Zum Hauptinhalt springen

Cookies

Cookie and Tracking Policy

This policy explains in full which cookies, browser-storage mechanisms (localStorage, sessionStorage), server-side tracking mechanisms and bot-protection technologies Emoria uses. It covers necessary functional cookies (login, visibility of protected memorial pages, cart, preferences), consent-based analytics cookies for server-side Google Analytics 4 Measurement Protocol, marketing technologies (Meta Pixel, Meta Conversions API) as well as technically necessary third-party cookies from Cloudflare and Stripe.

Updated: 20 May 2026
Overview
Categories used
Necessary (technically required), analytics (server-side, requiring consent) and marketing (only with consent)
Browser-side analytics
Analytics cookies are only set after consent; GA4 events are sent server-side via the Measurement Protocol
Consent storage
`emoria_cookie_consent` (first-party cookie) with a runtime of up to 12 months
Legal bases
Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent) for non-essential cookies; Section 25(2) no. 2 TDDDG (technical necessity) for functionally essential cookies
Right to withdraw
At any time via the cookie banner button 'Settings' in the footer; withdrawal applies for the future

1. Why Emoria uses cookies

Emoria uses cookies and local storage mechanisms primarily to enable login sessions, technically unlock protected memorial pages, store preferences, retain consent decisions and provide cart functions.

For analytics, Emoria uses first-party analytics cookies only after consent and sends analytics events server-side to Google Analytics 4. Marketing technologies such as Meta Pixel and associated marketing cookies are only activated after express consent.

2. Concrete cookie and storage overview

The following overview describes the cookies and browser-storage mechanisms currently technically relevant which Emoria uses on the product side. Placeholders with `{...}` represent variable IDs or page-specific keys.

Name / keyStorage locationCategoryPurposeRuntime
authjs.session-token / __Secure-authjs.session-tokenCookieNecessaryKeeps signed-in users logged in and protects account-related sessions.Session or server-side invalidation
emoria_cookie_consentCookieNecessaryStores your selection regarding analytics and marketing consent.Up to 12 months
emoria_ga_cidCookieStatisticsStable, anonymous client ID for Google Analytics 4 (server-side via Measurement Protocol). Only set if you have consented to the Statistics category, and deleted upon withdrawal.Up to 12 months
emoria_ga_sidCookieStatisticsStable session ID for Google Analytics 4 so pageviews and events can be attributed to the same visit session. Only set with Statistics consent and deleted upon withdrawal.Up to 12 months; new session after 30 minutes of inactivity
emoria_attributionCookieStatisticsStores campaign parameters, click IDs, referrer and landing page for statistical attribution of later events. Only set with Statistics consent and deleted upon withdrawal.Up to 90 days
emoria_cartCookieNecessaryStores the cart for tribute and checkout processes.Up to 7 days
emoria_memorial_access_{memorialId}CookieNecessaryRemembers successful password access to protected memorial pages.Up to 7 days
emoria_preferred_localeCookie + localStorageFunctionalStores the preferred language for navigation and entry logic.Up to 12 months
emoria_preferred_regionCookie + localStorageFunctionalStores the preferred region for navigation and regional entry points.Up to 12 months
emoria_preferred_region_slugCookie + localStorageFunctionalStores the associated region slug for regional links and context switches.Up to 12 months
_fbcCookieMarketingStores a Meta campaign reference from `fbclid` when marketing is activated.Up to 90 days
_fbpCookieMarketingMay be set by the Meta Pixel to support ad attribution and campaign measurement.Determined by Meta/browser; only with marketing consent
emoria_scroll:*sessionStorageFunctionalRestores scroll positions during navigation and return to list or detail pages.Until the end of the browser session
emo_list:*sessionStorageFunctionalRestores loaded list states on back navigation.Up to 30 minutes or until end of session
memorial-archive-search-cache-v1sessionStorageFunctionalCaches search and filter results in the memorial archive.Until the end of the browser session
emoria_memorial_draft / emoria_memorial_draft_v2 / emoria_memorial_draft_step / *_pendingsessionStorageFunctionalStores intermediate steps and drafts in the memorial creation flow.Until the end of the browser session or until completion/deletion
memorial:pending-success:{memorialId}sessionStorageFunctionalTemporarily holds the success state after a candle or tribute action.Short-term until processing or until end of session
cf_clearance / __cf_bm / cf_chl_*Cookie (cloudflare.com / turnstile)NecessarySet by Cloudflare Turnstile and Cloudflare proxy/bot-protection mechanisms to mitigate abusive requests on login, registration, contact and other security-relevant flows.Up to 30 minutes or as defined by Cloudflare
__stripe_mid / __stripe_sid / mCookie (stripe.com / checkout)Necessary (checkout)Set during the Stripe checkout and billing portal for fraud prevention; only active when the Stripe domain is loaded.Up to 1 year (set by Stripe)

