Cookies & Tracking Technologies Policy
Compliant with GDPR (Art. 7, 21-22) + ePrivacy Directive (EU) + Swiss nLPD + California CCPA
Version 2.1 — January 2026
Preamble
This Policy explains how WonderLive Suisse SARL uses cookies, pixels, Local Storage, and similar technologies on:
- Website: wonderlive.com
- Mobile App: iOS & Android (WonderLive official)
- Web Platform: app.wonderlive.com
Objective: Ensure transparency + respect user consent.
All visitors, users, creators WonderLive (EU, Switzerland, global).
1
Types of Cookies Used
1.1 Essential Cookies (No Consent Required)
These cookies are necessary to function. GDPR exempts consent.
| Cookie | Domain | Duration | Purpose | Technically Essential |
|---|---|---|---|---|
| session_id | wonderlive.com | Session (~30d) | Keep you logged in | YES |
| auth_token | wonderlive.com | Session (~30d) | Verify authentication | YES |
| csrf_token | wonderlive.com | Session | Form protection | YES |
| user_preferences | wonderlive.com | 1 year | Save UI preferences (language, dark mode) | YES |
| consent_banner_seen | wonderlive.com | 1 year | Remember banner already seen | YES |
| video_quality_preference | app.wonderlive.com | 90d | Preferred video quality | QUASI-ESSENTIAL |
| device_fingerprint | wonderlive.com | 2 years | Fraud/anomaly detection | QUASI-ESSENTIAL |
Automatically accepted, no consent banner required for these.
1.2 Functional / Preferences Cookies (Consent Recommended)
Improve user experience but not technically essential.
| Cookie | Domain | Duration | Purpose | Consent |
|---|---|---|---|---|
| theme_preference | wonderlive.com | 1 year | Keep dark/light mode | Opt-in (but acceptable without) |
| video_playback_speed | app.wonderlive.com | 6 months | Preferred video speed | Opt-in |
| language_preference | wonderlive.com | 1 year | Interface language | Opt-in |
| content_recommendations | app.wonderlive.com | 90d | Preferred content type | Opt-in |
Included in "Accept preferences" (consent banner).
1.3 Analytics Cookies (Consent Required)
Track platform usage for product improvement. GDPR requires explicit consent.
| Cookie/Pixel | Third-Party | Duration | Data Collected | Consent |
|---|---|---|---|---|
| _ga | Google Analytics 4 (GA4) | 13 months | Anonymized events (pages, clicks, duration) | Opt-in |
| _gid | Google Analytics 4 | 24h | Session ID | Opt-in |
| _gac_* | Google Analytics 4 | 90d | Google Ads campaign attribution | Opt-in |
| mp_* | Mixpanel (product analytics) | 1 year | Product events (features used, duration, errors) | Opt-in |
| amplitude_* | Amplitude (retention analytics) | 1 year | Retention, cohort analysis, churn risk | Opt-in |
| Hotjar_* | Hotjar (heatmaps) | 365d | Heatmaps, session recordings (anonymous) | Opt-in |
Opt-in only via "Accept analytics" (banner).
GA4 = minimized IP, Mixpanel = pseudonymized events.
1.4 Advertising & Retargeting (Consent Required)
Track for personalized ads on Google, Meta, TikTok, etc. GDPR strictly requires consent.
| Pixel/Cookie | Network | Duration | Purpose | Consent |
|---|---|---|---|---|
| _fbp | Meta (Facebook Pixel) | 90d | Retargeting ads Facebook/Instagram | Opt-in |
| _fbc | Meta | 90d | Conversion tracking | Opt-in |
| fr | Meta | 90d | Audience building | Opt-in |
| _gcl_au | Google Ads | 90d | Ad conversion tracking | Opt-in |
| NID | Google Ads | 6 months | Ad personalization | Opt-in |
| tt_appInfo | TikTok Pixel | 1 year | TikTok audience building (if WonderLive creator) | Opt-in |
| RUID | RubiconProject (programmatic ads) | 1 year | RTB bidding, audience segment | Opt-in |
WonderLive does not directly share data with ad third-parties. Only tracking pixels (user sees WonderLive → pixel fires → platform knows user interested).
1.5 Other Tracking Technologies (Non-Cookies)
Local Storage (Browser-side storage)
| Item | Domain | Duration | Purpose |
|---|---|---|---|
| drafts_video_title | Local Storage | Until cleared | Temporary video draft (local machine) |
| theme_setting | Local Storage | Indefinite | Dark/light mode (synced with cookie) |
| viewer_feed_position | Local Storage | Session | Save scroll position feed |
| recent_searches | Local Storage | 30d | Recent searches (local) |
All local storage readable via Developer Tools (Ctrl+Shift+I → Application tab).
