This page explains every cookie and similar storage technology used on designedbyanthony.com and our related subdomains (admin.designedbyanthony.com, clients.designedbyanthony.com, api.designedbyanthony.com, designedbyanthony.online). It is generated from the actual code that ships to your browser, not a template — when we add or remove a vendor, this document updates with the code.
How consent works on this site
When you first visit, a banner appears at the bottom of the screen describing the categories of cookies we’d like to set. Nothing in the “Optional” categories below fires until you accept it. You can also click “Manage preferences” to toggle individual categories.
Your choices are remembered in a cookie named zaraz-consent until you clear your browser data or revisit the preferences. The banner reappears whenever we materially change the categories on this list.
The cookie banner is implemented through Cloudflare Zaraz, which is itself an essential service (see “Always-on” below).
Always-on (essential — no consent required)
These are strictly necessary for the site to load, stay secure, or function as you’d expect. The GDPR and ePrivacy Directive both treat strictly-necessary cookies as consent-exempt.
| Vendor | Cookie / storage | Purpose | Retention |
|---|---|---|---|
| Cloudflare (CDN + WAF) | __cf_bm, cf_clearance, cf_chl_* | Bot mitigation, DDoS protection, challenge-response | Session to 30 days |
| Cloudflare Zaraz | zaraz-consent | Stores your consent choices so we don’t ask again | 1 year |
| Cloudflare Turnstile | cf_turnstile_* (challenge solve) | Anti-spam on the audit + contact forms | Session |
| Crisp Chat | crisp-client/*, crisp_session_* | Powers the live chat widget when you open it. Loaded via Zaraz with “Skip Consent” because chat is a request to talk to us, not analytics. | 6 months |
| Cloudflare Access (admin / clients subdomains only) | CF_Authorization, CF_AppSession | Authenticates admin and client portal sessions. Not set on designedbyanthony.com itself. | 24 hours |
Optional — Analytics & Performance
| Vendor | Cookie | Purpose | Retention |
|---|---|---|---|
| Amplitude (via Cloudflare Zaraz) | cfz_amplitude, cfzs_amplitude | Helps us understand how visitors use the site so we can fix slow pages and broken flows. We don’t sell or share this data. | Up to 365 days |
If you decline this category, the cookies above are never set and no events are sent to Amplitude.
Optional — Marketing & Advertising
| Vendor | Cookie | Purpose | Retention |
|---|---|---|---|
| Google Analytics 4 (via Cloudflare Zaraz, IAB TCF v2 routed) | cfz_google-analytics_v4, _ga, _ga_* | Measures which marketing channels send us customers and which pages convert. Routed through the IAB Transparency & Consent Framework so granular TCF purposes are respected downstream. | 180–548 days depending on purpose |
This category covers all seven IAB TCF purposes that Google Advertising Products may use:
- Store and/or access information on a device
- Create profiles for personalised advertising
- Use profiles to select personalised advertising
- Use limited data to select advertising
- Measure advertising performance
- Understand audiences through statistics or combinations of data from different sources
- Develop and improve services
Declining this category blocks Google’s tags from firing and clears any existing _ga* cookies on next page load.
Error monitoring (server-side only)
We use Sentry to capture JavaScript errors and Worker exceptions. Sentry runs in a mode that does not set browser cookies and does not record session replays of normal visitors by default. If a JavaScript error fires while you’re on the page, Sentry transmits the error stack, the URL, your browser/OS string, and a redacted breadcrumb trail — but no form input values, no email addresses, and no cookies.
What is NOT on this site
For clarity, the following are explicitly NOT used:
- Facebook / Meta pixel
- LinkedIn Insight Tag
- TikTok Pixel
- Twitter / X conversion tracking
- Retargeting pixels of any kind beyond GA4 audience signals (which require the Marketing & Advertising category above)
- Session replay tools (Hotjar, FullStory, Mouseflow, etc.)
- Fingerprinting libraries
Changing your mind
Click the “Manage cookies” link in the footer at any time to re-open the preferences panel. Changes apply immediately — declined categories stop firing on the next page load.
In your browser, you can also delete the zaraz-consent cookie to reset all choices and see the banner again.
Questions
Email anthony@designedbyanthony.com with any cookie or data question. We respond personally within one business day.