Skip to content
    FollowUP Logo

    Cookie Policy

    Cookie inventory, consent mechanics, and ePrivacy compliance for followup.agency.

    FollowUP CRM - Cookie Policy

    Effective Date: 10 May 2026 Version: 2.0 Last Updated: 10 May 2026 Governing Language: English (Georgian translation provided for informational purposes only; in case of conflict, this English version controls.)


    📋 Quick Summary (TL;DR)

    • What this is. This Cookie Policy explains how FollowUP CRM (operated by Sales Consulting Group LLC, Georgia) uses cookies and similar technologies on followup.agency and within the FollowUP CRM Platform.
    • Your control. When you first visit our website from the EEA, UK, or another jurisdiction requiring it, you'll see a cookie banner asking your consent. You can accept all, reject all (except strictly necessary), or customize by category. You can change your choice at any time via the "Cookie Preferences" link in our website footer.
    • What we use. Strictly necessary cookies (always on), functional cookies (with consent), analytics cookies (with consent), and marketing cookies (with consent).
    • Third-party signals we honor. We respect Global Privacy Control (GPC) as a valid opt-out for cross-context behavioral advertising, in line with California law.
    • Full details below. Including a category-by-category cookie inventory.

    1. What Cookies Are

    Cookies are small text files that websites place on your device (computer, phone, tablet) when you visit them. They allow the website to remember your actions and preferences (language, login state, items in a cart, etc.) over time, so you don't have to re-enter them every time you return or move between pages.

    Similar technologies include:

    • Local storage and session storage (HTML5) - data stored in your browser, similar to cookies but with larger capacity and different expiration behavior.
    • Pixels (also called web beacons or tracking pixels) - tiny invisible images that signal to a server when an email is opened or a page is loaded.
    • Software Development Kits (SDKs) - code embedded in mobile apps that performs cookie-like functions.
    • Server-side tracking - including Conversion APIs (e.g., Meta CAPI), where data flows from our servers to advertising platforms instead of (or in addition to) browser-based pixels.
    • Fingerprinting - collection of device and browser characteristics (screen size, fonts, timezone, etc.) to identify a device. We do not engage in browser fingerprinting for tracking purposes.

    In this Policy, the word "cookies" includes all of these technologies unless context indicates otherwise.


    2. The Two Surfaces We Operate

    We use cookies in two distinct contexts:

    2.1 Our Marketing Website (followup.agency)

    When you visit our public website - landing pages, blog posts, pricing pages, signup flows - we use cookies to:

    • make the site work (load balancing, security, language preferences);
    • understand how visitors use the site (analytics);
    • show relevant ads on third-party platforms about our services (marketing).

    This Policy primarily addresses these website cookies.

    2.2 The FollowUP CRM Platform (After Login)

    When you are logged into the Platform, we use a smaller set of cookies, mostly strictly necessary for the Platform to function (session management, security, CSRF protection, feature flags). Marketing and advertising cookies are not loaded inside the logged-in Platform experience.

    Note. When you, as our Customer, deploy the Platform's website builder, funnel builder, or chat widget on your own websites for your end users, your cookie practices on those sites are your responsibility under data protection law. We provide tools (cookie banner integrations, consent capture features) that help you, but you are the controller in that context. See your DPA for details.


    3. Categories of Cookies We Use

    We classify cookies into four categories. The cookie banner you see on first visit lets you accept or reject categories independently (except "strictly necessary," which cannot be rejected because the site cannot function without them).

    3.1 Strictly Necessary Cookies

    Always loaded. No consent required (per ePrivacy Directive Art. 5(3) exception).

    These cookies are essential to operate our website and Platform - load balancing, secure form submission, login session, fraud prevention. Without them, the site would not function.

    3.2 Functional Cookies

    Loaded only with your consent.

    These cookies remember your preferences (language, region, accessibility settings, "remember me" on login forms) to provide a more personalized experience. They are not strictly necessary but improve usability.

