Cookie Policy

Last updated: 24 de abril de 2026

This Cookie Policy explains how JorgeX Technologies LLC (hereinafter "PhotoHeart", "we", "us" or "our") uses cookies and similar technologies when you visit our platform at photoheart.app.

1. Data Controller

Company Name: JorgeX Technologies LLC EIN: 61-2301728 Address: 30N Gould St Ste N, Sheridan, WY 82801, USA Email: privacy@photoheart.app

2. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit a website. They allow the site to remember your actions and preferences over a period of time.

By duration:

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Remain on your device until they expire or you delete them

By origin:

  • First-party cookies: Set by the site you visit (photoheart.app)
  • Third-party cookies: Set by other services (Google, Meta, etc.)

3. Cookies We Use

3.1. Essential Cookies (No Consent Required)

These cookies are strictly necessary for the service to function. They do not require consent under GDPR Art. 6.1.b.

CookieProviderPurposeDuration
sb-access-tokenSupabaseAuthentication tokenSession
sb-refresh-tokenSupabaseToken renewal7 days

3.2. Analytics Cookies (Consent Required)

These cookies help us understand how users interact with the platform. They are only activated if you accept analytics cookies.

CookieProviderPurposeDuration
_gaGoogle AnalyticsUnique visitor identifier2 years
ga*Google AnalyticsSession state2 years
_gidGoogle AnalyticsSession identifier24 hours
_fbpMeta PixelAdvertising identifier3 months

3.3. Local Storage (localStorage)

In addition to cookies, we use local storage to:

KeyPurposeLegal Basis
ph_cookie_consentSave your cookie preferenceNecessary
ph_themeSave theme preference (light/dark)Necessary
ph_langSave language preferenceNecessary

4. Tracking Technologies

4.1. Google Tag Manager (GTM)

  • Container ID: GTM-W34DH8MV
  • Purpose: Centralized analytics and advertising tag management
  • Loading: The GTM container loads on every visit to public pages. It does not store its own first-party cookies or send personal data by itself
  • Consent Mode v2: We use Google's Consent Mode v2. By default, all signals (ad_storage, analytics_storage, ad_user_data, ad_personalization) are set to denied. They only change to granted if you accept analytics or advertising cookies via the banner
  • What this means: GTM only fires measurement tags (GA4, Meta Pixel, Google Ads) when the corresponding signal is set to granted. While signals remain denied, GTM does not send personal data to those platforms
  • First-party cookies: None (it manages GA and Meta cookies when authorized)

4.2. Google Analytics 4 (GA4)

  • Purpose: Service usage analysis
  • IP Anonymization: Enabled
  • Data collected:
    • Pages visited
    • Time on page
    • Browser and device
    • Country (no specific city)
  • Legal basis: Consent (Art. 6.1.a)

4.3. Meta Pixel (Facebook)

  • Purpose: Advertising conversion measurement
  • Data collected: Conversion events (registration, subscription)
  • Legal basis: Consent (Art. 6.1.a)

4.4. Vercel Analytics (Cookie-free)

  • Purpose: Aggregated usage metrics
  • Cookies: None (cookieless technology)
  • Personal data: No identifiable data collected
  • Legal basis: Legitimate interest (Art. 6.1.f)

4.5. Vercel Speed Insights (Cookie-free)

  • Purpose: Performance metrics (Core Web Vitals)
  • Cookies: None
  • Data collected: LCP, FID, CLS, TTFB (technical metrics)
  • Legal basis: Legitimate interest (Art. 6.1.f)

When you first visit the public pages of PhotoHeart, you will see a banner that lets you choose:

  • Essential only: Only cookies necessary for the service
  • Accept all: Essential cookies + analytics

Where the banner is shown:

  • / (Home)
  • /pricing (Pricing)
  • /how-works (How it works)
  • /contact (Contact)
  • /blog (Blog)
  • /login, /signup (Login/Signup)
  • /terms, /privacy, /cookies (Legal)

Not shown on:

  • /manager/* (Photographer panel - private area)
  • /g/* (Client public galleries)
  • /calendar/* (Appointment booking)
  • /contract/* (Contract signing)

Consent expiry: 12 months. After this time, the banner will appear again. Justification: RGPD recommendation to renew consent periodically.

6. How to Manage Cookies

You can change your cookie preferences at any time:

  • Chrome: Settings → Privacy and security → Cookies
  • Firefox: Menu → Preferences → Privacy & Security
  • Safari: Preferences → Privacy → Cookies
  • Edge: Settings → Privacy, search, and services → Cookies

Specific opt-out:

Warning: If you block all cookies, some features of PhotoHeart may not work correctly, especially authentication.

TechnologyLegal BasisJustification
Session cookies (Supabase)Art. 6.1.bNecessary for the service
Google Tag Manager (container)Art. 6.1.fLegitimate interest (container loads without cookies or personal data)
Tags fired by GTM (GA4, Meta, Ads)Art. 6.1.aConsent required (Consent Mode v2)
Google AnalyticsArt. 6.1.aWith consent only
Meta PixelArt. 6.1.aWith consent only
Vercel AnalyticsArt. 6.1.fNo cookies, cookieless
Vercel Speed InsightsArt. 6.1.fTechnical metrics
localStorage (preferences)Art. 6.1.bNecessary for UX

8. International Transfers

Some cookie providers are located outside the EEA:

ProviderLocationTransfer Mechanism
Google (Analytics, GTM)USAEU-US Data Privacy Framework
Meta (Pixel)USAStandard Contractual Clauses
VercelGlobalStandard Contractual Clauses
SupabaseEU (Frankfurt)No transfer

9. Updates to This Policy

We may update this Cookie Policy occasionally to reflect changes in the technologies we use or due to legal requirements. The "last updated" date at the top indicates when the last revision was made.

10. Contact

If you have questions about the use of cookies:

If you believe we have not adequately addressed your rights, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es



Related documents: