Cookie Policy
Last update: 10 November 2025
Summary
We use cookies and similar technologies to run our site/app, keep it secure, measure usage, and improve the product. We request prior consent for any non-essential cookies (analytics/measurement). You can manage choices via our cookie banner and “Cookie Settings”.
Controller
WISECOMPANY, S.A., Rua 25 de Abril, N.º 49, 2080-382 Benfica do Ribatejo, Portugal
Contact: info@govwise.ai
What cookies & similar tech are
- Cookies: small files stored on your device.
-
SDKs, localStorage and pixels: similar technologies used in web apps.
Some tools (e.g., Microsoft Clarity, Google Analytics 4) only load after consent.
Legal basis
- Strictly necessary: legitimate interest/performance of the service (no consent).
- Analytics/measurement: consent (you can withdraw anytime).
Managing consent
- Use Accept / Reject / Customize on the banner.
- “Cookie Settings” in the footer lets you revisit choices.
- We implement Consent Mode v2 (Google) and Clarity consent signals; until consent, analytics scripts do not set cookies.
Categories
-
Strictly necessary (no consent)
Ensure authentication, routing and availability.
- Azure App Service: ARRAffinity, ARRAffinitySameSite – session affinity to an instance.
- Bubble (platform): session/auth and anti-fraud cookies (names vary by version).
- Security: session/CSRF tokens (environment-specific names).
-
Analytics & performance (consent)
Measure product usage and UX; we do not run behavioural advertising.
- Application Insights (Azure): ai_user (~1 year), ai_session (~30 minutes).
- Google Analytics 4 (GA4): _ga (2 years), _ga_<container-id> (2 years), _gid (24 hours). Configured without full IP and no ads network sharing.
- Microsoft Clarity: _clck (1 year), _clsk (1 day), CLID (1 year), plus Microsoft domain cookies (ANONCHK, MUID, SM) tied to consent.
- Functional/SDKs (if used) (may require consent)
- Firebase (Web/App): primarily uses localStorage for auth; some modules may set cookies depending on configuration.
- Mailjet: we use email pixels for delivery/open metrics in emails, not on the site. Embedded forms, if used, may set their own cookies.
Note: Names and lifetimes may change as vendors update their services. We keep this page current.
Cookie/SDK inventory (summary)
| Category | Vendor | Examples | Purpose | Typical Lifetime |
| Strictly necessary | Azure App Service | ARRAffinity, ARRAffinitySameSite | Session routing & availability | Session |
| Strictly necessary | Bubble | session/CSRF cookies (var.) | Authentication & security | Session |
| Analytics | Azure Application Insights | ai_user, ai_session | Telemetry & crash diagnostics | 30 min to 1 year |
| Analytics | Google Analytics 4 | _ga, _ga_<id>, _gid | Usage & product metrics | 24h to 2 years |
| Analytics | Microsoft Clarity | _clck, _clsk, CLID (+ MUID, ANONCHK, SM) | UX/session analytics (consent-based) | 1 day to 1 year |
| Functional/SDKs (if used) | Firebase | module-specific storage/cookies | Auth, metrics | Variable |
| Mailjet (píxeis em email) | — | Delivery/open metrics | Per email send |
Disable via browser
You can block/remove cookies in your browser settings. This may impact essential features.
Changes to this policy
We may update this page and will show the new “Last updated” date.
Contact