cookie policy

Privacy Policy

Cookie Policy

Last updated: July 7, 2026

This Cookie Policy applies to zettla.com and all of its subdomains (collectively, the “Platform”). It explains how Zettla uses cookies and similar technologies, including local storage, pixels, and analytics tools. As the Platform serves users internationally, we implement cookie and privacy practices intended to comply with applicable data protection and ePrivacy laws.
This Cookie Policy should be read together with our Privacy Policy.

  1. Footprints on the sand

Browsing the web is a bit like walking along a beach in Punta Cana – you leave footprints as you go. Which pages you visited, what caught your eye, how long you lingered. Some of those traces are necessary just to walk at all; others simply help us understand where the path could be smoother.

This page exists to do three things, in plain language:

1. Show you exactly what traces exist when you visit the Platform – every cookie, by name;

2. Explain what we do with them – and, just as importantly, what we will never do;

3. Put the controls in your hands – right here, on this page.

One thing before we start, because it makes Zettla different from most websites you'll visit today: we run our own tools on our own server. Our analytics and our booking calendar are self-hosted – the data they collect stays within our infrastructure and is never sold, shared, or sent to advertising networks. No Google Analytics. No Facebook pixel. No ad-tech. Just us, trying to build a better platform.

And like footprints on the sand, most traces here don't last: session recordings wash away after 30 days, analytics events after 12 months.

2. Your choices

Cookies are small text files placed on your device when you visit a website. Similar technologies include browser local storage, session storage, pixels, and analytics SDKs that store or read information on your device.

We group them by how long they last – session (deleted when you close your browser) or persistent (remain until they expire or are deleted) – and by who sets themfirst-party (set by Zettla) or third-party (set by a provider acting on our behalf).

3. Your consent and how we handle it

Essential Cookies – Always on Required for security, authentication, and remembering your privacy preferences. These cookies do not track your activity or collect data for advertising.

Analytics – Off until you say yes Help us understand how visitors use Zettla so we can improve performance, usability, and the overall experience. Analytics are hosted on our own infrastructure and are never shared with third-party advertising networks.

Functional – Off until you say yes Enable optional features – such as the appointment booking calendar – and remember their settings for a smoother experience.

You can change your mind at any time. Withdrawing consent is one click – the same "Cookie Settings" link in the footer, on every page. Your choice is remembered for up to 12 months; after that, or if we ever add a new category, we'll ask you again.

Until you click "Accept", nothing optional runs. If you click "Reject", only the essentials operate. That's not a loophole we found – it's how European law says it should work (ePrivacy Directive Art. 5(3); Spain LSSI-CE Art. 22.2), and we think it's how the web should work everywhere, so we apply it to every visitor, wherever you are.

4. Categories of technologies we use

4.1 Essential Cookies – the footprints you can't walk without

These keep the Platform working, secure, and able to remember what you told us about your privacy. They cannot be switched off, because without them the site simply doesn't function.

Technology

Provider

What it does

Storage / duration

Cookie consent record

Zettla (first-party, local storage)

Remembers your cookie choices so we don't ask on every visit – and so we only ever load what you allowed

Persistent – up to 12 months

Bot/abuse protection (Turnstile)

Cloudflare (processor)

Protects our sign-up, login, and contact forms from bots and automated abuse

Session / short-lived token

sb-*-auth-token
Authentication session

Supabase (processor)

Keeps you securely signed in – set only if you create or log into an account

Session + token refresh

None of these track you across other websites or build any kind of profile.

4.2 Analytics – the footprints that help us smooth the path

Only after you enable them. We use PostHog, running entirely on Zettla's own server located in the United States. Because we host it ourselves, nothing is sent to PostHog Inc. – or to anyone else.

With your consent, we collect:

  • Pages and navigation – what you view, in what order, how long, and where you came from;

  • Interactions – clicks, scrolls, menu and button use;

  • Approximate location – country/city level, resolved at our network edge by Cloudflare; your full IP address is not displayed in our reports;

  • Device and browser – type, screen size, operating system, language;

  • Session replays – a playback of mouse movement, clicks, and navigation that helps us find and fix usability problems. Anything you type into a form is masked and never recorded.

Technology

Provider

What it does

How long it stays

ph_*
cookies & local storage

PostHog (self-hosted by Zettla)

Distinguishes your visit from others, links events within a session, powers session replay

Events kept 12 months; recordings 30 days

If you're logged in, analytics events may be linked to your account identifier so we can understand the experience of registered users – again, only after you've said yes.

