— Legal
Cookie Policy
Last updated May 25, 2026
What are cookies?
Serviceform’s website uses cookies to distinguish users from one another, enhance browsing experience, and improve site functionality. The company stores small files of letters and numbers on your browser or computer with your agreement. The term “cookies” in this notice encompasses similar technologies including pixels, local storage, and SDKs.
Legal basis
Serviceform relies on several legal frameworks:
- Strictly necessary cookies are deployed without prior consent under §205(2) of the Finnish Act on Electronic Communications Services and Article 5(3) of the ePrivacy Directive, as they are essential for providing requested services.
- All other cookies (analytical and marketing) require prior, freely given, specific, informed consent collected through the Serviceform Cookie Controller, as mandated by §205 of the Finnish Act and Article 6(1)(a) GDPR.
Types of cookies we use
- Strictly necessary — Required for website operation, including language preference, A/B test variant assignment, security, and load balancing. These cannot be disabled.
- Analytical — Help us see which pages work and which do not. Loaded only with consent.
- Marketing — Let us measure our ads and reach you again on other platforms. Loaded only with consent.
Specific third-party cookies
Strictly necessary
| Name | Provider | Purpose | Retention |
|---|---|---|---|
sf-consent-v1 | Serviceform | Stores your cookie consent choice. Set in browser localStorage. | Until cleared |
sf_hero_variant | Serviceform | A/B test hero variant — keeps the layout you see consistent across loads. | 90 days |
sf3pid + session | Serviceform (Mira) | Identifies your session with the Mira AI chat widget — the product demo on this site. EU-hosted on dash.serviceform.com. | 365 days |
cf_clearance | Cloudflare | Bot-protection challenge result. | 30 days |
__cf_bm | Cloudflare | Bot-management session identifier. | 30 minutes |
Analytical (consent required)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
ph_phc_…_posthog | PostHog (EU) | Distinct visitor ID, session ID and feature-flag state. EU-hosted, session replay with all inputs masked. | 365 days |
Marketing (consent required)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
_gcl_au | Google Ads | Conversion attribution for Google Ads campaigns. | 90 days |
_ga | Set by Google Tag (gtag.js). Distinguishes unique users. | 2 years | |
_ga_<id> | Per-property session counter created by gtag.js even in an Ads-only setup. | 2 years | |
IDE | Google DoubleClick | Set on doubleclick.net for ad measurement and remarketing. | 13 months |
Google Ads operates under Google Consent Mode v2: until you opt in, only cookieless modelled-conversion pings are sent.
We do not currently load Mixpanel, Hotjar, Sentry, GA4 (as a measurement property), LinkedIn Insight Tag, Facebook Pixel, X Ads, HubSpot, Leadfeeder, Dealfront, Reddit Pixel, Reb2b, ActiveCampaign, or Lemlist on this domain. If we add any of those later, they will appear in the Marketing or Analytical category above and require fresh consent.
Consent audit log
When you make a cookie choice, we record a pseudonymous audit entry in our ClickHouse cluster on European infrastructure. The entry stores: your decision (analytics / marketing booleans), the schema version, an ISO country code, and a one-way SHA-256 hash of your IP + user agent + a server-side secret. We never store your raw IP or any directly identifying information. The record is kept for 13 months, after which ClickHouse expires it automatically. This log exists solely so we can demonstrate, on request from you or a supervisory authority, that consent was given (GDPR Art. 7(1)).
Managing your preferences
Open the Cookie Preferences link at the bottom of any page to review or change your choice at any time. Selecting “Reject all” stops every non-essential cookie immediately and tells Google to model conversions cookielessly going forward. The control follows EDPB guidance and Finnish Traficom expectations: a “Reject all” option is presented with the same prominence as “Accept all.”
Browser-level controls are not valid consent mechanisms under Finnish law but serve as supplementary management tools. Deleting your localStorage will invalidate the consent record and re-show the banner on your next visit.
Contact and supervisory authority
Cookie-related questions should be directed to asiakaspalvelu@serviceform.com. Complaints regarding cookie handling compliance may be filed with the Office of the Data Protection Ombudsman of Finland (Lintulahdenkuja 4, 00530 Helsinki) or Traficom under §205 of the Act on Electronic Communications Services.