Cookies Policy
This Cookie Policy governs your (“you” or “your”) access to and use of the GreendaAI™ platform, including the website greenda.ai and the GreendaAI™ mobile application (available on iOS and Android), operated by GreendaAI GmbH (“we”, “our” or “us”). This policy explains what cookies are, which cookies and tracking technologies we use, why we use them, and how you can manage your preferences. It should be read alongside our Privacy Policy (greenda.ai/privacy-policy).
1. What Are Cookies?
Cookies are small text files placed on your browser or device when you visit a website. They allow the website to recognise your device and remember information about your visit. Cookies may be:
- Session cookies: temporary cookies deleted automatically when you close your browser.
- Persistent cookies: stored on your device for a defined period or until you delete them.
In addition to cookies, we use similar tracking technologies such as pixel tags and device identifiers (e.g. in our mobile application).
2. Your Consent and Legal Basis
Under the GDPR and the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG), we are required to obtain your prior consent before placing non-essential cookies on your device. The legal bases we rely on are:
- Strictly necessary cookies: no consent required. These are placed on the basis of our legitimate interest in operating a secure and functional website (Art. 6(1)(f) GDPR) and are exempt from consent requirements under Art. 5(3) ePrivacy Directive.
- All other cookies (functionality, analytics, tracking, advertising): placed only with your explicit consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time without affecting the lawfulness of prior processing.
You can manage or withdraw your consent at any time via our cookie preference centre at greenda.ai/updatecookies or through your browser settings (see Section 4).
3. Cookies and Tracking Technologies We Use
The table below sets out all cookies and tracking technologies currently active on greenda.ai, grouped by category. The two legacy GA4 property cookies (_ga_LXTM6CQ0XK and _ga_MZ2GZH2HZJ) have been removed and replaced by the primary GA4 property (_ga_0KL2FVRWMK). If you encounter these legacy cookies in your browser, they are residual and will expire naturally.
3.1 Website Cookies — greenda.ai
|
Cookie Name |
Category |
Provider |
Purpose |
Legal Basis |
Expiry |
|---|---|---|---|---|---|
|
__cf_bm |
Strictly Necessary |
Cloudflare (via HubSpot CDN) |
Bot protection and abuse prevention |
Strictly necessary — no consent required |
30 minutes |
|
__cfruid |
Strictly Necessary |
Cloudflare (via HubSpot CDN) |
Detects malicious actors on the CDN layer |
Strictly necessary — no consent required |
Session |
|
__cfuvid |
Strictly Necessary |
Cloudflare (via HubSpot CDN) |
Rate limiting and abuse detection on the CDN layer |
Strictly necessary — no consent required |
Session |
|
__hs_opt_out |
Functionality |
HubSpot |
Remembers that the visitor has already been asked to accept cookies |
Consent (Art. 6(1)(a) GDPR) |
6 months |
|
__hs_do_not_track |
Functionality |
HubSpot |
Prevents tracking code from sending information to HubSpot when visitor opts out |
Consent (Art. 6(1)(a) GDPR) |
6 months |
|
__hs_initial_opt_in |
Functionality |
HubSpot |
Prevents the cookie banner from displaying repeatedly to visitors in strict mode |
Consent (Art. 6(1)(a) GDPR) |
7 days |
|
__hs_cookie_cat_pref |
Functionality |
HubSpot |
Records the cookie categories the visitor consented to |
Consent (Art. 6(1)(a) GDPR) |
6 months |
|
__hs_gpc_banner_dismiss |
Functionality |
HubSpot |
Records dismissal of the Global Privacy Control banner |
Consent (Art. 6(1)(a) GDPR) |
180 days |
|
__hs_notify_banner_dismiss |
Functionality |
HubSpot |
Records dismissal of the HubSpot notify consent banner |
Consent (Art. 6(1)(a) GDPR) |
180 days |
|
__hssrc |
Functionality |
HubSpot |
Determines if the visitor has restarted their browser session |
Consent (Art. 6(1)(a) GDPR) |
Session |
|
_ga |
Analytics |
Google (GA4) |
Distinguishes unique website users by assigning a randomly generated client ID |
Consent (Art. 6(1)(a) GDPR) |
2 years |
|
_ga_0KL2FVRWMK |
Analytics |
Google (GA4) |
Tracks session state and page interactions for the primary GA4 property |
Consent (Art. 6(1)(a) GDPR) |
2 years |
|
mp_* |
Analytics |
Mixpanel |
Tracks feature interactions and usage patterns within the platform to support product development |
Consent (Art. 6(1)(a) GDPR) |
2 years |
|
__hstc |
Tracking |
HubSpot |
Primary tracking cookie for visitor identification across sessions |
Consent (Art. 6(1)(a) GDPR) |
