Cookies policy
1. What is a cookie
A cookie is a small file that a website can store in the visitor's browser to remember information between visits or between pages (active session, preferences, language, etc.).
This website uses the minimum possible amount of cookies, all of them technical or functional. No advertising cookies. No third-party tracking.
2. Cookies used by this website
| Name | Purpose | Type | Duration | Third party |
|---|---|---|---|---|
better-auth.session_token | Keep your Workshop session active | Technical / strictly necessary | 30 days with sliding renewal | No |
jp_visitor_v1 | Identify the visitor anonymously across pages to detect visitor type (business / pro / curious). Random UUID signed with HMAC | Functional / first-party | 365 days | No |
jp_theme | Remember light/dark mode preference | Functional / first-party | 365 days | No |
NEXT_LOCALE | Remember language preference (Spanish / English). Managed by next-intl | Functional / first-party | 365 days by default in next-intl 4 (overridable in lib/i18n/routing.ts if needed) | No |
Important: no cookie stores personally identifiable information (name, email, IP, etc.). The identifier in jp_visitor_v1 is a random signed value, not linked to your identity.
3. Why no consent banner is required
Spanish cookie regulation (LSSI-CE art. 22.2 and AEPD guidance 2023) requires prior consent only for cookies not strictly necessary to provide the service requested by the user.
The cookies listed above are all in one of these two categories:
- Strictly necessary for the website to work (auth session).
- Functional / explicit user preferences (language, theme), exempt from consent because they reflect configuration the user requested.
The jp_visitor_v1 cookie is treated under legitimate interest documented via an internal Legitimate Interest Assessment (LIA). The LIA verifies that: (a) there is a real legitimate interest (improving editorial decisions without invasive GA), (b) there is no reasonable less-invasive alternative achieving the same goal, and (c) the balance between the controller's interest and the visitor's rights is proportionate, given that NO PII is stored, NO identified profile is built, NO data is shared with third parties, and a simple opposition mechanism exists (delete cookies or email). If the AEPD or a court interprets this type of cookie as subject to explicit consent, a specific consent banner will be added for jp_visitor_v1 and the website will remain functional without that cookie by default.
This website does NOT use:
- Google Analytics or equivalents.
- Advertising or third-party tracking cookies.
- Facebook, LinkedIn, Twitter or similar pixels.
- Social media cookies (external share buttons).
4. Visit analytics with Umami
This website uses self-hosted Umami for aggregated visit analytics. Umami does not use cookies and runs on the same VPS as the rest of the website (Hetzner, Germany, EU). It collects:
- Visited page and referrer.
- Language, device type, browser and operating system (aggregated).
- No stored IP, no fingerprinting, no persistent identifier.
This complies with privacy by default and requires no consent.
5. Technical errors with Sentry
Sentry collects stack traces and browser metadata when an error occurs. It does not use cookies. Traces are kept for 90 days and automatically purged. No IP or explicit personal data is stored.
6. How to control and delete cookies
You can manage your browser's cookies at any time:
- Chrome: Settings → Privacy and security → Cookies and other site data.
- Firefox: Preferences → Privacy & Security → Cookies and Site Data.
- Safari: Preferences → Privacy → Manage Website Data.
- Edge: Settings → Cookies and site permissions.
Deleting cookies may affect functionality (you will lose your active session or theme/language preferences), but the website will remain navigable.
7. Modifications
If this policy changes (for example, if a new cookie is added in the future), the effective date will be updated in the header and the change will be announced on /changelog.
8. Contact
For any matter regarding cookies or data processing:
- GDPR rights email: [email protected]
- Full privacy policy: /privacidad
- Legal notice: /aviso-legal
Decision on cookie consent banner (2026-05-11): no consent banner is implemented. The website does NOT use advertising cookies or third-party analytics (Umami is self-hosted cookieless). The 4 emitted cookies are technical or functional, and the jp_visitor_v1 cookie is justified by a LIA documented in docs/rgpd.md §13.8. This decision will be reviewed if AEPD publishes guidance re-categorising this type of cookie.