Web Beacons / Pixels (Invisible tracking)
| Type | Third-Party | Purpose | Consent |
|---|---|---|---|
| Email Pixels | SendGrid, Braze | Track email opens, clicks | Opt-in (email marketing) |
| Conversion Pixels | Google Ads, Meta, Pinterest | Track signups, purchases | Opt-in (ads) |
| Server-Side Tracking | Google Tag Manager, Segment | Track events server-side (private) | Implicit acceptance |
Consent for email marketing = consent for email pixels.
Device ID (Mobile Apps)
| ID Type | Platform | Duration | Purpose |
|---|---|---|---|
| IDFA | iOS | Lifetime (unless reset by user) | Ad tracking, analytics (GDPR consent required) |
| AAID | Android | Lifetime (unless reset by user) | Ad tracking, analytics (GDPR consent required) |
| Fingerprint | WonderLive server | 2 years | Fraud detection (legitimate interest) |
iOS users can reset IDFA in Settings. Android users can reset AAID in Google Settings.
2
Cookie Consent Banner (GDPR Compliant)
2.1 Design & Placement
Banner appears: First visit OR after consent expiration
Placement: Bottom of page (UK ICO compliant, user can still interact)
2.2 Buttons & Actions
Accept All
- - Essential + Analytics + Retargeting
- - Must have explicit opt-in (GDPR)
Refuse All
- - Essential ONLY
- - Service works normally (no degradation)
- - Ads become non-personalized (contextual)
Customize
Detailed panel with toggles per category
2.3 Transparent Accordion
Essential (Non-toggle)
Always enabled. Necessary to function.
Cookies: session_id, auth_token, csrf_token
Analytics (Toggle)
Disabled by default (opt-in)
Cookies: _ga (Google Analytics 4), mp_* (Mixpanel)
Retargeting & Ads (Toggle)
Disabled by default (opt-in)
WonderLive does NOT share your data with ad networks. Only tracking pixels (anonymous).
3
Consent Management (CMS)
3.1 Consent Tracking & Storage
How we remember your decision:
- Stored locally: Your browser (not WonderLive server)
- Memory duration: 13 months (GDPR compliant)
- After 13 months: Re-ask consent (new data)
3.2 Consent Withdrawal (Anytime)
Where to withdraw consent:
In-app / Website
- - Settings → Cookie Preferences
- - Toggle off what you want to refuse
- - Changes applied immediately
- - Footer of every marketing email
- - "Unsubscribe" link
- - Immediate removal from list
Contact DPO
- - Email: dpo@wonderlive.com
- - Subject: "Withdrawal of consent"
- - Processed within 5 business days
4
Cookies by Jurisdiction
EU Residents (Strict GDPR)
- Consent must be explicit, informed, unambiguous (Art. 7)
- Pre-ticked boxes = NOT COMPLIANT (EDPB guidance)
- Cookies EXCEPT essential = opt-in required
- Right to withdraw anytime (Art. 7.3)
- Right to object to direct marketing (Art. 21)
- + Banner NOT pre-ticked
- + "Accept all" must == explicit opt-in (not implicit)
- + "Refuse all" = equally easy
- + Granular choices (customize)
- + Easy withdrawal (settings)
Swiss Residents (nLPD)
- Cookies = data processing = requires legal basis
- Non-essential = consent
- Cookies listed in policy
- Right to object to marketing (Art. 31)
- + This complete policy
- + Granular consent
- + Right to withdraw
UK Residents (UK GDPR + PECR)
- Privacy and Electronic Communications Regulations (PECR)
- Cookies ≠ strictly necessary = explicit opt-in required
- Soft opt-in possible for email (existing customer)
- + Opt-in banner (non-tickboxes)
- + Email soft opt-in acceptable (existing users)
California Residents (CCPA)
- CCPA: "Do Not Track" right
- Right to know about cookies
- Right to refuse data sale
- + "Do Not Track" button in preferences
- + Cookie disclosure complete
- + Data sale refusal respected
5
Similar Technologies (Non-Cookies)
Local Storage
Stored locally on your browser (not on WonderLive server).
- Video drafts (temporary save)
- Feed scroll position
- Search history
- UI preferences
IndexedDB
Advanced storage (HTML5) for real-time analytics.
- Events offline queue (sync when back online)
- Large datasets (heatmaps, recordings)
6
Third-Party Cookies
Google Analytics
- - Browser extension: "uBlock Origin" (blocks GA)
- - Google Ad Settings: adssettings.google.com
- - Opt-out globally: optout.aboutads.info
Meta (Facebook)
- - Ad Preferences: facebook.com/ads/preferences
- - Meta Opt-Out: facebook.com/off_facebook_activity
General Opt-Out
- - Network Advertising Initiative: optout.networkadvertising.org
- - Digital Advertising Alliance: optout.aboutads.info
What We DON'T Do
- - Sell cookies data to brokers
- - Share directly with ad networks (only pixels)
- - Use 3rd party data augmentation
- - Track across non-WonderLive sites (except our pixels)
- - Use intrusive cross-device tracking
7
Cookies by Feature
Tips / Payments
| Cookie | Third-Party | Duration | Purpose |
|---|---|---|---|
| payment_session_id | Stripe | Session | Secure payment session |
| fraud_risk_score | WonderLive | Session | Detectable anomalies |
| last_payment_method | WonderLive (encrypted) | 1 year | Offer saved payment method |
Video Streaming
| Cookie | Purpose | Duration |
|---|---|---|
| video_quality_preference | Auto select quality | 90d |
| playback_speed_preference | Playback speed | 90d |
| video_playback_position | Resume where you left off | 30d |
| viewer_region | Optimize CDN (Cloudflare) | Session |
Notifications
| Cookie | Purpose | Duration |
|---|---|---|
| notification_permission | Track user permission state | Indefinite |
| last_notification_time | Avoid notification spam | 1 day |
| notification_preference_app | In-app notification settings | Indefinite |
Personalization
| Cookie | Purpose | Duration |
|---|---|---|
| content_recommendation_seed | Personalize home feed | 6 months |
| watched_creators | Track creators you follow | 13 months (GA4) |
| search_history | Personalize search results | 30 days (local) |
8
Cookie-Free Alternatives
WonderLive offers cookie-less versions:
How to use
- - Settings → Privacy → Disable All Cookies
- - Platform works fully (no feature loss)
- - Ads become contextual (not personalized)
9
Chatbot & Live Chat Tracking
Intercom (Customer Support Chat)
- - Delete chat history anytime
- - Opt-out live chat (support@wonderlive.com)
10
Social Media Buttons
"Share on X" / "Share on TikTok"
- - TikTok / X / Instagram cookies may fire
- - WonderLive not responsible for their tracking
- - Their privacy policy applies
Our button: Just redirects, doesn't pre-load
11
Tracking Pixels & Retargeting in Email
Email Marketing Pixels
When you open WonderLive email:
- - Invisible pixel fires (1x1 pixel image)
- - Records: open time, email client, IP, device
12
Server-Side Tracking (GDPR Exemption Possible)
Google Tag Manager (Server-Side)
- - Client-side: Tracking happens in your browser (transparent)
- - Server-side: Tracking happens on WonderLive servers (hidden)
13
Retention & Deletion
| Type | Retention | After Deletion |
|---|---|---|
| Session cookies | Until logout | Immediate |
| Preference cookies | 1 year | Forgotten |
| Analytics (GA4) | 13 months | Data deleted from GA4 (not WL server) |
| Marketing pixels | 90 days | Pixel stops firing |
14
Special Cases
Minors Under 16 (GDPR Art. 8)
For EU users under 16:
- - Non-essential cookies = parental consent required
- - WonderLive prompts parent email if under 16
- - Parent must consent for marketing/analytics
15
Changes to This Policy
When Policy Updated
- - GDPR/nLPD regulation changes
- - New cookies added
- - New third-parties added
- - User feedback
16
Resources & Further Reading
Your Rights (Extract Links)
Browser Privacy Settings
17
Cookie Audit Summary
Last Audit: January 2026
Total Cookies: 27 unique cookies/pixels
- - Essential: 7 cookies
- - Preferences: 4 cookies
- - Analytics: 6 cookies/pixels
- - Marketing/Ads: 7 pixels
- - Other: 3 (heatmaps, engagement)
18
Contacts & Support
| Question Type | Contact | Response Time |
|---|---|---|
| Data access / GDPR rights | dpo@wonderlive.com | 30 days |
| Opt-out specific cookie | dpo@wonderlive.com | 5 business days |
| Technical issue (cookies breaking) | support@wonderlive.com | 48 hours |
| Report privacy concern | dpo@wonderlive.com | 72 hours |
19
Legal Basis Summary (GDPR Art. 6)
| Cookie Category | GDPR Art. 6 | Justification |
|---|---|---|
| Essential | 6.1.b (Contract) | Necessary provide service |
| Preferences | 6.1.a (Consent) | User preferences (opt-in) |
| Analytics | 6.1.a (Consent) | Improve product (opt-in) |
| Marketing/Ads | 6.1.a (Consent) | Personalized ads (opt-in) |
| Fraud Detection | 6.1.f (Legitimate) | Security, prevent abuse |
Signature & Acceptance
By using WonderLive, you accept this Cookie Policy.
WonderLive Commitment
- + Cookies tracked, identified, consent requested
- + Respect cookie choices (withdrawal anytime)
- + Data protected, secure transmission
- + Third-parties governed by DPA contracts
Cookie Policy v2.1 Final
January 2026
Compliant with GDPR (EU) + ePrivacy Directive + Swiss nLPD + California CCPA
"We use cookies to serve you better. You control. You decide."