Cookie Policy
ControlarGastos uses only strictly necessary cookies that let you sign in and protect forms against forged requests. We do not use analytics, advertising or third-party tracking cookies.
Last updated:
1. What a cookie is
A cookie is a small file that a website stores in your browser to recognise your session, remember preferences or ensure the site itself works properly. There are many types of cookies: technical, personalisation, analytics, advertising, third-party, etc.
2. Cookies we use
All the cookies that ControlarGastos uses are strictly technical and are issued by our own domain. We do not set third-party cookies.
| Name | Purpose | Duration | Attributes |
|---|---|---|---|
BEARER |
Session token needed to keep your access to the application authenticated. | Approximately 15 minutes. | HttpOnly, Secure, SameSite=Strict |
REFRESH |
Allows the session token to be renewed without re-entering credentials and detects session reuse. | Up to 7 days or until you sign out. | HttpOnly, Secure, SameSite=Strict, scope limited to the API routes. |
XSRF-TOKEN |
Protection against cross-site request forgery (CSRF) attacks on authenticated forms. | Session. | Secure, SameSite=Strict (readable by the application itself for the double-submit pattern). |
3. Strictly technical nature and consent
The cookies above are essential to provide a service that you have expressly requested by signing in or using the application. For that reason they are covered by the exception in the second paragraph of Article 22.2 of Spanish Law 34/2002 (LSSI-CE), which exempts strictly necessary cookies for the provision of the service expressly requested by the user from the requirement to obtain prior consent.
This exception is consistent with the criteria published by the Spanish Data Protection Agency in its Guide on the use of cookies and with the guidelines of the European Data Protection Board.
4. We do not use third-party cookies
Currently we do not use:
- Analytics cookies (Google Analytics, Plausible, Matomo, etc.).
- Advertising or marketing cookies.
- Social-media cookies or cookies from external tracking providers.
- Tracking pixels or fingerprinting.
If in the future we introduce any system that requires consent, we will update this policy and display a clear mechanism to accept or reject before installing the corresponding cookies.
5. How to disable them
You can configure your browser to block or delete cookies at any time. Bear in mind that if you block the cookies ControlarGastos uses you will not be able to sign in or use the application, since they are essential to authenticate you and to protect the forms.
Links to the official instructions for the main browsers:
6. Changes to this policy
This policy may be updated when new features are added or the applicable regulations change. The date of the last update appears at the top of this page.