    3.3 Analytics / Performance Cookies

    Loaded only with your consent.

    These cookies collect information about how visitors use our website - which pages are most popular, how visitors arrive, how long they stay, what errors they encounter. We use this to improve the website's structure, content, and performance.

    We use Google Analytics 4 (GA4) with IP anonymization enabled. Even with anonymization, certain regulators (notably the Austrian Datenschutzbehörde, the French CNIL, and the Italian Garante) have at various times raised concerns about Google Analytics. We rely on Google's certification under the EU-U.S. Data Privacy Framework as the lawful transfer mechanism. We do not claim that data collected by Google Analytics is "anonymous" - IP addresses and Client IDs are personal data under GDPR.

    3.4 Marketing / Advertising Cookies

    Loaded only with your consent.

    These cookies track your activity across websites to enable personalized advertising. They are typically set by third-party advertising platforms (Meta Pixel, Google Ads, LinkedIn Insight Tag, TikTok Pixel) when you visit our site, allowing those platforms to show you ads about FollowUP CRM elsewhere on the web.

    Transparency about what this means: when you accept marketing cookies, your visit to our site can be associated by third-party advertising platforms with your account on those platforms (Facebook, Google, LinkedIn, TikTok). The advertising platforms then use this data, combined with their own data about you, to show you our ads. You can reject this category, and you can also opt out independently with each advertising platform.

    We do not "sell" personal data for monetary consideration, but loading these cookies may constitute "sharing" under California's CCPA/CPRA. California residents can opt out via our cookie banner or by enabling Global Privacy Control (see Section 7).


    4. Detailed Cookie Inventory

    The cookies listed below are the actual technologies deployed on followup.agency as of the Effective Date. We update this inventory whenever we add, replace, or remove a tracking technology.

    Strictly Necessary

    Cookie NameProviderPurposeDurationType
    cookie_consentfollowup.agency (1st party)Stores your cookie banner choice12 monthsFirst-party
    __cf_bm / cf_clearanceCloudflareBot mitigation, DDoS protectionSession / 30 minutesFirst-party (set by Cloudflare on our domain)
    XSRF-TOKEN / csrf_tokenfollowup.agencyCross-site request forgery protectionSessionFirst-party
    session_idfollowup.agency / app.followup.agencyLogin session, authentication stateSession (or "remember me" duration)First-party
    Flitt / TBC Bank session cookiesPayment processor (Flitt)Secure checkout session, fraud preventionSessionThird-party (only loaded on checkout pages)

    Functional

    Cookie NameProviderPurposeDurationType
    lang_preffollowup.agencyRemembers language preference (Georgian / English)12 monthsFirst-party
    HighLevel chat widget cookiesHighLevel (LeadConnector)Maintains live chat session, recognizes returning visitors12 monthsThird-party (loaded by HighLevel when chat widget is opened)

    Analytics / Performance

    Cookie NameProviderPurposeDurationType
    _gaGoogle Analytics 4Distinguishes unique users24 monthsFirst-party
    _ga_<container_id>Google Analytics 4Stores session state for GA424 monthsFirst-party
    _gidGoogle AnalyticsDistinguishes users (24-hour)24 hoursFirst-party
    _gatGoogle AnalyticsThrottles request rate1 minuteFirst-party

    Marketing / Advertising

    Cookie NameProviderPurposeDurationType
    _fbpMeta (Facebook) PixelIdentifies browser for Meta ad delivery & measurement3 monthsFirst-party (set by Meta Pixel)
    _fbcMeta PixelTracks click-through from Facebook/Instagram ads3 monthsFirst-party
    frMetaAdvertising on Facebook3 monthsThird-party
    _gcl_auGoogle AdsConversion tracking for Google Ads campaigns3 monthsFirst-party
    IDE, DSID, NIDDoubleClick / Google AdsRetargeting, conversion tracking1-24 monthsThird-party
    li_sugr, bcookie, lidcLinkedIn Insight TagLinkedIn ad targeting and conversion trackingUp to 24 monthsThird-party
    _ttp, _tt_enable_cookieTikTok PixelTikTok advertising and conversion tracking13 monthsFirst-party

    Server-Side Tracking

    We may also use server-side conversion tracking (e.g., Meta Conversions API, Google Enhanced Conversions, server-side GTM) where conversion events flow from our servers to advertising platforms. This bypasses browser-based cookie limitations but is still subject to your consent - server-side tracking events are only fired where you have given consent for the relevant marketing category.

