `fbclid` when marketing is activated. | Up to 90 days |
| _fbp | Cookie | Marketing | May be set by the Meta Pixel to support ad attribution and campaign measurement. | Determined by Meta/browser; only with marketing consent |
| emoria_scroll:* | sessionStorage | Functional | Restores scroll positions during navigation and return to list or detail pages. | Until the end of the browser session |
| emo_list:* | sessionStorage | Functional | Restores loaded list states on back navigation. | Up to 30 minutes or until end of session |
| memorial-archive-search-cache-v1 | sessionStorage | Functional | Caches search and filter results in the memorial archive. | Until the end of the browser session |
| emoria_memorial_draft / emoria_memorial_draft_v2 / emoria_memorial_draft_step / *_pending | sessionStorage | Functional | Stores intermediate steps and drafts in the memorial creation flow. | Until the end of the browser session or until completion/deletion |
| memorial:pending-success:{memorialId} | sessionStorage | Functional | Temporarily holds the success state after a candle or tribute action. | Short-term until processing or until end of session |
| cf_clearance / __cf_bm / cf_chl_* | Cookie (cloudflare.com / turnstile) | Necessary | Set by Cloudflare Turnstile for bot mitigation on login, registration and contact forms. | Up to 30 minutes or as defined by Cloudflare |
| botid / vercel-* (BotID) | Cookie / header (vercel.app) | Necessary | Vercel BotID protection for security-relevant endpoints (auth, checkout, webhooks). | Session-related |
| __stripe_mid / __stripe_sid / m | Cookie (stripe.com / checkout) | Necessary (checkout) | Set during the Stripe checkout and billing portal for fraud prevention; only active when the Stripe domain is loaded. | Up to 1 year (set by Stripe) |
Emoria does not set client-side analytics cookies for Google Analytics 4. Analytics events are only processed server-side if you have consented to the analytics category.
Marketing cookies and Meta technologies are only activated if you have consented to the marketing category. Upon withdrawal, Emoria deletes the marketing cookies set on the product side again, insofar as this is technically possible.
Session cookies generally remain active only until the end of the session or until server-side invalidation.
Consent and preference cookies may be stored for up to 12 months. Functional cookies for protected memorial pages or cart states currently typically expire after up to 7 days.
`sessionStorage` entries usually exist only until the browser tab or the browser is closed. Individual restore and cache keys may also expire or be overwritten earlier on the product side.
You can delete or block cookies via your browser settings. Please note that login functions, password unlocks, preferences, cart or other convenience functions may then be wholly or partially unavailable.
You can additionally change your selection regarding analytics and marketing via the cookie settings on this page. A withdrawal applies for the future and means that optional technologies are no longer used.
For questions about cookies or other tracking/storage mechanisms, please contact privacy@emoria.app.
Cookies are stored on your device and you have full control over their use. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time via the browser or by calling up the help functions of your browser.
Some of the cookies listed above are not set by emoria.app but by integrated third-party providers on their own domains. We have only limited influence on this, as the cookie management of these providers is subject to their own privacy and cookie policies.
The platform respects the Global Privacy Control (GPC) browser signal as well as incoming Do Not Track (DNT) headers when handling initial consent: if a clear opt-out signal is detected and there is no express, manual consent yet, no non-essential cookies and trackers are set.
A consent subsequently given manually in the cookie banner overrides this default; a subsequent withdrawal of consent each takes effect for the future.
This Cookie Policy is reviewed regularly and adapted to the technologies actually in use. Significant changes are communicated to you via the platform and, where applicable, again via the cookie banner.
Status of this Cookie Policy: 07 May 2026. Please send enquiries to privacy@emoria.app.
Necessary cookies
These cookies are required for login, security, language handling, cart state, and access to protected content.
Analytics
Allows server-side reach, funnel, and conversion measurement via Google Analytics 4 for product and performance analysis.
Marketing
Allows Meta Pixel, Meta Conversions API, and campaign attribution for retargeting, conversion optimization, and ad reporting.