Privacy and Cookie Settings

1. What are cookies and similar technologies?

Cookies are small text files that are stored on your device when you visit a website or use an online service. Similar technologies may include local storage, session storage, pixels, SDKs, scripts, tags, or other technologies that store or access information on your browser or device.

These technologies can be used for different purposes, such as:

• keeping the website working correctly;
• remembering your preferences;
• maintaining secure login sessions;
• measuring performance and audience;
• understanding how the Service is used; and
• enabling personalization or marketing features.

2. Why we use cookies

We may use cookies and similar technologies to:

• ensure the technical operation of the website and application;
• allow secure login and account authentication;
• remember settings and user preferences;
• protect the Service against fraud, abuse, and unauthorized access;
• measure usage, traffic, and performance;
• improve usability and features; and
• where applicable, support communications, integrations, or marketing activities.

3. Legal basis for cookies

Under applicable EU and Spanish rules, not all cookies are treated the same way. As a general rule, strictly necessary cookies may be used without consent when they are required for the service requested by the user, while non-essential cookies such as analytics, personalization, or advertising cookies generally require prior consent.

Spain’s AEPD cookie guide states this approach expressly, and the European Commission’s own cookie policy uses the same distinction for operational cookies.

Where the use of a cookie involves the processing of personal data, the corresponding GDPR legal basis will also apply depending on the purpose, typically:

• performance of a contract or legitimate interest for strictly necessary/security-related operations, where lawful; and
• consent for non-essential cookies and similar technologies where required.

4. Cookie categories we may use

4.1 Strictly necessary cookies

These cookies are required for the website or application to function properly and to provide the Service requested by the user.

They may include cookies used to:

• maintain login sessions;
• authenticate users;
• balance traffic;
• remember security selections;
• prevent fraudulent activity;
• store privacy choices;
• enable essential page navigation; and
• keep the application stable and secure.

These cookies do not require prior consent to the extent they are strictly necessary for the requested service. The AEPD and European Commission both recognize this exemption for operational/technical cookies.

4.2 Preference or functionality cookies

These cookies remember choices you make, such as language, interface preferences, or other optional settings that improve your experience. Depending on how they are implemented and whether they are strictly necessary for a function expressly requested by you, these cookies may or may not require consent.

4.3 Analytics or measurement cookies

These cookies help us understand how users interact with the website or application, for example by measuring visits, usage flows, performance, feature adoption, errors, or aggregated audience statistics.

As a general rule, analytics cookies require consent unless they fall within a legally recognized exemption. The AEPD’s 2024 guidance explains that some audience-measurement tools may be exempt from consent only if strict safeguards are met, such as limited purpose, restricted data use, reduced identifiability, short retention, and absence of cross-site or broader behavioral reuse.

Unless we have implemented analytics in a way that clearly qualifies for an exemption under applicable guidance, we will treat such analytics technologies as requiring your consent.

4.4 Personalization cookies

These cookies or similar technologies may be used to adapt content, interface, or experience based on your usage patterns or preferences. They are generally used only with your consent where required by law.

4.5 Marketing or advertising cookies

These cookies may be used to track browsing behavior, measure campaign effectiveness, or display more relevant promotions or messages across services or platforms. These cookies are non-essential and require prior consent where applicable.

At present, Cecilios may use advertising cookies in limited cases.

5. Information stored through cookies

Depending on the technology used, cookies and similar tools may collect or access information such as:

• IP address;
• browser type and settings;
• device type;
• session identifiers;
• pages viewed;
• timestamps;
• navigation paths;
• interactions with features;
• referring URLs; and
• preference selections.

Some of this information may constitute personal data under the GDPR if it can be linked directly or indirectly to an individual.

6. How you can manage your choices

You may manage your cookie preferences through our cookie banner or settings center, where available. You can usually choose among options such as:

• Accept all
• Reject non-essential
• Save preferences
• enabling or disabling categories such as analytics, personalization, or marketing

Your cookie settings should remain accessible after the initial banner, which is consistent with the practical direction of current European cookie compliance guidance.

Please note:

• strictly necessary cookies cannot usually be disabled through the settings center because the Service may not function correctly without them;
• withdrawing consent does not affect prior processing already lawfully carried out before withdrawal; and
• browser settings may also allow you to block or delete cookies, though this can affect functionality.

7. Browser controls

Most browsers allow you to manage cookies through their settings, including blocking, deleting, or notifying you about stored cookies.

Please be aware that disabling all cookies, including necessary cookies, may prevent parts of the website or application from operating properly.

8. Consent and withdrawal

Where consent is required, we will request it before placing or accessing non-essential cookies or similar technologies on your device.

You may withdraw your consent at any time through the cookie settings interface or other methods made available on the website.

Withdrawing consent is intended to be as easy as giving it, in line with EU consent standards. The EDPB’s consent guidance and later opinions continue to stress that consent must be valid, freely given, and based on real choice.

9. Third-party cookies and providers

Some cookies or similar technologies may be set by third-party providers that support parts of the Service, such as:

• analytics providers;
• payment providers;
• customer support tools;
• embedded content providers;
• authentication providers; or
• infrastructure/security services.

Where third parties set or read cookies through our Service, they may act as independent controllers, joint controllers, or processors depending on the specific setup and purpose.

Current/possible providers used by the Service:

• Hosting/infrastructure: [SWHosting.com]
• Payments: [stripe.com]
• Analytics: [google.com]
• Authentication/login: [Clerk.com]
• Email communications: [Sendgrid.com]

10. Retention periods

Cookies may remain on your device for different periods depending on their purpose.

In general:

• session cookies are deleted when you close your browser;
• persistent cookies remain stored for a defined period or until manually deleted.

The exact retention period depends on each cookie or provider configuration. Where possible, the cookie settings panel should identify the duration of each cookie or at least the category-based retention period.

For audience-measurement cookies, the AEPD’s 2024 guidance specifically links exemption conditions to limited retention and restricted use.

11. International data transfers related to cookies

Although the app and core hosted data are intended to be located in Spain, some third-party analytics, communications, support, or infrastructure providers may process limited data outside Spain or outside the EEA, depending on the tools actually used.

Where that occurs, we will rely on appropriate safeguards required by applicable law, such as an adequacy decision or Standard Contractual Clauses, as described in our Privacy Policy.

12. Do Not Track and similar browser signals

At present, we honor certain browser privacy signals where technically supported. If you implement a consent platform that recognizes browser-level privacy signals, this section should be updated accordingly.

13. Updates to these settings

We may update this Privacy and Cookie Settings document from time to time to reflect:

• changes in the cookies or technologies used;
• legal or regulatory developments;
• changes to the Service; or
• new integrations or providers.

The updated version will be published with a revised “Last updated” date.

14. Contact

For questions about cookies, privacy, or your choices, contact:

• [COMPANY NAME]
• Email: [PRIVACY CONTACT EMAIL]
• Address: [FULL ADDRESS]