FollowUP CRM - Cookie Policy
Effective Date: 10 May 2026 Version: 2.0 Last Updated: 10 May 2026 Governing Language: English (Georgian translation provided for informational purposes only; in case of conflict, this English version controls.)
📋 Quick Summary (TL;DR)
- What this is. This Cookie Policy explains how FollowUP CRM (operated by Sales Consulting Group LLC, Georgia) uses cookies and similar technologies on followup.agency and within the FollowUP CRM Platform.
- Your control. When you first visit our website from the EEA, UK, or another jurisdiction requiring it, you'll see a cookie banner asking your consent. You can accept all, reject all (except strictly necessary), or customize by category. You can change your choice at any time via the "Cookie Preferences" link in our website footer.
- What we use. Strictly necessary cookies (always on), functional cookies (with consent), analytics cookies (with consent), and marketing cookies (with consent).
- Third-party signals we honor. We respect Global Privacy Control (GPC) as a valid opt-out for cross-context behavioral advertising, in line with California law.
- Full details below. Including a category-by-category cookie inventory.
1. What Cookies Are
Cookies are small text files that websites place on your device (computer, phone, tablet) when you visit them. They allow the website to remember your actions and preferences (language, login state, items in a cart, etc.) over time, so you don't have to re-enter them every time you return or move between pages.
Similar technologies include:
- Local storage and session storage (HTML5) - data stored in your browser, similar to cookies but with larger capacity and different expiration behavior.
- Pixels (also called web beacons or tracking pixels) - tiny invisible images that signal to a server when an email is opened or a page is loaded.
- Software Development Kits (SDKs) - code embedded in mobile apps that performs cookie-like functions.
- Server-side tracking - including Conversion APIs (e.g., Meta CAPI), where data flows from our servers to advertising platforms instead of (or in addition to) browser-based pixels.
- Fingerprinting - collection of device and browser characteristics (screen size, fonts, timezone, etc.) to identify a device. We do not engage in browser fingerprinting for tracking purposes.
In this Policy, the word "cookies" includes all of these technologies unless context indicates otherwise.
2. The Two Surfaces We Operate
We use cookies in two distinct contexts:
2.1 Our Marketing Website (followup.agency)
When you visit our public website - landing pages, blog posts, pricing pages, signup flows - we use cookies to:
- make the site work (load balancing, security, language preferences);
- understand how visitors use the site (analytics);
- show relevant ads on third-party platforms about our services (marketing).
This Policy primarily addresses these website cookies.
2.2 The FollowUP CRM Platform (After Login)
When you are logged into the Platform, we use a smaller set of cookies, mostly strictly necessary for the Platform to function (session management, security, CSRF protection, feature flags). Marketing and advertising cookies are not loaded inside the logged-in Platform experience.
Note. When you, as our Customer, deploy the Platform's website builder, funnel builder, or chat widget on your own websites for your end users, your cookie practices on those sites are your responsibility under data protection law. We provide tools (cookie banner integrations, consent capture features) that help you, but you are the controller in that context. See your DPA for details.
3. Categories of Cookies We Use
We classify cookies into four categories. The cookie banner you see on first visit lets you accept or reject categories independently (except "strictly necessary," which cannot be rejected because the site cannot function without them).
3.1 Strictly Necessary Cookies
Always loaded. No consent required (per ePrivacy Directive Art. 5(3) exception).
These cookies are essential to operate our website and Platform - load balancing, secure form submission, login session, fraud prevention. Without them, the site would not function.
3.2 Functional Cookies
Loaded only with your consent.
These cookies remember your preferences (language, region, accessibility settings, "remember me" on login forms) to provide a more personalized experience. They are not strictly necessary but improve usability.
3.3 Analytics / Performance Cookies
Loaded only with your consent.
These cookies collect information about how visitors use our website - which pages are most popular, how visitors arrive, how long they stay, what errors they encounter. We use this to improve the website's structure, content, and performance.