    Third-Party Privacy Policies

    Each third-party provider has its own privacy policy. For more information, see:


    5. Legal Basis for Each Category

    Cookie CategoryLegal Basis (EEA / UK / Georgia)Legal Basis (California / U.S.)
    Strictly NecessaryLegitimate interest + ePrivacy Directive Art. 5(3) exceptionRequired for service - opt-out doesn't apply
    FunctionalConsent (ePrivacy Art. 5(3); GDPR Art. 6(1)(a))Notice + opt-out
    AnalyticsConsent (ePrivacy Art. 5(3); GDPR Art. 6(1)(a))Notice + opt-out (CCPA/CPRA: opt-out of "sharing" if used for cross-context behavioral advertising)
    MarketingConsent (ePrivacy Art. 5(3); GDPR Art. 6(1)(a))Notice + right to opt out of "sale/sharing" - honored via banner and GPC

    6. How We Obtain Consent - and How You Can Change It

    6.1 First Visit

    When you first visit our website from a jurisdiction where consent is required (EEA, UK, Switzerland, Georgia, certain other countries), you will see a cookie banner with three equally prominent buttons:

    • "Accept All" - consents to all categories
    • "Reject All" - accepts only strictly necessary cookies
    • "Customize" - opens granular per-category controls

    The banner conforms to current regulator guidance from the CNIL (France), the ICO (UK), the Garante (Italy), and the EDPB, including:

    • "Reject All" must be as easy and prominent as "Accept All";
    • consent is opt-in, not opt-out - non-essential cookies are not loaded until you accept;
    • consent is granular by category;
    • no "consent walls" that condition site access on accepting cookies;
    • consent records are kept (date, time, IP, choice, banner version);
    • consent is renewed periodically (typically every 12 months) and after material changes.

    6.2 Changing Your Choices

    You can change your cookie preferences at any time:

    (a) Via our footer link: Click "Cookie Preferences" at the bottom of any page on followup.agency to reopen the granular consent panel.

    (b) Via your browser: Most browsers allow you to view, delete, and block cookies - see your browser's Help section. Common browsers:

    • Chrome: chrome://settings/cookies
    • Firefox: Settings → Privacy & Security
    • Safari: Preferences → Privacy
    • Edge: Settings → Cookies and site permissions

    Note: deleting all cookies via your browser will also delete the consent record, and you'll be asked to make your choice again on next visit.

    (c) Via Do Not Track / Global Privacy Control: see Section 7.

    6.3 Withdrawing Consent

    Withdrawal of consent is as easy as giving consent. Withdrawal:

    • takes effect for future processing - past processing remains lawful;
    • is honored across our marketing surfaces;
    • does not affect cookies that are strictly necessary.

    7. Do Not Track (DNT) and Global Privacy Control (GPC)

    7.1 Do Not Track

    "Do Not Track" (DNT) is an outdated browser signal that has not achieved consistent adoption across the industry. We do not currently respond to DNT signals, in line with most websites and the lack of a consistent regulatory standard.

    7.2 Global Privacy Control (GPC)

    Global Privacy Control (GPC) is a more modern signal that browsers and extensions can send to indicate the user's preference to opt out of "sale" or "sharing" of personal information.

