Zemers Cookie Policy
Zemers is operated by VINCITUS MK S.R.L. (Romania), CUI 42840739, doing business as Zemers. Registered address: Str. Iosif Vulcan, Bistrița, Bistrița-Năsăud, Romania. Contact: hello@zemers.com
This Cookie Policy explains how VINCITUS MK S.R.L., CUI 42840739, doing business as Zemers (collectively referred to herein as "Zemers", "we", "our" or "us") uses cookies and similar technologies, what these technologies are, why we use them, and the rights you have to control our use of them.
This Cookie Policy should be read together with our Privacy Policy. If you have any questions or concerns about this Cookie Policy or its implementation, please contact us at hello@zemers.com, or as otherwise described in our Privacy Policy. This Cookie Policy is provided in accordance with the GDPR (EU Regulation 2016/679) and the EU ePrivacy Directive, as implemented in Romania. It applies to the entire Zemers platform, including the main Zemers website, creator storefronts under /@{username}, product and presentation pages, checkout flows, the Client area, the Affiliate dashboard, and any Creator dashboards.
Zemers is a multi-tenant platform, so the cookies and tracking technologies you may encounter come from two distinct layers:
Platform-level tracking (Zemers). A baseline of cookies and tracking technologies operated by Zemers itself is present across the entire platform — including the main Zemers website, every creator storefront, product page, checkout, Client area, and Affiliate dashboard. These cookies support essential platform functions (authentication, security, consent storage, affiliate attribution) and, where you give consent, platform-wide analytics and marketing measurement operated by Zemers.
Creator-level tracking (per storefront). In addition to the platform-level tracking, each Creator may activate their own tracking and analytics technologies on the pages of their own storefront (/@{username} and sub-pages, including product pages and checkout). These may include Google Analytics 4, Google Tag Manager containers, Meta (Facebook) Pixel, X (Twitter) Pixel, TikTok Pixel and other third-party tags that the Creator configures. The Creator acts as an independent data controller for these technologies and is responsible for ensuring their compliance with applicable laws.
The Zemers cookie consent banner manages both layers. When you make a choice in the consent banner (accept, reject, or selectively allow categories), your decision is applied to:
Zemers's own platform-wide analytics and marketing cookies, and
the analytics, advertising and tracking pixels that the Creator of the page you are visiting has activated.
In other words, if you reject "Analytics" cookies, neither Zemers's analytics nor the Creator's Google Analytics / GTM tags will load on subsequent page views. If you reject "Marketing" cookies, neither Zemers's marketing pixels nor the Creator's Meta / X / TikTok pixels will fire. Your choice is stored in the zemers_gdpr_consent cookie and applied uniformly across both layers.
Cookies. A cookie is a small text file that is sent to your device when you visit a website. When you visit the site again, the cookie allows it to recognize your browser. Cookies may store user preferences and other information. Cookies set by the website operator (in this case, Zemers) are called "first-party cookies." Cookies set by parties other than the website operator are called "third-party cookies." Third-party cookies enable third-party features or functionality (e.g., advertising, embedded content, analytics).
Local storage and session storage. These are browser features that allow a web application to store data locally on your device. Local storage persists across browsing sessions until cleared; session storage is deleted when you close the browser tab.
Other tracking technologies. Websites also use web beacons (tracking pixels), third-party scripts, advertising pixels, and analytics SDKs.
This Cookie Policy refers to all these technologies collectively as "cookies."
Cookies may be session (deleted when you close the browser) or persistent (they remain for a defined period, up to a maximum of 13 months unless renewed through user interaction).
We use cookies for several reasons:
some are technically required to operate the platform ("strictly necessary" cookies);
others remember your preferences ("preferences" cookies);
others help us understand how the Service is used and measure performance ("analytics" cookies);
others support advertising and marketing measurement ("marketing" cookies);
some allow Creators to operate their own analytics and marketing on their storefronts ("creator-configured" cookies, governed by the same consent categories above).
Strictly necessary cookies are set on the basis of our legitimate interest in providing essential platform functionality (Article 6(1)(f) GDPR, in conjunction with Article 5(3) of the ePrivacy Directive). All other categories are set only after you provide consent through the cookie banner (Article 6(1)(a) GDPR).
We, our service providers, and Creator-configured third parties may automatically log information about your interactions with the Service, such as:
Device information: operating system, manufacturer and model, browser type, screen resolution, device type (phone, tablet, desktop), IP address, unique identifiers (including advertising identifiers where present), language settings, mobile network carrier, broad geolocation (typically country/region derived from IP).
Online activity information: pages or screens viewed, time spent on a page, referring URL, navigation paths, access times, and whether you open our marketing emails or click links within them.
Security and abuse-prevention events (IpEvent): signals related to repeated requests for verification codes, suspicious activity, or potential fraud.
