Cookie Policy
Last updated: 14 May 2026
What cookies are
Cookies are small text files saved in your browser when you visit a site. They let the site recognise your browser across pages and visits, keep sessions alive, and measure usage. This page describes how fiz.co uses cookies and related technologies (localStorage, pixels, measurement requests).
Categories
We group cookies into three categories. The choice is made in the consent banner on your first visit and can be changed at any time via the Cookie settings link in the footer.
Necessary (always on)
Enable the site to run and record your consent choice. Cannot be turned off.
| Cookie | Provider | Duration | Purpose |
|---|---|---|---|
fiz_consent | FIZ (first-party) | 13 months | Stores your consent choice (categories and policy version) |
Analytics (optional)
Help us understand, in aggregate, how the site is used. Only set after you accept this category.
| Cookie | Provider | Duration | Purpose |
|---|---|---|---|
_ga | Google Analytics 4 | 2 years | Distinguishes users |
_ga_<ID> | Google Analytics 4 | 2 years | Maintains session state |
Marketing (optional)
Allow us to measure ad campaigns and attribute conversions. Only set after you accept this category.
| Cookie | Provider | Duration | Purpose |
|---|---|---|---|
_gcl_au | Google Ads | 90 days | Google Ads conversion attribution |
_fbp | Meta Pixel | 90 days | Meta (Facebook/Instagram) attribution |
fiz_attr | FIZ (first-party) | 7 days | Marks that the attribution event was already sent |
fiz_attr_src | FIZ (first-party) | 7 days | Stores the source (utm/referrer) used in the last attribution |
Related technologies
- localStorage (marketing category): we store the first URL with
utm_*parameters and the external referrer so the campaign source persists across pages and is forwarded to the app on sign-up. - Meta Pixel (marketing category): loaded via Google Tag Manager only after marketing consent.
- First-party attribution (marketing category): we send a GraphQL event to
app.fiz.co/graphwhen you arrive withutm_*/fbclid/gclid. The event includes URL, referrer, timezone, language, and screen dimensions — only after consent.
Consent Mode v2 and cookieless pings
We run Google Consent Mode v2 in “Advanced” mode. This means that until you give consent, Google Analytics 4 and Google Ads still send aggregated pings to Google for conversion modelling, but without persistent identifiers (no _ga, no _gcl_au, no IP-bound user ID). These pings:
- do not contain personal data within the meaning of Article 4(1) GDPR;
- transmit URL, referrer, screen dimensions — i.e. metadata any HTTP request carries;
- rely on legitimate interest as the lawful basis (Article 6(1)(f) GDPR).
If you would prefer no communication with Google servers at all until consent, contact us at the email below.
Managing your consent
- First visit: the banner appears at the bottom. Choose Accept, Reject, or Settings to choose by category.
- Change later: the Cookie settings link in the footer of any page.
- In your browser: you can block or delete cookies via your browser’s privacy settings.
Your rights
You have the right to access, rectify, erase, object to processing, and to data portability under the GDPR. To exercise these rights, contact us at [email protected].
The competent supervisory authority in Portugal is the Comissão Nacional de Proteção de Dados (CNPD).
Changes to this policy
When we make material changes to this policy, we update the date above and — if the change affects the processing categories — request fresh consent via the banner.
AT № 3041
NIPC 517696835
1200-082, Lisbon, Cais do Tojo 24