4.3 Functional – the footprints that remember your preferences

Only after you enable them. Right now this category powers one thing: our appointment booking calendar (Cal.com) – also self-hosted, on the same server. No booking data goes to Cal.com Inc. or anyone else.

Technology

Provider

What it does

How long it stays

Cal.com session & preferences

Cal.com (self-hosted by Zettla)

Runs the booking calendar and remembers your selected time zone and booking preferences

Session / short-lived

If you keep Functional off, booking pages will show a simple button to switch it on before the calendar appears. Turn it off later and the calendar will just ask again next time you want to book. Never used for tracking or advertising.

4.4 Marketing – the footprints we don't make

Zettla does not set advertising or cross-site marketing cookies. Not "currently, subject to change without notice" – if this ever changes, we will update this page and ask for your separate, specific consent before anything is activated.

For our visitors from California and elsewhere in the United States, in the words of your own law: we do not sell your personal information, and we do not share it for cross-context behavioral advertising. That's why you won't find a "Do Not Sell or Share My Personal Information" link here – there is nothing to opt out of. If your browser sends a Global Privacy Control (GPC) signal, we honor it as an expression of that same choice.

5. A note on email

Separately from website cookies: when we send you service emails (payment plan documents, account notifications), we use Resend as our delivery processor. These emails may contain standard delivery/open indicators. It's not a website cookie, but you deserve to know. Details in our Privacy Policy.

6. Who touches your data

Software we host ourselves (data stays on Zettla's own server and is never shared with the software vendors): PostHog (analytics), Cal.com (booking).

Processors acting under our instructions:

Provider

Role

Notes

Cloudflare

Bot protection / network security

Processes connection data to protect forms

Supabase

Authentication & database

Stores account and authentication data

Resend

Transactional email delivery

Processes recipient email + message content

Google Workspace

Business email

Used for Zettla’s own correspondence

Where your data is processed. Zettla's own server – where our self-hosted analytics and booking tools run – is located in the United States. For visitors in the EU/EEA, this means that data collected by these tools is processed outside the EEA. We safeguard this in two ways: our hosting provider is bound by a Data Processing Agreement incorporating the EU Standard Contractual Clauses, and each of our other providers (Cloudflare, Supabase, Resend, Google Workspace) processes data under a Data Processing Agreement, with transfers outside the EU/EEA covered by the EU Standard Contractual Clauses or the EU-US Data Privacy Framework, as applicable.

7. Your rights – all of them, for everyone

If you are in the EU/EEA residents (and we extend these rights to all users), you have the right to:

  • Access the personal data we hold about you;

  • Rectify inaccurate data;

  • Erase your data ("right to be forgotten");

  • Restrict or object to processing;

  • Take your data with you (data portability);

  • Withdraw consent at any time (via "Cookie Settings"), without affecting what was lawfully processed before.

To exercise any right, contact us at: privacy@zettla.com.

You may also lodge a complaint with a supervisory authority – for users in Spain, the Agencia Española de Protección de Datos (AEPD), www.aepd.es.

If you are a California resident, the rights above cover everything the CCPA/CPRA grants you and more: the right to know what we collect (this page), to delete, to correct, and to non-discrimination for exercising your rights. Since we do not sell or share personal information, the CCPA opt-out right has nothing to apply to. The same email works: privacy@zettla.com.

8. How to manage cookies

You can control technologies in two ways:

  1. On the Platform – your cookie preferences can be configured through the cookie banner displayed on your first visit to the Platform. You may review or modify your preferences at any time by visiting this Cookie Policy page and selecting the “Manage Preferences” button located in the top section of this page.

  2. In your browser – most browsers let you block or delete cookies and local storage. Note that disabling strictly necessary items may break sign-in or other functionality.

Helpful browser guides: Chrome, Safari, Firefox, and Edge each provide cookie controls in their privacy settings.

9. Data controller

The data controller for the Platform is:
Zettla S.R.L., RNC: 1-33-58846-3.
Registered Address: Dominican Republic, Higüey, La-Altagracia Province, Punta Cana, Av. Alemania, Residencial Palma Real Villas / Cocotal, Condominio "Reserva Real", Apt. No. D - 205.
Email: privacy@zettla.com

EU representative: to be appointed.

10. Changes to this policy

We may update this Cookie Policy to reflect changes in technology, law, or our practices. Material changes will be notified on the Platform, and where required, we will request fresh consent. The "Last updated" date at the top section reflects the latest version.

11. Contact

Questions about this policy or your data: privacy@zettla.com