These cookies are required to provide you with the Service. You can block them in your browser, but parts of the Service will not work. They are not used for advertising or profiling.
next-auth.session-token
Purpose: Keeps you logged in by storing a signed session token so the system can recognize you on each request.
Data stored: Encrypted session identifier (no plain-text password — Zemers uses passwordless authentication).
Duration: Up to 30 days.
Set by: Zemers (server, HttpOnly).
next-auth.callback-url
Purpose: Remembers the page you tried to access before login so the system can redirect you there after authentication.
Data stored: URL path.
Duration: Session.
Set by: Zemers (server).
next-auth.csrf-token
Purpose: Protects against cross-site request forgery during login and other authentication actions.
Data stored: Random security token.
Duration: Session.
Set by: Zemers (server, HttpOnly).
sv_impersonate
Purpose: Used when a Zemers super-administrator temporarily impersonates another account for support or troubleshooting. Ensures the correct identity is used server-side and audited.
Data stored: User identifier.
Duration: Session.
Set by: Zemers (server).
Stripe payment cookies (set on stripe.com / js.stripe.com)
Purpose: Fraud prevention, payment session management, and transaction security during checkout.
Data and control: Governed by Stripe's Cookie Policy. These cookies are necessary to complete a payment and are therefore treated as strictly necessary when you reach a checkout page.
zemers_gdpr_consent
Purpose: Stores your cookie consent choices for both Zemers platform-wide tracking and any Creator-configured tracking on storefronts, so we don't ask again on every visit and so we know which categories of cookies (analytics, marketing, preferences) we are allowed to set or load.
Data stored: Your consent choices for cookie categories, typically as a short value such as accept, reject or a small JSON object listing the allowed categories.
Duration: 365 days.
Set by: Zemers (client).
A corresponding record is also kept in our database as legal evidence of your consent.
These cookies enhance the performance of the Service (for example, by remembering your theme preference, language or layout). Without them, certain functionality may be reduced. UI preferences are typically stored in local storage rather than in cookies.
sv_affiliate_ref
Purpose: When you arrive on a creator's storefront or checkout through a referral link containing ?ref=CODE, this cookie stores the referral code so that a subsequent purchase can be attributed to the correct Affiliate and the commission can be calculated.
Data stored: The affiliate referral code (and the associated product/creator identifier where applicable).
Duration: Up to 30 days.
Set by: Zemers (client).
This cookie is used solely for attribution within the Zemers platform and does not track you across unrelated websites.
These cookies help us and Creators understand how the Service is used — for example, pageviews, navigation flows, conversion funnels and feature usage. They are loaded only after you give consent for the "Analytics" category in the cookie banner.
Analytics cookies on Zemers may include:
Platform-wide analytics operated by Zemers — used across the entire platform to measure aggregate usage and improve the Service.
Google Analytics 4 (_ga, ga*) — used either at platform level by Zemers, or activated by an individual Creator for their own storefront. Google Analytics is operated by Google Ireland Ltd. / Google LLC; see Google's Privacy & Terms and the GA opt-out add-on.
Other analytics tools loaded through a Google Tag Manager container configured either by Zemers (platform-wide) or by the Creator (on their own storefront).
Each provider processes data according to its own privacy policy.
These cookies are used to show you relevant content about products and services and to measure advertising effectiveness. They are loaded only after you give consent for the "Marketing" category in the cookie banner.
Marketing cookies on Zemers may include:
Platform-wide marketing pixels operated by Zemers for our own advertising and remarketing.
Meta (Facebook) Pixel (_fbp, fr) — activated either by Zemers at platform level or by a Creator for their own storefront. Operated by Meta Platforms Ireland Ltd.
X (Twitter) Pixel — activated by Zemers and/or by a Creator. Operated by X Corp.
TikTok Pixel (_ttp and related) — activated by Zemers and/or by a Creator. Operated by TikTok Ltd. / TikTok Technology Ltd.
Other advertising tags that Zemers or a Creator may load through their respective Google Tag Manager containers.
The maximum lifetime for marketing cookies is generally 13 months, unless refreshed through user interaction.
In addition to Zemers's platform-wide tracking, each Creator can connect their own analytics and marketing tools to their storefront. The tools Creators can configure currently include:
Google Tag Manager (their own container)
Google Analytics 4 (their own measurement ID)
Meta (Facebook) Pixel
X (Twitter) Pixel
TikTok Pixel
any additional tags that the Creator loads through their own GTM container
These Creator-configured trackers only run on the pages of that Creator's storefront (e.g., /@{username} and its sub-pages, including their product pages and checkout). They are loaded only after you have given consent for the corresponding category in the same Zemers cookie banner described above — your consent choice in zemers_gdpr_consent governs both Zemers-level tracking and any Creator-configured tracking on the page you are visiting.