6 months |
|
hubspotutk |
Tracking |
HubSpot |
Tracks visitor identity and is passed to HubSpot on form submission to prevent duplicate contacts |
Consent (Art. 6(1)(a) GDPR) |
6 months |
|
__hssc |
Tracking |
HubSpot |
Tracks session activity to determine whether to increment the session number in __hstc |
Consent (Art. 6(1)(a) GDPR) |
30 minutes |
|
_fbp |
Advertising |
Meta (Facebook) |
Identifies browser and device to deliver, measure, and improve the relevance of Meta ads |
Consent (Art. 6(1)(a) GDPR) |
3 months |
|
_fbc |
Advertising |
Meta (Facebook) |
Captures the ad click referral code from Facebook/Instagram ad campaigns |
Consent (Art. 6(1)(a) GDPR) |
3 months |
3.2 Mobile Application — Device Identifiers
The GreendaAI™ mobile application does not use browser cookies. However, it uses the following device-level identifiers and tracking SDKs:
- Firebase Cloud Messaging (FCM) token (Google LLC, USA): a device-specific push notification token stored to enable delivery of treatment plan notifications and service alerts. This identifier is necessary for the core service and is processed on the basis of contractual necessity (Art. 6(1)(b) GDPR). Transfers to Google LLC in the USA are governed by Standard Contractual Clauses (SCCs).
- Mixpanel SDK (Mixpanel Inc., USA): tracks in-app feature interactions and usage patterns (pseudonymised) to support product analytics and development. Active only where you have provided consent. Transfers to the USA are governed by SCCs.
4. Managing and Withdrawing Consent
You have full control over non-essential cookies. You can manage your preferences at any time through:
- GreendaAI™ Cookie Preference Centre: visit greenda.ai/updatecookies to review and update your consent choices at any time.
- Browser settings: you can block or delete cookies directly in your browser. Note that disabling certain cookies may affect the functionality of the greenda.ai website.
Browser-specific instructions:
- Google Chrome: Settings → Privacy and Security → Cookies and other site data
- Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data
- Apple Safari: Preferences → Privacy → Manage Website Data
- Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies
⚠ Disabling strictly necessary cookies (Cloudflare) is not recommended and may affect website security and performance. Disabling functionality or analytics cookies will not prevent you from using the core platform.
5. Third-Party Cookies and International Transfers
Some cookies on our website are set by third-party providers. We do not control these third parties’ use of data once their cookies are placed. The following third parties set cookies or process data collected via cookies on greenda.ai:
- Google LLC (USA): GA4 analytics and Firebase. Transfers to the USA are governed by SCCs. Google’s privacy policy: policies.google.com/privacy.
- HubSpot Inc. (USA): CRM tracking, consent management, and form submission cookies. Transfers to the USA are governed by SCCs. HubSpot’s privacy policy: legal.hubspot.com/privacy-policy.
- Cloudflare Inc. (USA): bot protection and CDN security cookies (set via HubSpot CDN). Cloudflare’s privacy policy: cloudflare.com/privacypolicy.
- Meta Platforms Ireland Ltd. (Ireland / USA): advertising and conversion tracking cookies (_fbp, _fbc). Data may be transferred to Meta’s US servers under SCCs. Meta’s privacy policy: facebook.com/privacy/policy.
- Mixpanel Inc. (USA): in-app analytics SDK. Transfers to the USA are governed by SCCs. Mixpanel’s privacy policy: mixpanel.com/legal/privacy-policy.
6. How Long Do Cookies Last?
Cookie durations vary by type and provider. As a general guide:
- Session cookies: expire when you close your browser.
- Short-lived cookies (30 minutes – 7 days): primarily HubSpot consent and session management cookies.
- Medium-duration cookies (3 – 6 months): HubSpot tracking and Meta advertising cookies.
- Long-duration cookies (2 years): Google Analytics (GA4) and Mixpanel identifiers.
Exact expiry periods for each cookie are listed in the table in Section 3.
7. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes to the cookies we use, our services, or applicable law. The date of the latest revision is shown at the top of this document. We will notify you of material changes via our cookie preference centre or by displaying a notice on greenda.ai. Previous versions may be requested at contact@greenda.ai.
8. Contact Us
For any questions about this Cookie Policy or your cookie preferences:
GreendaAI™ GmbH
c/o Design Offices München Macherei
Weihenstephaner Str. 12
81673 Munich
Germany
Email: contact@greenda.ai