We use Google Analytics 4 (GA4) with IP anonymization enabled. Even with anonymization, certain regulators (notably the Austrian Datenschutzbehörde, the French CNIL, and the Italian Garante) have at various times raised concerns about Google Analytics. We rely on Google's certification under the EU-U.S. Data Privacy Framework as the lawful transfer mechanism. We do not claim that data collected by Google Analytics is "anonymous" - IP addresses and Client IDs are personal data under GDPR.
3.4 Marketing / Advertising Cookies
Loaded only with your consent.
These cookies track your activity across websites to enable personalized advertising. They are typically set by third-party advertising platforms (Meta Pixel, Google Ads, LinkedIn Insight Tag, TikTok Pixel) when you visit our site, allowing those platforms to show you ads about FollowUP CRM elsewhere on the web.
Transparency about what this means: when you accept marketing cookies, your visit to our site can be associated by third-party advertising platforms with your account on those platforms (Facebook, Google, LinkedIn, TikTok). The advertising platforms then use this data, combined with their own data about you, to show you our ads. You can reject this category, and you can also opt out independently with each advertising platform.
We do not "sell" personal data for monetary consideration, but loading these cookies may constitute "sharing" under California's CCPA/CPRA. California residents can opt out via our cookie banner or by enabling Global Privacy Control (see Section 7).
4. Detailed Cookie Inventory
The cookies listed below are the actual technologies deployed on followup.agency as of the Effective Date. We update this inventory whenever we add, replace, or remove a tracking technology.
Strictly Necessary
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
cookie_consent | followup.agency (1st party) | Stores your cookie banner choice | 12 months | First-party |
__cf_bm / cf_clearance | Cloudflare | Bot mitigation, DDoS protection | Session / 30 minutes | First-party (set by Cloudflare on our domain) |
XSRF-TOKEN / csrf_token | followup.agency | Cross-site request forgery protection | Session | First-party |
session_id | followup.agency / app.followup.agency | Login session, authentication state | Session (or "remember me" duration) | First-party |
| Flitt / TBC Bank session cookies | Payment processor (Flitt) | Secure checkout session, fraud prevention | Session | Third-party (only loaded on checkout pages) |
Functional
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
lang_pref | followup.agency | Remembers language preference (Georgian / English) | 12 months | First-party |
| HighLevel chat widget cookies | HighLevel (LeadConnector) | Maintains live chat session, recognizes returning visitors | 12 months | Third-party (loaded by HighLevel when chat widget is opened) |
Analytics / Performance
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
_ga | Google Analytics 4 | Distinguishes unique users | 24 months | First-party |
_ga_<container_id> | Google Analytics 4 | Stores session state for GA4 | 24 months | First-party |
_gid | Google Analytics | Distinguishes users (24-hour) | 24 hours | First-party |
_gat | Google Analytics | Throttles request rate | 1 minute | First-party |
Marketing / Advertising
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
_fbp | Meta (Facebook) Pixel | Identifies browser for Meta ad delivery & measurement | 3 months | First-party (set by Meta Pixel) |
_fbc | Meta Pixel | Tracks click-through from Facebook/Instagram ads | 3 months | First-party |
fr | Meta | Advertising on Facebook | 3 months | Third-party |
_gcl_au | Google Ads | Conversion tracking for Google Ads campaigns | 3 months | First-party |
IDE, DSID, NID | DoubleClick / Google Ads | Retargeting, conversion tracking | 1-24 months | Third-party |
li_sugr, bcookie, lidc | LinkedIn Insight Tag | LinkedIn ad targeting and conversion tracking | Up to 24 months | Third-party |
_ttp, _tt_enable_cookie | TikTok Pixel | TikTok advertising and conversion tracking | 13 months | First-party |
Server-Side Tracking
We may also use server-side conversion tracking (e.g., Meta Conversions API, Google Enhanced Conversions, server-side GTM) where conversion events flow from our servers to advertising platforms. This bypasses browser-based cookie limitations but is still subject to your consent - server-side tracking events are only fired where you have given consent for the relevant marketing category.
