This Cookie Policy explains how JorgeX Technologies LLC (hereinafter "PhotoHeart", "we", "us" or "our") uses cookies and similar technologies when you visit our platform at photoheart.app.
1. Data Controller
Company Name: JorgeX Technologies LLC EIN: 61-2301728 Address: 30N Gould St Ste N, Sheridan, WY 82801, USA Email: privacy@photoheart.app
2. What Are Cookies?
Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit a website. They allow the site to remember your actions and preferences over a period of time.
By duration:
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain on your device until they expire or you delete them
By origin:
- First-party cookies: Set by the site you visit (photoheart.app)
- Third-party cookies: Set by other services (Google, Meta, etc.)
3. Cookies We Use
3.1. Essential Cookies (No Consent Required)
These cookies are strictly necessary for the service to function. They do not require consent under GDPR Art. 6.1.b.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| sb-access-token | Supabase | Authentication token | Session |
| sb-refresh-token | Supabase | Token renewal | 7 days |
3.2. Analytics Cookies (Consent Required)
These cookies help us understand how users interact with the platform. They are only activated if you accept analytics cookies.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Unique visitor identifier | 2 years |
| ga* | Google Analytics | Session state | 2 years |
| _gid | Google Analytics | Session identifier | 24 hours |
| _fbp | Meta Pixel | Advertising identifier | 3 months |
3.3. Local Storage (localStorage)
In addition to cookies, we use local storage to:
| Key | Purpose | Legal Basis |
|---|---|---|
| ph_cookie_consent | Save your cookie preference | Necessary |
| ph_theme | Save theme preference (light/dark) | Necessary |
| ph_lang | Save language preference | Necessary |
4. Tracking Technologies
4.1. Google Tag Manager (GTM)
- Container ID: GTM-W34DH8MV
- Purpose: Centralized analytics and advertising tag management
- Loading: The GTM container loads on every visit to public pages. It does not store its own first-party cookies or send personal data by itself
- Consent Mode v2: We use Google's Consent Mode v2. By default, all signals (
ad_storage,analytics_storage,ad_user_data,ad_personalization) are set todenied. They only change tograntedif you accept analytics or advertising cookies via the banner - What this means: GTM only fires measurement tags (GA4, Meta Pixel, Google Ads) when the corresponding signal is set to
granted. While signals remaindenied, GTM does not send personal data to those platforms - First-party cookies: None (it manages GA and Meta cookies when authorized)
4.2. Google Analytics 4 (GA4)
- Purpose: Service usage analysis
- IP Anonymization: Enabled
- Data collected:
- Pages visited
- Time on page
- Browser and device
- Country (no specific city)
- Legal basis: Consent (Art. 6.1.a)
4.3. Meta Pixel (Facebook)
- Purpose: Advertising conversion measurement
- Data collected: Conversion events (registration, subscription)
- Legal basis: Consent (Art. 6.1.a)
4.4. Vercel Analytics (Cookie-free)
- Purpose: Aggregated usage metrics
- Cookies: None (cookieless technology)
- Personal data: No identifiable data collected
- Legal basis: Legitimate interest (Art. 6.1.f)
4.5. Vercel Speed Insights (Cookie-free)
- Purpose: Performance metrics (Core Web Vitals)
- Cookies: None
- Data collected: LCP, FID, CLS, TTFB (technical metrics)
- Legal basis: Legitimate interest (Art. 6.1.f)
5. Consent System
When you first visit the public pages of PhotoHeart, you will see a banner that lets you choose:
- Essential only: Only cookies necessary for the service
- Accept all: Essential cookies + analytics
Where the banner is shown:
/(Home)/pricing(Pricing)/how-works(How it works)/contact(Contact)/blog(Blog)/login,/signup(Login/Signup)/terms,/privacy,/cookies(Legal)
Not shown on:
/manager/*(Photographer panel - private area)/g/*(Client public galleries)/calendar/*(Appointment booking)/contract/*(Contract signing)
Consent expiry: 12 months. After this time, the banner will appear again. Justification: RGPD recommendation to renew consent periodically.
6. How to Manage Cookies
You can change your cookie preferences at any time:
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Menu → Preferences → Privacy & Security
- Safari: Preferences → Privacy → Cookies
- Edge: Settings → Privacy, search, and services → Cookies
Specific opt-out:
- Google Analytics: tools.google.com/dlpage/gaoptout
- Meta/Facebook: facebook.com/settings/?tab=ads
Warning: If you block all cookies, some features of PhotoHeart may not work correctly, especially authentication.
7. Legal Basis by Technology
| Technology | Legal Basis | Justification |
|---|---|---|
| Session cookies (Supabase) | Art. 6.1.b | Necessary for the service |
| Google Tag Manager (container) | Art. 6.1.f | Legitimate interest (container loads without cookies or personal data) |
| Tags fired by GTM (GA4, Meta, Ads) | Art. 6.1.a | Consent required (Consent Mode v2) |
| Google Analytics | Art. 6.1.a | With consent only |
| Meta Pixel | Art. 6.1.a | With consent only |
| Vercel Analytics | Art. 6.1.f | No cookies, cookieless |
| Vercel Speed Insights | Art. 6.1.f | Technical metrics |
| localStorage (preferences) | Art. 6.1.b | Necessary for UX |
8. International Transfers
Some cookie providers are located outside the EEA:
| Provider | Location | Transfer Mechanism |
|---|---|---|
| Google (Analytics, GTM) | USA | EU-US Data Privacy Framework |
| Meta (Pixel) | USA | Standard Contractual Clauses |
| Vercel | Global | Standard Contractual Clauses |
| Supabase | EU (Frankfurt) | No transfer |
9. Updates to This Policy
We may update this Cookie Policy occasionally to reflect changes in the technologies we use or due to legal requirements. The "last updated" date at the top indicates when the last revision was made.
10. Contact
If you have questions about the use of cookies:
Email: privacy@photoheart.app General support: support@photoheart.app
If you believe we have not adequately addressed your rights, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es
Legal References
Related documents: