Sign in Request demo

Cookies

Cookie Policy

No tracking or marketing cookies. We only store what is strictly necessary for the service to work (authentication, UI preferences) and a cookieless aggregated analytics signal from Cloudflare to measure anonymous traffic. We show an informational notice at the bottom of the screen (not a consent banner) because the ePrivacy Directive art 5.3 explicitly exempts strictly-necessary cookies.

Effective: 2026-06-03 · Version: 1.0

1. What we store on your device

We use two mechanisms: HTTP cookies and Web Storage (localStorage/sessionStorage). The second isn't technically a cookie but privacy authorities treat both the same way.

2. Full inventory

2.1 Public website www.emate.cloud

Name Type Purpose Duration Category
emate-lang localStorage Remember chosen language (ES/EN/PT) Persistent Necessary
emate-analyzer-theme localStorage Remember analyzer light/dark theme Persistent Necessary
__cf_bm Cloudflare cookie Bot management — abuse protection 30 minutes Necessary (security)
Cloudflare Web Analytics External script — cookieless Anonymous aggregated metrics (PV, paths, countries, web vitals). No cookies, no individual tracking, no PII. N/A (does not persist) Statistics (aggregated legitimate interest, ePrivacy art 5.3)

2.2 Dashboard platform.emate.cloud

Name Type Purpose Duration Category
emate-jwt localStorage Authenticated session token 15 min (sliding refresh) Necessary
emate-tenant-id localStorage Identify active tenant Persistent until logout Necessary
emate-backup-token localStorage Super-admin impersonation token Only during impersonation Necessary
emate-sidebar-collapsed localStorage Sidebar state (collapsed/expanded) Persistent Necessary (UI)
emate-theme localStorage Dashboard light/dark theme Persistent Necessary (UI)
mg_return_to sessionStorage URL to return to after login Browser session Necessary

3. Why no consent banner?

The rules that require consent for cookies (GDPR Art 6, ePrivacy 5.3, AR Ley 25.326) exempt strictly necessary cookies for a service requested by the user. Everything listed above falls under that exception:

  • Without auth (JWT) you can't use the dashboard
  • Without persistent theme/language the UX breaks on every reload
  • Cloudflare bot management protects against abuse

Showing a "Accept necessary cookies" banner without offering real reject would be a dark pattern under EDPB Guidelines 03/2022. We prefer to be honest.

4. What will change if we add analytics?

If we ever enable analytics (CF Web Analytics, Plausible, PostHog, GA4) or marketing pixels, before doing so:

  • We will show a granular consent banner (necessary / analytics / marketing)
  • Default will be opt-out for analytics and marketing
  • We will update this page and notify active users via email
  • You will be able to change your choice from the footer at any time

5. Managing cookies in your browser

All modern browsers let you view, delete and block cookies and localStorage per site:

  • Chrome: Settings → Privacy & security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

Important: if you block our necessary cookies/localStorage, you won't be able to sign in or use the dashboard.

6. Third-party cookies

We do not embed third-party pixels or scripts (LinkedIn Insight, Meta Pixel, Google Tag Manager, Hotjar, Fullstory, etc.). The only third party present is Cloudflare as CDN/WAF — its __cf_bm cookie is necessary for security and lasts 30 minutes max.

7. Contact

Questions about cookies or this policy: [email protected]

See also: Privacy Policy · Vulnerability Disclosure