Cogoleto
IT EN
Privacy

Cookie policy

How and why cogole.to uses cookies — and how to manage them.

Last update: 3 June 2026.

This page describes the cookies used on cogole.to and how you can control them.

The cookie banner and the choices described here comply with the Italian Data Protection Authority's "Guidelines on cookies and other tracking tools" (Garante, decision of 10 June 2021 No. 231) and with Article 122 of the Italian Privacy Code (Legislative Decree 196/2003). The options to accept and to reject carry equal weight, and no non-technical cookie is installed before you make an explicit choice.

1. Technical cookies

These are necessary for the site to work correctly and do not require consent. They include:

  • cogoleto_consent — remembers your cookie banner choice (accepted / rejected).
  • __Host-cogoleto — session cookie, present only if you are signed in.
  • cogoleto-lang — remembers your preferred language (IT / EN).
  • cogoleto-theme — remembers the light / dark theme.
  • _GRECAPTCHA — set by Google reCAPTCHA on google.com when you submit a form; a necessary anti-spam / security measure (see §3).

There are also local preference cookies (opt-in) to remember settings such as layout or earned badges. We use no advertising or marketing cookies.

1a. How the banner works

On your first visit a two-layer banner appears. The first layer offers "Accept all", "Customize", and a clearly visible "X" close button which — as expressly contemplated by the Garante's 2021 guidelines — lets you continue with technical cookies only, i.e. it rejects all non-technical cookies in a single click, with the same immediacy as accepting. Choosing "Customize" opens a second layer where you toggle each category and then pick "Reject all", "Accept all", or "Save choices". There is no cookie wall and no dark pattern, and until you make a choice only the technical cookie required for the banner to work is set.

2. Analytics cookies (Google Analytics 4)

We use Google Analytics 4 (property G-JJBCRH4CTQ) to understand how the site is used in aggregate: most visited pages, devices, geography. Analytics cookies are only installed if you click "Accept" on the banner. We use Google Consent Mode v2, so until you accept, only anonymous signals without identifying cookies are sent to Google.

For Google's privacy policy see policies.google.com/privacy.

3. Google reCAPTCHA (all forms — anti-abuse)

Every form submission on the site — the contact form, sign-in (email magic link), and poll votes — is protected by Google reCAPTCHA v3 to block spam and automated abuse. Because this is a strictly necessary security measure for the action you are performing, it runs without requiring prior consent (art. 122 Italian Privacy Code — technical/necessary; and GDPR legitimate interest in network and information security, art. 6.1.f and recital 49). reCAPTCHA sets the technical cookie _GRECAPTCHA on the google.com domain (lifetime about six months) and sends Google your IP address, user-agent and interaction signals to compute an anti-spam risk score. Submissions scoring too low are rejected.

For the Google reCAPTCHA privacy policy see policies.google.com/privacy and the Terms of Service. Google may transfer this data outside the European Union (United States); the transfer is based on the Standard Contractual Clauses set out in EU decision 2021/914.

3a. Google One Tap — quick sign-in (opt-in)

If you enable the "Quick sign-in with Google (One Tap)" category in the cookie banner, the site loads the Google Identity Services script from accounts.google.com/gsi/client. The script automatically displays a "Sign in with Google" card in the top-right corner when you browse the site signed out. The category is disabled by default and kept as a separate row to make its third-party nature unmistakable.

Processing begins as soon as the script loads — even without a click. To build the prompt, your browser opens a connection to Google LLC (USA) and sends: your IP address, user-agent, the page URL (referrer), and — if you are already signed in to Google in the same browser — the identity of your Google account (name, email, profile picture). This happens before you take any action, because it is the prerequisite for building the personalised suggestion. If you choose to click the prompt, Google returns a signed token which we use to create your session on cogole.to, exactly like the existing "Sign in with Google" flow. Lawful basis: consent (art. 6.1.a GDPR + art. 122 Italian Privacy Code).

Cookies and storage. The script may set a g_state cookie on the accounts.google.com domain to remember if you recently dismissed the prompt (cooldown). No third-party cookie is set on the cogole.to domain by this feature. When you withdraw consent from the banner, the script is removed and the prompt is no longer shown.

US transfer. Google LLC is established in the United States. The transfer relies on the EU adequacy decision 2023/1795 (EU-US Data Privacy Framework) — Google LLC is self-certified under the framework — with the EU Standard Contractual Clauses (decision 2021/914) as a backup safeguard should the framework be suspended or struck down. For Google's privacy policy see policies.google.com/privacy.

Important. The site is fully usable without signing in and without One Tap: no content is gated and no feature requires this category to be enabled. Your choice does not affect the site experience in any way, in full compliance with the "freely given" consent requirement of art. 7.4 GDPR.

4. How to withdraw or change consent

You can change your choice at any time by clicking "Cookie preferences" in the footer of this site. Alternatively you can delete cogole.to cookies from your browser settings: the banner will be shown again on your next visit.

5. Contact

For any question about privacy or cookies, contact the site owner via the cogole.to channels.