Cookie Policy

Last updated: 2026-06-20

ThinkUp uses cookies and local storage to operate the site, remember your preferences, and — with your consent where required — measure traffic and attribute ad conversions. This policy explains what we use, why, and how you can control it.

What Is a Cookie?

A cookie is a small text file placed on your device by a website. Cookies allow the site to remember information between page loads (e.g. your theme preference) or between sessions (e.g. your consent choices). Local storage is a similar browser feature that persists data without an expiry date unless cleared manually.

Cookies and Storage We Use

Necessary (always active — no consent required)

These are essential for the site to function and cannot be switched off.

cc_cookie

  • Type: 1st-party cookie
  • Set by: vanilla-cookieconsent (our consent management platform)
  • Purpose: stores your cookie consent choices so we don't ask on every page load
  • Duration: 6 months (library default)

__cf_bm

  • Type: 3rd-party cookie (Cloudflare)
  • Set by: Cloudflare, Inc. — our CDN and DDoS protection provider
  • Purpose: bot management and rate limiting
  • Duration: 30 minutes

_cf_clearance

  • Type: 3rd-party cookie (Cloudflare)
  • Set by: Cloudflare, Inc.
  • Purpose: proves a challenge was passed (prevents repeated bot checks)
  • Duration: 30 minutes to 24 hours

Analytics (requires consent from EEA/UK visitors)

These cookies help us understand how visitors use the site.

_ga

  • Type: 1st-party cookie (Google Analytics 4)
  • Set by: Google LLC
  • Purpose: distinguishes unique users for session and audience reporting
  • Duration: 2 years
  • Consent Mode signal: analytics_storage

_ga_* (e.g. _ga_XXXXXXXX)

  • Type: 1st-party cookie (Google Analytics 4)
  • Set by: Google LLC
  • Purpose: persists session state for the specific GA4 measurement ID
  • Duration: 2 years
  • Consent Mode signal: analytics_storage

Advertising (requires consent from EEA/UK visitors)

These cookies are used for conversion tracking and remarketing via Google Ads.

ctid

  • Type: 1st-party signed cookie (HMAC-SHA256, set by ThinkUp)
  • Purpose: links your Google Click ID (gclid) to your session so we can attribute ad spend to conversions. The value is cryptographically signed; it cannot be forged.
  • Duration: browser session
  • Consent Mode signal: ad_storage, ad_user_data, ad_personalization

_gcl_au and other _gcl_* cookies

  • Type: 1st-party cookies (Google Ads)
  • Set by: Google LLC
  • Purpose: conversion tracking and remarketing measurement
  • Duration: 90 days
  • Consent Mode signal: ad_storage, ad_user_data, ad_personalization

Functionality

These enhance usability without tracking you across sites. You can turn this category off in Cookie preferences; your theme choice then applies for the current visit only and is not stored.

theme (localStorage)

  • Type: 1st-party local storage entry
  • Purpose: remembers whether you prefer light or dark mode
  • Duration: persistent (until you clear browser storage, change your preference, or withdraw Functionality consent)
  • Consent Mode signal: functionality_storage, personalization_storage (granted by default; denied by default for EEA/UK visitors until accepted, and can be withdrawn via Cookie preferences)

Consent Mode v2

ThinkUp implements Google Consent Mode v2. This means Google's tags (Analytics and Ads) respect your consent before firing measurement signals. The mapping between our consent categories and Google's seven consent signals is:

Our category Google Consent Mode signals
Necessary security_storage: granted (always)
Analytics analytics_storage
Advertising ad_storage, ad_user_data, ad_personalization
Functionality functionality_storage, personalization_storage

When a consent signal is denied, Google's tag operates in a reduced-data mode (no cookies set for that purpose; pings may still be sent for modelling if permitted by Google's terms).

EEA/UK Geo-Gating

We detect your country client-side: your browser makes a lightweight request to /cdn-cgi/trace (a Cloudflare endpoint) and reads the loc field from the response. If your IP resolves to a country in the European Economic Area (EEA, which includes all 27 EU member states plus Iceland, Liechtenstein, and Norway) or the United Kingdom, your consent for analytics and advertising signals defaults to denied when you first visit. A cookie banner appears so you can accept or refuse these categories.

For all other visitors (currently primarily the United States), consent defaults to granted because GDPR and the UK GDPR do not apply. No banner is shown.

If you travel between regions, the consent default is determined at each new session by your current IP location.

Your Choices

You can change your consent preferences at any time:

  • Via the cookie banner: shown automatically to EEA/UK visitors on first visit.
  • Via the "Cookie preferences" link: in the site footer, available to all visitors.

You can also clear cookies directly in your browser settings. Note that clearing cookies will reset your consent choices, and the banner will reappear on your next visit.

Contact

Questions about our cookie practices? Contact us at contact@thinkup.com.

Unixal SAS, 10 rue Sainte-Odile, 67530 Bœrsch, France.