Cookies and similar technologies are small pieces of data stored by your browser or other browser storage mechanisms on your device. They help the service work correctly, maintain your session, and remember selected preferences.
Podatek Giełdy uses cookies for technical purposes (e.g. login), statistics, and to tailor content to your preferences. Website usage data is captured using first and third-party cookies and other tracking technologies. In some cases cookies may contain personal data (e.g. email); such data is then available only to our systems and to the user of that device.
You can disable or delete cookies at any time in your browser settings. Restricting or blocking cookies may limit or prevent use of some features.
Cookies we use
Necessary
Required for the service to operate: keeping you signed in, CSRF protection, PKCE verification, remembering your choice in the cookie banner, and basic visit statistics (country derived from IP, device category, browser, entry source, UTM parameters, referring URL) collected without your consent. The visitor identifier is HMAC-SHA256 hashed server-side; the salt rotates every 24 hours in Warsaw time — no persistent identifier is stored in your browser. Legal basis: RODO art. 6(1)(f) and art. 397 of the Polish Electronic Communications Act (legitimate interest — security, multi-year fraud detection in the referral program and commission flows, service improvement). Retention: 5 years (aligned with the limitation period for tax claims under art. 70 § 1 of the Polish Tax Ordinance). You have the right to object — toggle below.
| Key | Description |
|---|---|
| sb-*-auth-token | Session token – keeps you logged in. The "*" is the project identifier. |
| sb-*-auth-token-code-verifier | PKCE code verifier used during login (OAuth) – ensures secure authentication. Temporary, removed after the process completes. |
| cookie_consent | Browser-storage record of your cookie-banner choice (consent categories + RODO art. 21 objection). |
| pg:va-session, pg:va-utms | Visit session identifier (30-min TTL) and UTM parameters of the current visit — sessionStorage only, deleted on tab close. Used for basic traffic analytics (legitimate interest — RODO art. 6(1)(f) + art. 397 of the Polish Electronic Communications Act). The visitor_id is NOT stored in the browser — it is server-side HMAC-derived and rotated daily in Warsaw time. |
Analytics
Google Tag Manager / Google Analytics 4 and rrweb session recordings used for in-depth user-behaviour analysis and UX improvement. Consent is voluntary and can be withdrawn at any time. Without consent we do not load GA4 nor record sessions.
| Key | Description |
|---|---|
| _ga | Google Analytics 4 — in-depth traffic analytics (via Google Tag Manager). Loaded only after analytics consent. |
| rrweb session recording | Session recordings used for UX diagnostics. Loaded only after analytics consent. |
Marketing
Cookies used for remarketing and ad-campaign performance measurement (Meta Pixel, Google Ads, conversion pixels) loaded via Google Tag Manager, plus the referral_code cookie for referral-program attribution. Without consent no marketing cookies are set.
| Key | Description |
|---|---|
| referral_code | Technical cookie used to attribute the visit to a referral link (referral program). Requires marketing consent (legitimate interest of running a marketing program — RODO art. 6(1)(f)). |
| _fbp, _gcl_*, IDE | Remarketing cookies and conversion pixels (Meta, Google Ads). Set only after marketing consent. |