Creator's role. When a Creator activates such tools, the Creator becomes an independent data controller for the data those tools collect through their storefront, and the Creator's own privacy and cookie notices apply in addition to this policy. Creators are responsible for ensuring that any tracking technologies they configure comply with applicable privacy and data-protection laws, including providing appropriate notices and respecting users' consent choices. Zemers technically enforces the consent gate (no Creator pixel will load before the matching category is consented to), but does not control how Creators configure, target or use the data collected through their own pixels.
When you proceed through a Stripe-hosted or Stripe-embedded checkout, Stripe sets its own cookies on stripe.com and related domains to support fraud prevention, payment session management and transaction security. These are described in Stripe's Cookie Policy and are treated as strictly necessary for processing a payment.
Some third-party providers loaded through this Service (for example Stripe, Google, Meta, X, TikTok or our email infrastructure provider) may process data outside the European Economic Area. When this occurs, the provider relies on safeguards such as EU Standard Contractual Clauses (SCCs), adequacy decisions where applicable, or other lawful transfer mechanisms under the GDPR. Further information is provided in our Privacy Policy.
Zemers relies on the following legal bases under the GDPR for the use of cookies:
Strictly necessary cookies: legitimate interest (Article 6(1)(f) GDPR) and the technical necessity exemption under Article 5(3) of the ePrivacy Directive.
Preferences cookies: user consent (Article 6(1)(a) GDPR).
Analytics cookies: user consent (Article 6(1)(a) GDPR).
Marketing cookies: user consent (Article 6(1)(a) GDPR).
Creator-configured analytics and marketing cookies: user consent (Article 6(1)(a) GDPR), captured through the same Zemers consent banner; the Creator is the controller for the resulting processing.
When you first visit any page on the Zemers platform — including a creator's storefront — you will be presented with a cookie consent banner that allows you to accept, reject, or selectively manage the use of non-essential cookies across both the platform layer and any Creator-configured layer on that page. We only set or load analytics, marketing, or preferences cookies after you give consent through this banner.
You may change or withdraw your consent at any time using the "Cookie Settings" or "Manage Cookies" option available on the website (typically in the footer). Withdrawing consent will prevent optional cookies and scripts from being loaded on future page views; it does not delete data that may already have been collected before consent was withdrawn. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
You can also limit online tracking by:
Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. For more information, visit www.allaboutcookies.org. Browser-specific instructions:
Blocking your mobile advertising ID in your device settings.
Using privacy-focused browsers or extensions such as Brave, Privacy Badger, Ghostery or uBlock Origin.
Advertising-industry opt-out tools:
Provider-specific opt-outs: for example, Google Analytics Opt-out Add-on and LinkedIn Cookie Policy.
These opt-outs are specific to the device and browser on which they are exercised, so you will need to apply them on each device and browser you use.
Do Not Track. Some browsers can send "Do Not Track" signals. There is no consistent technical standard for these signals, so Zemers manages consent through the cookie banner and preference center rather than DNT. For more information, see allaboutdnt.com.
On our site: You can change your cookie preferences at any time using the "Manage Cookies" or "Cookie Preferences" link available on the website (for example in the footer or on this page). You may also delete the zemers_gdpr_consent cookie through your browser settings; if you remove it, we will treat you as having given no consent for optional cookies, and the consent banner will appear again on your next visit.
Browser settings: Most browsers allow you to block or delete cookies. Note that blocking all cookies may prevent you from logging in or using parts of the Service that depend on strictly necessary cookies.
Third-party cookies: For cookies set by third-party services such as Google, Meta, X, TikTok or Stripe, please refer to their respective privacy and cookie policies. They may also offer their own controls to opt out of certain processing.
Session and authentication cookies: Stored only for the duration necessary to maintain your session, or for the periods set out in the table above (up to 30 days for the NextAuth session token).
Consent cookie (zemers_gdpr_consent): Stored for up to 365 days. You may delete it at any time through your browser settings or the in-product preference center.
Affiliate cookie (sv_affiliate_ref): Stored for up to 30 days for correct attribution of referrals.
Marketing and analytics cookies: Maximum lifespan of 13 months unless refreshed through user interaction.
Security. Cookies are transmitted over HTTPS. Session and authentication cookies are configured as HttpOnly (not accessible to JavaScript) and use SameSite and Secure attributes where appropriate to mitigate cross-site attacks.
We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for other operational, legal or regulatory reasons. We will notify you of material changes prior to them becoming effective by posting the updated version on this page and, where appropriate, providing a more prominent notice. The date at the top of this Cookie Policy indicates when it was last updated.
If you have any questions about our use of cookies, please email us at hello@zemers.com.
VINCITUS MK S.R.L. Str. Iosif Vulcan, Bistrița, Bistrița-Năsăud, Romania CUI: 42840739
Last updated: May 31, 2026