Cookie Policy

Effective date: 23 May 2026 · Last updated: 23 May 2026

Plain-English version: We set two small browser-storage items to remember your cookie choice. If you accept analytics, Google Analytics 4 sets two cookies to identify your sessions. We also send anonymous cookieless pings (no cookies, no identifier — just aggregate country/region/city stats) to Google Analytics for every visitor — see section 3.1. To opt out of everything including cookieless pings, enable Global Privacy Control in your browser. You can change your cookie choice any time from the button below.

1. What is a cookie (and what's similar)?

A "cookie" is a small file your browser stores on your device when you visit a website. We also use "localStorage" — a similar browser-storage mechanism that doesn't get sent to the server on every request, which is actually more private than traditional cookies. For simplicity, the rest of this page calls both "cookies".

Cookies can be:

First-party (set by am4a.ai itself) or third-party (set by another domain).
Session (deleted when you close your browser) or persistent (kept for a set time).
Strictly necessary (required for the site to function — exempt from consent) or optional (require your consent before being set).

2. Cookies we use

2.1 Strictly necessary (always on)

These are set without consent because they are required for a working consent banner, region detection, and basic site security. They do not identify you across sites.

Name	Type	Provider	Purpose	Retention
`am4a_consent`	localStorage (1st party)	am4a.ai	Stores your cookie consent choice (which categories you accepted) so we don't re-prompt on every page load.	30 days
`am4a_geo`	localStorage (1st party)	am4a.ai	Caches the result of a one-time country lookup so we know whether to show the strict EU/UK opt-in banner or the US-style opt-out banner. Country code only — no IP, no precise location.	7 days

2.2 Analytics cookies (set only with your consent)

These cookies are set only if you accept the "Analytics" category in the cookie banner. If you reject or have not yet chosen, these cookies are never set. Note: even without setting cookies, we still capture anonymous aggregate analytics via Consent Mode v2 cookieless pings — see section 3 below.

Name	Type	Provider	Purpose	Retention
`_ga`	Cookie (1st party)	Google Analytics 4	Distinguishes unique users by assigning a randomly generated client ID. Used to count unique visitors and sessions.	13 months
`_ga_<container-id>`	Cookie (1st party)	Google Analytics 4	Persists session state for the GA4 property assigned to am4a.ai.	13 months

We have configured GA4 with the most privacy-friendly settings available:

IP anonymization is enabled (your IP is truncated in-region before storage).
Google Signals is disabled — no cross-device tracking via signed-in Google accounts.
Ad-personalization signals are disabled — GA4 data is never used to target ads.
Data retention is set to 14 months (the shortest GA4 supports).

2.3 Marketing (reserved, not currently used)

The cookie banner includes a "Marketing" category for forward-compatibility. We do not currently set any marketing cookies regardless of your choice. If we ever add marketing trackers (e.g., LinkedIn Insight Tag for B2B retargeting), this page will be updated and — for visitors in jurisdictions that require it — you will be re-prompted for consent.

3. Other network connections (not cookies)

For completeness, here are network calls the site makes that don't involve setting cookies:

3.1 Google Analytics — cookieless pings (default for all visitors)

On every page load, your browser sends one anonymous, cookieless ping to Google Analytics. This is part of Google Consent Mode v2 and is enabled by default for all visitors regardless of your cookie choice. Each ping carries:

Country, region (state/province), and city — derived from your IP address by Google's server; the IP itself is not stored.
Browser family and OS family.
The referring site, if any.
UTM campaign parameters from the URL, if present.

These pings set no cookies and carry no persistent identifier. Google treats each ping as a brand-new anonymous visitor — no cross-page or cross-session linking. Reports show only aggregated counts (e.g., "X visitors from Seattle this week"), never individual records. This is processed under GDPR Art. 6(1)(f) (legitimate interest in aggregate analytics). Consent Mode v2 cookieless pings are widely treated as a privacy-respecting analytics pattern because they don't set cookies (so ePrivacy / PECR consent requirements don't apply) and the data is non-identifying in aggregate. Visitors with Global Privacy Control set in their browser are excluded — we fire no Google Analytics requests at all for GPC users, which is stronger than what clicking "Reject all" provides.

3.2 Google Analytics — full tracking (only after consent)

If you accept the "Analytics" category, the cookieless pings escalate to full GA4 tracking. This adds the two cookies in section 2.2 above plus persistent session continuity (the same visitor can be linked across pages within a session). Country/region/city granularity is the same as the cookieless ping; the difference is the addition of persistent identification.

3.3 Other connections

ipwho.is — a single GET request on first visit to determine your country code (used to decide which consent regime applies to your visit). No cookie is set by this lookup, and no persistent identifier is exchanged. The country code is cached in am4a_geo (above) so the lookup doesn't happen again for 7 days.
Subscribe Cloud Function — only invoked when you submit the "Stay in the Loop" form. Sends your email address to a Google Cloud Function. See the Privacy Policy for details.

4. How to change or withdraw your consent

You can change your cookie preferences at any time:

Click the button below (it's also in the footer of every page).
Toggle the categories you want, then click Save choices.
Your new choice takes effect immediately. If you previously accepted analytics and now revoke it, we delete the persistent _ga and _ga_<container-id> cookies from your browser the moment you click Save (so the ongoing Consent Mode v2 cookieless pings can't be tied back to your previous identified session).

You can also block or delete cookies directly in your browser settings:

Note that blocking strictly-necessary cookies via your browser may prevent the cookie banner from remembering your choice, in which case it will reappear on every visit.

5. Do Not Track + Global Privacy Control

We honor the Global Privacy Control (GPC) signal. If your browser sends GPC, we treat that as an opt-out of analytics and marketing automatically, regardless of your region — and we go further than "Reject all" by firing no Google network requests at all (not even the Consent Mode v2 cookieless ping that runs by default for non-GPC visitors). The legacy "Do Not Track" header is now widely-ignored and not part of any current standard, so we do not key behavior off it; use GPC instead.

6. Updates to this policy

If we add new cookies or change how existing ones work, we will update the "Last updated" date at the top of this page. Material additions to optional categories will trigger a re-prompt of the cookie banner for everyone.

7. Contact

Questions about cookies: info@am4a.ai