Legal & Privacy
Cookie Policy
1. Purpose of this Cookie Policy
This Cookie Policy explains how DioGrid uses cookies and similar technologies on the website and, where applicable, in the app. It should be read together with the Privacy Policy and the cookie settings panel made available to users.
2. What cookies and similar technologies are
Cookies are small files or storage mechanisms placed on a user's device when visiting a website. Similar technologies may include local storage, session storage, pixels, tags, software development kits or comparable mechanisms used to store or access information on a device, identify a session, remember preferences, measure service usage or enable certain features.
3. Categories used by DioGrid
DioGrid may use: (a) strictly necessary or technical technologies, required to provide website navigation, security, session handling, consent preference storage or services expressly requested by the user; (b) preference technologies, used to remember user choices where the user has requested or enabled them; (c) analytics or measurement technologies, used to understand use of the website or app and improve it, only where a valid legal basis applies; and (d) marketing or advertising technologies, if ever implemented, only with prior valid consent where required.
4. Legal basis
Under Spanish law and applicable guidance, technologies that are strictly necessary to provide a service expressly requested by the user may be exempt from consent obligations. Non-exempt cookies or similar technologies require prior informed consent before use. DioGrid will provide a mechanism that allows users to accept, reject or configure non-essential technologies where applicable.
5. Cookie banner and consent choices
Where non-essential cookies or similar technologies are used, DioGrid will display a clear first-layer notice before they are activated. The notice should provide equally accessible options to accept, reject and, where relevant, configure cookies by purpose. Continuing to browse without an affirmative action will not be treated as consent. Users may revisit or change their choices at any time through cookie settings or an equivalent persistent access mechanism.
6. Essential technologies
Essential technologies may be used without consent when they are genuinely necessary for website or app operation, security, authentication, load balancing, consent preference storage, or completion of a service requested by the user. DioGrid will use them only for the necessary purpose and will not reuse them for unrelated analytics, advertising or profiling purposes unless a valid separate legal basis exists.
7. Technology inventory
The following inventory was produced by a full codebase audit of the DioGrid application. DioGrid does not use HTTP cookies on its own domain. All browser-side persistence uses localStorage only. No cookies are set by diogrid.app itself.
| Key / name | Storage type | Provider | Purpose | Category | Duration | Consent required |
|---|---|---|---|---|---|---|
sb-[ref]-auth-tokenExact key: verify at deployment | localStorage | DioGrid / Supabase Auth JS SDK | Stores authentication session data: access token, refresh token, user identifier, and token expiry. Required to maintain the authenticated session across page reloads and browser restarts. Set when the user signs in; removed on sign-out. | Strictly necessary | Access token renewed ~every hour automatically. Refresh token: 60 days by default (configurable — verify in Supabase Dashboard → Authentication → Token settings). Removed on sign-out. | No — strictly necessary for authentication |
diogrid-favorites | localStorage | DioGrid | Stores the list of item IDs the user has marked as favourites in the library browser. Persists across page reloads so the user's favourite selection is preserved. Contains no personal data — only internal model identifiers. | Functional / preference | Persistent until the user clears browser data. No expiry set by code. | No — functional preference with no personal data |
diogrid_supabase_access_token | localStorage | DioGrid | Optional override path for the Supabase access token, read by the protected asset resolver when calling Edge Functions. Only present if explicitly set via token injection; not set by the normal user authentication flow. | Strictly necessary | Session-based. Not set in the standard user flow. | No — strictly necessary if present |
Third-party storage. Stripe (payment processing) operates exclusively on Stripe-hosted domains (checkout.stripe.com, billing.stripe.com). DioGrid redirects the browser to those domains for checkout and subscription management; no Stripe SDK runs on diogrid.app itself, and Stripe does not set storage on the DioGrid domain.
Analytics and marketing. As of the date of this inventory, no analytics, marketing or advertising SDK is integrated into the application. The in-app cookie preference settings (Analytics, Marketing, Product Updates) are stored in the user account database and are preparatory controls for future integrations. No non-essential storage is currently activated. This inventory will be updated if analytics are added.
Verify at deployment: open browser DevTools → Application → Local Storage at the production URL to confirm the exact Supabase key name (sb-{project-ref}-auth-token) and confirm no unexpected keys are present.
8. How to change or withdraw consent
You can change or withdraw your cookie choices at any time through the cookie settings available in the app (Account → User Settings → Cookie Preferences). You may also configure your browser to block or delete cookies, although doing so may affect the operation of some website functions or settings.
9. Third-party cookies
If third-party cookies or similar technologies are used, DioGrid will identify the relevant providers in the inventory above and will explain the relevant purpose and duration to the extent required. Third-party providers may also process information under their own privacy or cookie notices.
10. Updates
This Cookie Policy may be updated when the technologies used by the website or app change, when legal criteria evolve, or when the Service is modified. The latest version will be published with its effective date.
11. Contact
Questions about this Cookie Policy may be sent to massimo.c@diogrid.app.