    We honor GPC signals as a valid opt-out for cross-context behavioral advertising for California residents under CCPA/CPRA, in line with California Attorney General guidance and recent enforcement actions (notably the Sephora settlement). When we detect a GPC signal, we treat it as a request to opt out of marketing/advertising cookies.

    For non-California users, GPC signals will also cause us to refrain from loading marketing cookies, even where consent might otherwise be inferred.


    8. International Visitors

    8.1 Where Cookie Data Goes

    Most cookies, especially those set by third parties (Google, Meta, LinkedIn, TikTok), result in personal data being transmitted to those third parties' servers - typically in the United States.

    Cross-border transfers are governed by:

    • EU-U.S. Data Privacy Framework (where the third party is certified, e.g., Google, Meta);
    • EU Standard Contractual Clauses (SCCs) for transfers not covered by the DPF;
    • equivalent UK and Swiss mechanisms.

    8.2 Visitor Location and Banner

    The cookie banner is shown based on your apparent location (determined by IP geolocation):

    • EEA / UK / Switzerland / Georgia / California / states with active consent requirements: full banner with granular control, no pre-ticked boxes.
    • Other jurisdictions where consent is not yet legally required: a notice or simplified banner, while still respecting your right to opt out.

    If you believe you should have been shown a more protective banner than you saw (e.g., you are an EU resident accessing from elsewhere), please email info@followup.agency and we will treat your request as if you had been shown the EU banner.


    9. Cookies in Mobile Apps

    Where we make a mobile app available (currently limited or future scope), we use SDKs that perform cookie-like functions: device identifiers, advertising IDs (IDFA on iOS, GAID on Android), session storage. Equivalent consent and opt-out controls apply, in line with Apple's App Tracking Transparency (ATT) framework and Google's privacy rules. You can also reset advertising IDs in your device settings.


    10. Specific Notes About AI and Embedded Tools

    10.1 AI Demos and Chatbots

    If you interact with an AI chatbot or AI demo on our marketing site, the underlying AI service (e.g., OpenAI, Anthropic, ElevenLabs) may receive your input. We minimize what is sent and require Sub-processors to delete inputs after a short retention period. The AI Sub-processor's privacy policy applies to that processing - see the Sub-Processor Page at followup.agency/legal/sub-processors.

    10.2 Embedded Video, Forms, Calendars

    Embedded third-party widgets (YouTube/Vimeo videos, Calendly booking widgets, embedded forms) may set cookies of their own when you interact with them. Where reasonably possible, we use "privacy-enhanced" embed modes (e.g., YouTube's "no-cookie" embed at youtube-nocookie.com) and load these widgets only after consent.


    11. Children

    The Platform is intended for business users aged 18 or older. We do not knowingly direct cookies or other tracking technologies at children. If you believe we have inadvertently collected cookie data from a child, please contact info@followup.agency so we can investigate and delete.


    12. Updates to This Cookie Policy

    We may update this Cookie Policy as our cookie use evolves or as the law changes. Updates will be reflected in the "Last Updated" date at the top.

    For material changes (e.g., adding a new category of marketing cookies, changing how consent is captured), we will:

    • update the cookie banner to require renewed consent;
    • send an email notification to active customers where appropriate;
    • post a notice on our website.

    For non-material updates (clarifications, corrections, addition of a single new analytics provider that fits an existing consented category), we will simply update the inventory in Section 4.

    A change log of material updates is available on request at info@followup.agency.


    13. Contact and Complaints

    For questions, requests, or complaints about cookies or this Policy:

    Sales Consulting Group LLC (operating as FollowUP CRM) Bakhtrioni 11, Tbilisi, Georgia Company ID: 405727254

    If we fail to address your concern, you may complain to:

    • Georgia: Personal Data Protection Service of Georgia, personaldata.ge
    • EEA: the supervisory authority of your habitual residence
    • UK: Information Commissioner's Office (ICO), ico.org.uk
    • California: California Privacy Protection Agency (CPPA), cppa.ca.gov

    End of Cookie Policy v2.0