Cookies and consent
Cookie Policy
This Cookie Policy explains how Fred uses cookies and similar technologies on the public website and related public surfaces, how consent is collected, and which providers are currently evidenced on the production web perimeter.
- Last updated
- Effective date
- Version
- cookie-2026-06-19
- Applies to
- Public website visitors and related public surfaces, including website pages and connected public content experiences.
Scope: Cookies, local storage, tags, pixels, consent tools, website analytics, advertising measurement, and public web traffic protection.
CMP
CookieScript manages consent for the public website.
Tag delivery
Most third-party scripts are orchestrated through Google Tag Manager. PostHog is initialized directly in app code.
Confirmed providers
Cloudflare, CookieScript, PostHog, Google Analytics, Google Ads measurement, HubSpot, and Meta cookies are evidenced on production.
1. What this policy covers
Cookies are small text files or similar identifiers stored on a browser, device, or related client storage layer. Fred also uses related technologies such as local storage, scripts, pixels, server-side identifiers, and consent preferences where appropriate.
This policy covers the main public marketing site in this repository and related public surfaces operated under the Fred web perimeter. Some public content under /resources is delivered from a separate runtime surface and may not use the exact same implementation, but remains part of the overall public legal perimeter.
2. Consent collection and script orchestration
Fred uses CookieScript as the consent management platform for the public website. CookieScript stores consent state and exposes events that Fred uses to align analytics activation with the user's consent choices.
Most third-party website scripts are managed through Google Tag Manager. PostHog is initialized directly in the website code rather than through GTM, but should still follow the same consent boundary for non-essential use.
Where a visitor rejects non-essential categories, only strictly necessary cookies and security-related technologies should remain active. Where a visitor grants the relevant categories, analytics, advertising measurement, and related optional technologies may activate according to configuration.
3. Current production cookie inventory
The current production inventory is based on a CookieScript cookie report reviewed on June 19, 2026 together with repo and runtime evidence. Exact cookies may still vary by page, region, consent state, and public surface.
- Strictly necessary: cf_clearance, CookieScriptConsent, the PostHog cookie on .meet-fred.com, and Cloudflare bot-management cookies on HubSpot-related domains.
- Performance: Google Analytics cookies and HubSpot analytics cookies.
- Functionality: HubSpot functionality cookie hubspotutk.
- Targeting: Meta cookie _fbp and Google advertising measurement cookie _gcl_au.
The presence of a cookie in the inventory does not automatically mean it appears on every page or every jurisdictional path. Consent state, runtime configuration, and specific page integrations still matter.
4. Providers currently evidenced on the public website
Cloudflare supports public-site edge protection and Web Analytics and may set security or traffic-related cookies. CookieScript stores and manages consent preferences. Google services support tag management, analytics, advertising measurement, and related infrastructure where configured. HubSpot cookies indicate active marketing, analytics, meeting, banner, form, or related website tooling on at least part of the public perimeter. Meta targeting cookies indicate advertising or conversion-measurement tooling where enabled.
PostHog is used for website or product analytics in app code. Additional PostHog capabilities such as session recording or heatmaps must remain consent-gated and should only be enabled where Fred has configured them for the relevant surface and considers that use appropriate.
6. Changes and contact
Fred may update this Cookie Policy when providers, tracking configurations, consent tooling, public-site architecture, or legal requirements change. The latest version will be posted here with the revised date and version reference.
Questions about cookies, consent, or public-site tracking can be sent to the contact address below.
Contact
Questions about this document can be sent to [email protected].