Third-Party Privacy Policies
Each third-party provider has its own privacy policy. For more information, see:
- Google Analytics & Google Ads: https://policies.google.com/privacy
- Meta (Facebook, Instagram): https://www.facebook.com/policy.php
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- TikTok: https://www.tiktok.com/legal/privacy-policy
- Cloudflare: https://www.cloudflare.com/privacypolicy/
- HighLevel (LeadConnector): https://www.gohighlevel.com/privacy-policy
- Flitt / TBC Bank: https://tbcbank.ge (refer to TBC's privacy policy)
5. Legal Basis for Each Category
| Cookie Category | Legal Basis (EEA / UK / Georgia) | Legal Basis (California / U.S.) |
|---|---|---|
| Strictly Necessary | Legitimate interest + ePrivacy Directive Art. 5(3) exception | Required for service - opt-out doesn't apply |
| Functional | Consent (ePrivacy Art. 5(3); GDPR Art. 6(1)(a)) | Notice + opt-out |
| Analytics | Consent (ePrivacy Art. 5(3); GDPR Art. 6(1)(a)) | Notice + opt-out (CCPA/CPRA: opt-out of "sharing" if used for cross-context behavioral advertising) |
| Marketing | Consent (ePrivacy Art. 5(3); GDPR Art. 6(1)(a)) | Notice + right to opt out of "sale/sharing" - honored via banner and GPC |
6. How We Obtain Consent - and How You Can Change It
6.1 First Visit
When you first visit our website from a jurisdiction where consent is required (EEA, UK, Switzerland, Georgia, certain other countries), you will see a cookie banner with three equally prominent buttons:
- "Accept All" - consents to all categories
- "Reject All" - accepts only strictly necessary cookies
- "Customize" - opens granular per-category controls
The banner conforms to current regulator guidance from the CNIL (France), the ICO (UK), the Garante (Italy), and the EDPB, including:
- "Reject All" must be as easy and prominent as "Accept All";
- consent is opt-in, not opt-out - non-essential cookies are not loaded until you accept;
- consent is granular by category;
- no "consent walls" that condition site access on accepting cookies;
- consent records are kept (date, time, IP, choice, banner version);
- consent is renewed periodically (typically every 12 months) and after material changes.
6.2 Changing Your Choices
You can change your cookie preferences at any time:
(a) Via our footer link: Click "Cookie Preferences" at the bottom of any page on followup.agency to reopen the granular consent panel.
(b) Via your browser: Most browsers allow you to view, delete, and block cookies - see your browser's Help section. Common browsers:
- Chrome: chrome://settings/cookies
- Firefox: Settings → Privacy & Security
- Safari: Preferences → Privacy
- Edge: Settings → Cookies and site permissions
Note: deleting all cookies via your browser will also delete the consent record, and you'll be asked to make your choice again on next visit.
(c) Via Do Not Track / Global Privacy Control: see Section 7.
6.3 Withdrawing Consent
Withdrawal of consent is as easy as giving consent. Withdrawal:
- takes effect for future processing - past processing remains lawful;
- is honored across our marketing surfaces;
- does not affect cookies that are strictly necessary.
7. Do Not Track (DNT) and Global Privacy Control (GPC)
7.1 Do Not Track
"Do Not Track" (DNT) is an outdated browser signal that has not achieved consistent adoption across the industry. We do not currently respond to DNT signals, in line with most websites and the lack of a consistent regulatory standard.
7.2 Global Privacy Control (GPC)
Global Privacy Control (GPC) is a more modern signal that browsers and extensions can send to indicate the user's preference to opt out of "sale" or "sharing" of personal information.
