Cookie Policy
Last updated: 2026-06-04
We use cookies and similar technologies to make the site work and, only with your consent, for analytics and marketing. This policy explains what we use, why, and how you can control your choice.
What they are and the legal basis
Cookies are small files stored on your device; we also use pixels and server-side measurement events. Storing or reading information on your device for non-essential purposes happens only with your prior consent (Art. 4(5) of Law 506/2004 and Art. 6(1)(a) GDPR). Strictly necessary cookies do not require consent.
Categories
Necessary (always on): essential for the site to function and stay secure. Cannot be disabled.
Analytics (optional): helps us understand how the site is used (e.g. Hotjar, Google Analytics).
Marketing (optional): enables ad measurement and optimisation.
List of cookies and technologies
yab_sid, yes.abeauty.ro (first-party), identifies your questionnaire session to keep your answers, Necessary, 1 hour.
yab_consent, yes.abeauty.ro (first-party), stores your cookie choice, Necessary, 180 days.
yab_pixel_lead, yes.abeauty.ro (first-party, session storage), briefly hands off your submission to the confirmation step, Necessary, cleared at end of session.
yab_click, yes.abeauty.ro (first-party; set only with marketing consent), stores ad click identifiers (gclid, gbraid, wbraid, fbclid, ttclid) and campaign parameters (UTM) for conversion measurement, Marketing, 90 days.
Cloudflare Turnstile, Cloudflare, anti-bot protection at form submission; strictly necessary to secure the service, not used for analytics or advertising, Necessary, session / short-lived.
_fbp, _fbc, Meta (set by Meta Pixel, only with marketing consent), browser and click identifiers for ad measurement, Marketing, up to 90 days (typical).
_hjSession_*, _hjSessionUser_*, _hjFirstSeen and similar, Hotjar (first-party, set only with analytics consent), session recording and interaction heatmaps to understand site usage; text is masked, so questionnaire answers are not recorded, Analytics, from 30 minutes up to 12 months (typical).
Server-side measurement events (Google Analytics 4 via the Measurement Protocol, Meta Conversions API, Google Ads Enhanced Conversions), Google/Meta, conversion measurement. We do NOT run client-side Google Analytics, so no “_ga”/“_ga_*” cookies are set in your browser; GA4 receives events from our server, only with the corresponding consent, Analytics/Marketing, not applicable (no browser cookie).
Note: durations are typical provider values and can be verified in your browser.
Server-side measurement
Most measurement happens on our servers, using the same identifiers and hashed contact data; where the Meta Pixel is loaded (only with marketing consent) it may also send a browser event. All of this measurement is done only with the corresponding consent (analytics for Google Analytics; marketing for Meta and Google Ads). Hashing does not anonymise the data, only pseudonymises it, so consent is still required.
International transfers
Google, Meta and Cloudflare are in the US; transfers rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses. See the transfers section of the Privacy Policy.
How to change your choice
You can accept, reject or customise your choice from the consent banner. You can change your choice at any time, as easily as you gave it; withdrawal stops further collection. Analytics and marketing cookies do not load before your consent.
Duration and updates
We keep your choice for about 6 months, after which we ask again; we may re-ask sooner if we change the provider list. We may update this policy; the last-updated date is shown above.