1. What cookies are
A cookie is a small text file a website stores in your browser to remember information between visits. Some cookies are essential for the site to work; others help us understand how the site is used.
2. Cookies and storage actually used on iot.cards
We use the smallest set of trackers we can. The full list as of the date above:
Strictly necessary (no consent required)
- Locale preference — stored in your browser's localStorage so the site remembers your language choice. First-party, no expiry, no PII.
- Cookie-consent choice — when you accept or reject below, we store the choice in your browser's localStorage (key
iotcards-cookie-consent) so we don't show the banner on every page. First-party, no expiry, no PII. - Stripe Checkout — when you start a purchase from
/tienda, you are redirected to Stripe's hosted checkout, which sets its own cookies for payment security and fraud prevention. See Stripe's cookie settings.
Analytics — only with your consent
- Google Analytics 4 (GA4) — when you click "Accept" in the cookie banner, we load Google Analytics with anonymized IPs and Consent Mode v2 enabled. GA4 sets a small number of first-party cookies (
_ga,_ga_*) to measure aggregated visit behavior (most-visited pages, device class, approximate country, conversion events such as form submissions and kit purchases). We use this data only to improve the site. No personal identification, no remarketing, no cross-site profiling. GA4 cookies expire after 2 years. - Vercel Analytics — privacy-first first-party page-view counter run by our hosting provider. Does not set cookies and does not require consent.
Advertising — only with your consent
- Google Ads — when you click "Accept" in the cookie banner, we enable Google Ads conversion measurement so we can attribute paid clicks to the form submissions and kit purchases they produce. This sets first-party cookies (
_gcl_au,_gcl_aw,_gcl_dc) on iot.cards and lets Google Ads receive identified conversion signals. Used solely to measure ad campaign effectiveness on our own site — no cross-site profiling and no remarketing audiences. Cookies typically expire in 90 days. The four Consent Mode v2 flags (ad_storage,ad_user_data,ad_personalization,analytics_storage) all stay denied if you reject; if you accept, all four are set to granted. - Enhanced conversions — when you submit a contact form, your email (and phone, if provided) is hashed with SHA-256 in your browser before being sent to Google Ads, so Google can match conversions back to the click without ever receiving your plain-text contact details. The hashed value cannot be reversed to recover the original email or phone.
3. Managing your preferences
The cookie banner shown on your first visit lets you accept or reject analytics with one click; rejecting is as easy as accepting. You can change your choice at any time by clearing the iotcards-cookie-consent entry in your browser's site data (Settings → Privacy → Cookies / Site data → iot.cards), which will make the banner show again on your next visit.
4. Third parties
The third-party services we use that may set or read cookies on the iot.cards domain are: Google Analytics 4 (Google LLC, US — analytics, only with your consent), Google Ads (Google LLC, US — conversion measurement, only with your consent), Stripe (Stripe Payments Europe, Ltd, IE — checkout), and Resend (Resend Inc., US — transactional email; no cookies set on iot.cards itself, only at the moment you submit a form). We use the standard contractual clauses where required for international data transfers.
5. Contact
For any question about cookies or to exercise your rights under the GDPR, write to dpo@iot.cards.