We honor GPC signals as a valid opt-out for cross-context behavioral advertising for California residents under CCPA/CPRA, in line with California Attorney General guidance and recent enforcement actions (notably the Sephora settlement). When we detect a GPC signal, we treat it as a request to opt out of marketing/advertising cookies.
For non-California users, GPC signals will also cause us to refrain from loading marketing cookies, even where consent might otherwise be inferred.
8. International Visitors
8.1 Where Cookie Data Goes
Most cookies, especially those set by third parties (Google, Meta, LinkedIn, TikTok), result in personal data being transmitted to those third parties' servers - typically in the United States.
Cross-border transfers are governed by:
- EU-U.S. Data Privacy Framework (where the third party is certified, e.g., Google, Meta);
- EU Standard Contractual Clauses (SCCs) for transfers not covered by the DPF;
- equivalent UK and Swiss mechanisms.
8.2 Visitor Location and Banner
The cookie banner is shown based on your apparent location (determined by IP geolocation):
- EEA / UK / Switzerland / Georgia / California / states with active consent requirements: full banner with granular control, no pre-ticked boxes.
- Other jurisdictions where consent is not yet legally required: a notice or simplified banner, while still respecting your right to opt out.
If you believe you should have been shown a more protective banner than you saw (e.g., you are an EU resident accessing from elsewhere), please email info@followup.agency and we will treat your request as if you had been shown the EU banner.
9. Cookies in Mobile Apps
Where we make a mobile app available (currently limited or future scope), we use SDKs that perform cookie-like functions: device identifiers, advertising IDs (IDFA on iOS, GAID on Android), session storage. Equivalent consent and opt-out controls apply, in line with Apple's App Tracking Transparency (ATT) framework and Google's privacy rules. You can also reset advertising IDs in your device settings.
10. Specific Notes About AI and Embedded Tools
10.1 AI Demos and Chatbots
If you interact with an AI chatbot or AI demo on our marketing site, the underlying AI service (e.g., OpenAI, Anthropic, ElevenLabs) may receive your input. We minimize what is sent and require Sub-processors to delete inputs after a short retention period. The AI Sub-processor's privacy policy applies to that processing - see the Sub-Processor Page at followup.agency/legal/sub-processors.
10.2 Embedded Video, Forms, Calendars
Embedded third-party widgets (YouTube/Vimeo videos, Calendly booking widgets, embedded forms) may set cookies of their own when you interact with them. Where reasonably possible, we use "privacy-enhanced" embed modes (e.g., YouTube's "no-cookie" embed at youtube-nocookie.com) and load these widgets only after consent.
11. Children
The Platform is intended for business users aged 18 or older. We do not knowingly direct cookies or other tracking technologies at children. If you believe we have inadvertently collected cookie data from a child, please contact info@followup.agency so we can investigate and delete.
12. Updates to This Cookie Policy
We may update this Cookie Policy as our cookie use evolves or as the law changes. Updates will be reflected in the "Last Updated" date at the top.
For material changes (e.g., adding a new category of marketing cookies, changing how consent is captured), we will:
- update the cookie banner to require renewed consent;
- send an email notification to active customers where appropriate;
- post a notice on our website.
For non-material updates (clarifications, corrections, addition of a single new analytics provider that fits an existing consented category), we will simply update the inventory in Section 4.
A change log of material updates is available on request at info@followup.agency.
13. Contact and Complaints
For questions, requests, or complaints about cookies or this Policy:
Sales Consulting Group LLC (operating as FollowUP CRM) Bakhtrioni 11, Tbilisi, Georgia Company ID: 405727254
- Privacy / cookies: info@followup.agency
If we fail to address your concern, you may complain to:
- Georgia: Personal Data Protection Service of Georgia, personaldata.ge
- EEA: the supervisory authority of your habitual residence
- UK: Information Commissioner's Office (ICO), ico.org.uk
- California: California Privacy Protection Agency (CPPA), cppa.ca.gov
End of Cookie Policy v2.0
