Legal document

Cookie Policy

Version: 1.0 In force since: 13 May 2026

Informational translation. The legally binding version is the Spanish original, available at /legal/cookies.html. In case of discrepancy, the Spanish version shall prevail.

1. What cookies and similar technologies are

Cookies are small text files that a website may store on the visitor's device for various purposes (authentication, preferences, metrics, advertising, etc.). Analogous technologies exist: localStorage, sessionStorage, IndexedDB, Service Workers and the like. In this Policy, the term "cookies" is used in a broad sense to refer to all of them.

2. Our stance

ULOX adopts a minimalist approach here. We do not use tracking cookies, advertising cookies, or integrate with advertising networks. We do not use third-party analytics (Google Analytics, etc.). We do not sell or transfer data to programmatic advertising.

No third-party cookies. On the public website and in the ULOX application, no third-party cookies are loaded for tracking, profiling or advertising purposes. The user does not need a consent banner because there is nothing to consent to beyond the strict technical minimum.

3. What exactly we use

3.1. Website ulox.org

The informational website does not set first-party or third-party cookies. Font resources (Google Fonts) are served without persistent cookies. The content is static.

3.2. Application ulox.app

The PWA application exclusively uses local storage technically necessary for its operation:

Mechanism	Purpose	Type
localStorage	Persist language preferences, last message cursor, non-sensitive data necessary for the user experience.	Strictly technical
localStorage (optional vault)	If the user enables "Remember device", store the session encrypted with a PIN-derived key locally. Never sent to the server.	Technical, subject to user's express choice
sessionStorage	Ephemeral state of the current session (token, keys in memory).	Strictly technical
IndexedDB	Local cache of encrypted files, binary blobs and universe data for offline use.	Strictly technical
Service Worker	PWA service: receiving push notifications (if the user enables them) and installable application behaviour. Does not perform offensive caching.	Strictly technical

4. Third-party services with local storage

Push notifications: if the user enables them, the browser manufacturer or operating system services (Apple Push, Firebase, Mozilla Push, Microsoft) may store opaque identifiers on the device necessary to deliver the notifications. The application does not send payloads containing personal content.
Web fonts (Google Fonts): the site loads fonts from Google domains. According to the provider's current documented practices, this service does not set cookies. However, access to the resource means Google receives the user's IP address. If this is a concern, ITRION offers self-contained versions upon request.

5. How to manage local storage

The user can at any time:

Delete local storage from the browser settings ("Clear browsing data" section).
Configure the browser not to accept new cookies or storage.
Uninstall the PWA application from the operating system.

Deleting local storage may entail the loss of the encrypted vault stored on the device and, therefore, of access to the local history when that has been the only available copy. Before deleting, verify the scope.

6. Changes to this Policy

This Policy may be updated to reflect technical or regulatory changes. Updates will be published on this same page indicating the revision date.

7. Contact

For any query about this Policy: privacy@ulox.org.