3. Analytics and marketing technologies

Emoria sets its own analytics cookies for Google Analytics 4 only after your consent. Analytics events are only processed server-side if you have consented to the analytics category.

Marketing cookies and Meta technologies are only activated if you have consented to the marketing category. Upon withdrawal, Emoria deletes the marketing cookies set on the product side again, insofar as this is technically possible.

4. Runtimes

Session cookies generally remain active only until the end of the session or until server-side invalidation.

Consent and preference cookies may be stored for up to 12 months. Functional cookies for protected memorial pages or cart states currently typically expire after up to 7 days.

`sessionStorage` entries usually exist only until the browser tab or the browser is closed. Individual restore and cache keys may also expire or be overwritten earlier on the product side.

5. Management and deletion

You can delete or block cookies via your browser settings. Please note that login functions, password unlocks, preferences, cart or other convenience functions may then be wholly or partially unavailable.

You can additionally change your selection regarding analytics and marketing via the cookie settings on this page. A withdrawal applies for the future and means that optional technologies are no longer used.

For questions about cookies or other tracking/storage mechanisms, please contact privacy@emoria.app.

6. Managing cookie settings in common browsers

Cookies are stored on your device and you have full control over their use. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time via the browser or by calling up the help functions of your browser.

  • Google Chrome: Settings → Privacy and security → Cookies and other site data
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Microsoft Edge: Settings → Cookies and site permissions
  • Safari (macOS): Settings → Privacy → Manage Website Data
  • Safari (iOS): Settings app → Safari → Privacy & Security
  • Mobile browsers (Android/Chrome, iOS/Safari): browser settings → Privacy / Cookies

7. Third-party cookies and external domains

Some of the cookies listed above are not set by emoria.app but by integrated third-party providers on their own domains. We have only limited influence on this, as the cookie management of these providers is subject to their own privacy and cookie policies.

  • Cloudflare (cloudflare.com / Turnstile and proxy subdomains) — Privacy notice: https://www.cloudflare.com/privacypolicy/
  • Stripe (stripe.com, checkout.stripe.com) — Privacy notice: https://stripe.com/privacy
  • Meta (facebook.com / connect.facebook.net) when marketing consent is active — Privacy notice: https://www.facebook.com/policy.php
  • Google (google-analytics.com) for server-side GA4 — Privacy notice: https://policies.google.com/privacy

8. Do Not Track, Global Privacy Control and other browser signals

The platform respects the Global Privacy Control (GPC) browser signal as well as incoming Do Not Track (DNT) headers when handling initial consent: if a clear opt-out signal is detected and there is no express, manual consent yet, no non-essential cookies and trackers are set.

A consent subsequently given manually in the cookie banner overrides this default; a subsequent withdrawal of consent each takes effect for the future.

9. Updates to this Cookie Policy

This Cookie Policy is reviewed regularly and adapted to the technologies actually in use. Significant changes are communicated to you via the platform and, where applicable, again via the cookie banner.

Status of this Cookie Policy: 20 May 2026. Please send enquiries to privacy@emoria.app.

Cookie settings
No consent decision stored yet
Choose exactly which processing may be used for analytics and marketing. Your choice applies to this device and can be changed again at any time.

Necessary cookies

Always active

These cookies are required for login, security, language handling, cart state, and access to protected content.

Analytics

Disabled

Allows server-side reach, funnel, and conversion measurement via Google Analytics 4 for product and performance analysis.

Marketing

Disabled

Allows Meta Pixel, Meta Conversions API, and campaign attribution for retargeting, conversion optimization, and ad reporting.