Cookie Policy
This policy explains what cookies are, which ones we use and how to manage them, in compliance with article 22.2 of Spanish Act 34/2002 (LSSICE) and the Spanish DPA's 2023 "Cookies Guidance".
What is a cookie?
A cookie is a small file downloaded to your device when you visit a website. It lets the site remember information about your visit (e.g. that you are signed in).
Which cookies we use
We only use strictly necessary cookies for service delivery. These are exempt from prior-consent requirements under the Spanish DPA's guidance.
| Cookie / storage | Purpose | Duration | Owner |
|---|---|---|---|
authToken (localStorage) |
Maintain authenticated session | Until logout | prisma (first-party) |
impersonationToken (sessionStorage) |
Temporary super-owner token when impersonating another user | Until tab close or 1h | prisma (first-party) |
session (HttpOnly cookie, when LOGIN_WALL=1) |
Browser session for gated pages | 24 hours | prisma (first-party) |
theme (localStorage) |
Theme preference (light/dark) | Until the user changes it | prisma (first-party) |
posc_csrf (cookie) |
CSRF protection (double-submit token verified against the X-CSRF-Token header). Strictly necessary. |
Session | prisma (first-party) |
posc_lang (cookie) |
User language preference (ES/EN). Strictly necessary — exempt from consent under AEPD Guidance §3.2. | 12 months | prisma (first-party) |
We do not use analytics, advertising or third-party cookies beyond those strictly necessary for Service operation. Should we add any non-exempt cookie in the future, we will request explicit consent through a cookie banner before installation.
How to manage cookies
You can configure your browser to block or delete cookies. Because these are essential for authentication, blocking them will prevent use of the Service.
Changes
We will update this policy when the cookie inventory changes. The last modification date appears at the top.