Cookies
Last updated: 05.06.2026
Cookies are small text files stored on your device by your browser. Zeptix uses strictly necessary cookies to operate the service, plus an anonymous, cookieless first-party traffic measurement (no consent required). Optionally — and only after your consent via the cookie banner — we additionally use Google Analytics 4 (statistics) and Google Ads (marketing).
Anonymous, cookieless traffic measurement
Independently of the cookies above, Zeptix runs its own privacy-friendly traffic measurement to understand how many people visit our pages and where they come from. It stores no cookie and no identifier on your device; a visitor value is derived server-side from a daily-rotating salt plus a shortened IP and user agent and cannot be traced back to you. Because it is anonymous and not stored on your device, no consent is required. This measurement is not Google Analytics and the data is not shared with third parties.
Cookies
| Name | Type | Purpose | Duration | Flags | Provider |
|---|---|---|---|---|---|
vl_token | Necessary | Authentication of logged-in users (JWT session token) | 30 days | HttpOnly, Secure, SameSite=Lax | Zeptix |
zeptix_locale | Necessary | Language preference (DE/EN) | 30 days | SameSite=Lax | Zeptix |
zeptix_tenant | Necessary | Mapping of the current bot subdomain to the chat page | 1 day | SameSite=Lax | Zeptix |
vl_consent | Necessary | Stores your cookie consent (statistics/marketing on or off) | 180 days | Secure, SameSite=Lax | Zeptix |
_ga | Statistics | Google Analytics 4 — anonymized visitor distinction (only after consent) | 2 years | SameSite=Lax | |
_ga_<ID> | Statistics | Google Analytics 4 — per-property session state (only after consent) | 2 years | SameSite=Lax | |
_gcl_au | Marketing | Google Ads — ad conversion measurement (only after consent) | 90 days | SameSite=Lax |
Local storage
| Name | Type | Purpose | Duration | Flags | Provider |
|---|---|---|---|---|---|
zx-theme (localStorage) | Necessary | Theme preference (light/dark) | Until browser cache is cleared | — | Zeptix |
Embedded third-party services
Cloudflare Turnstile (Cloudflare, Inc., USA) is loaded on login, registration, newsletter and chat pages as bot protection. Turnstile is privacy-preserving and cookie-less by default but transmits technical request metadata (IP, user agent) to Cloudflare. Legal basis: Art. 6 (1)(f) GDPR. Details: zeptix.io/subprocessors.
Hosted chatbots and custom domains
Chatbots hosted on subdomains such as chat.zeptix.io use the same necessary Zeptix cookies and storage mechanisms. The respective bot operator is responsible for informing end users about any additional services they add themselves, such as analytics, advertising pixels, embedded media or custom payment/CRM integrations. Such optional services must not be activated without a valid legal basis and, where required, prior consent.
How to control cookies
You can delete or block cookies at any time in your browser settings. Note that blocking the necessary cookies may prevent you from using essential features (e.g. logging in).
Withdrawing consent
You gave (or declined) consent for statistics and marketing cookies via our cookie banner. You can change this at any time with no disadvantage — your choice is stored in the vl_consent cookie and applied immediately via Google Consent Mode v2:
Further information: Privacy policy · Subprocessors