1. What are cookies?
Cookies are text files stored by your browser to keep sessions, preferences, and navigation context.
2. How we use cookies
We use first-party cookies for authentication, security, locale, and campaign attribution. We do not run social/adtech third-party cookies in the core app flow.
3. Cookies in use
3.1 Authentication
next-auth.session-token (or __Secure-next-auth.session-token): keeps signed-in sessions.
next-auth.csrf-token: CSRF protection in auth flow.
next-auth.callback-url: post-login redirect context.
3.2 Locale
NEXT_LOCALE: sets initial language based on domain and user preference.
3.3 Campaign attribution (when applicable)
forcamaxima_utm: stores UTM data for campaign source attribution and lead form context.
4. Analytics
We use Vercel Analytics and internal events for aggregated metrics. Part of this measurement may be cookie-less depending on provider technology.
5. Local storage (non-cookie)
IndexedDB and localStorage may also be used for app cache/runtime preferences (including locale/UTM), when supported by the browser.
6. Managing cookies
You can control cookies in browser settings. Blocking essential cookies may prevent login and proper operation of protected app flows.
7. Third parties
Payment providers (e.g., Stripe) may set their own cookies during external checkout under their own policies.
8. Updates and contact
This policy may change over time. Questions: privacidade@forcamaxima.app.