Cookie Policy
Last Updated: February 18, 2026
1. Introduction
This Cookie Policy explains how Viallo (“we,” “us,” or “our”) uses cookies and similar technologies when you visit our website and use our services (collectively, the “Service”). This policy should be read together with our Privacy Policy.
2. What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They help websites remember your actions and preferences over time, so you don't have to keep re-entering them.
We also use similar technologies such as pixels (small invisible images used for analytics) and browser local/session storage.
3. Cookies and Storage We Use
3.1 Essential Cookies
These cookies are necessary for the Service to function properly. They enable core functionality such as authentication and security. The Service cannot function properly without these cookies, and they cannot be disabled.
| Name | Purpose | Duration |
|---|---|---|
accessToken | JWT authentication token to keep you signed in (httpOnly) | 365 days |
_csrf | CSRF protection token to prevent cross-site request forgery attacks (httpOnly) | Session |
viallo_gdpr_region | Records whether your region requires GDPR cookie consent (used to determine if the cookie banner should be shown) | 30 days |
viallo_cookie_consent | Records that you have made a cookie consent choice (the actual preferences are stored in browser local storage) | 365 days |
3.2 Functional Storage
These items are stored in your browser's local or session storage to remember your preferences and improve your experience.
| Key | Purpose | Type / Duration |
|---|---|---|
viallo_cookie_consent | Stores your cookie consent preferences (necessary, analytics, functional) as JSON | Local storage (persistent) |
duplicates-dismissed-* | Remembers whether you dismissed the duplicate photos warning for a specific album | Session storage (cleared on tab close) |
3.3 Analytics Cookies
These cookies help us understand how visitors interact with our Service. They are only set when you have given analytics consent (or are in a non-GDPR region).
| Cookie Name | Purpose | Duration |
|---|---|---|
_ga | Google Analytics 4 — distinguishes unique visitors | 2 years |
_ga_* | Google Analytics 4 — maintains session state | 2 years |
_fbp | Meta Pixel — identifies browsers for ad delivery and analytics | 3 months |
_fbc | Meta Pixel — stores click identifier when arriving from a Facebook ad | 3 months |
3.4 Marketing Cookies
These cookies are used to measure advertising effectiveness and deliver relevant ads. They are only set when you have given analytics consent.
| Cookie Name | Purpose | Duration |
|---|---|---|
_gcl_au | Google Ads — stores conversion data for ad clicks | 3 months |
4. Third-Party Services
The following third-party services may set their own cookies or collect data when you use the Service. We do not control these cookies.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics 4 | Website usage analytics and traffic analysis | View |
| Google Ads | Conversion tracking for advertising campaigns | View |
| Meta Pixel | Advertising analytics and conversion tracking for Meta (Facebook/Instagram) campaigns | View |
| Google reCAPTCHA v3 | Invisible spam and bot prevention during login and registration | View |
| Stripe | Secure payment processing for subscriptions (checkout and billing portal are hosted by Stripe) | View |
| Sentry | Error monitoring and performance tracking to help us fix bugs | View |
5. Share Link Analytics
When someone visits a shared album link, we collect analytics data to help album owners understand how their content is being accessed. This is server-side data collection, not cookie-based. The data includes:
- IP Address and User Agent: Used for security and to estimate unique visitors
- Device and Browser Information: Device type (mobile, tablet, desktop) and browser type
- Access Timestamps: When the shared link was accessed
This data is only visible to the album owner. We store IP addresses and user-agent strings in access logs for security and analytics purposes.
6. How We Use Cookies
We use cookies and similar technologies for the following purposes:
- Authentication: To keep you signed in across sessions
- Security: To protect against CSRF attacks and bot abuse
- Consent: To remember your cookie preferences and GDPR region
- Analytics: To understand how the Service is used and identify areas for improvement
- Advertising: To measure the effectiveness of our advertising campaigns
7. Your Cookie Choices
7.1 Cookie Consent Banner
If you are located in the EEA, UK, or Switzerland, we show a cookie consent banner on your first visit. You can choose to accept all cookies or only necessary cookies. You can change your preferences at any time on the Cookie Preferences page.
We use Google Consent Mode v2 to ensure that Google Analytics and Google Ads respect your consent choice. When consent is denied, Google may still send cookieless pings for conversion modeling, but no cookies are set and no personal data is collected. Similarly, the Meta Pixel respects your consent choice and will not track when analytics consent is denied.
7.2 Browser Settings
You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you block essential cookies, you may not be able to sign in or use core features of the Service.
7.3 Opt-Out Links
- Google Analytics: Google Analytics Opt-out Browser Add-on
- Meta (Facebook): Facebook Ad Preferences
8. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. Changes will be posted on this page with an updated “Last Updated” date.
9. Contact Us
If you have questions about our use of cookies, please contact us:
Company:
Zava Solutions LLC
Address:
30 N Gould St Ste N
Sheridan, WY 82801
United States
Email:
Related: Privacy Policy | Terms of Service | GDPR Compliance | Manage Cookie Preferences