How we use cookies and similar technologies

This policy complements the Privacy Policy and applies to visitors and users of Zault Storage, including public pages, authentication flows, and the authenticated panel.

The goal is to ensure transparency about what is stored in your browser or device, for what purposes, and how you can manage preferences, in compliance with LGPD and the ANPD guidance on cookies.

Cookies are small text files stored by the browser when you visit a website. They may be first-party (set by Zault Storage) or third-party (set by integrated services).

In addition to cookies, we may use browser local storage (localStorage) for preferences that do not need to be sent on every request — for example, light/dark theme and backup fleet layout.

Essential cookies do not require prior consent because they are necessary for the service you requested. Other categories depend on free, informed, and unambiguous consent under LGPD.

Essential: session authentication, language, and confirmation of sensitive operations — always active.

Third-party security: services such as sign-up abuse verification, loaded only after consent.

Third-party functional: integrated panel search, when configured — loaded only after consent.

Marketing and analytics: Zault Storage does not use advertising, remarketing, or marketing analytics cookies in this product version.

better-auth.session_token or __Secure-better-auth.session_token — essential, first-party — maintain authenticated session — duration: 2 hours without remember-me or 24 hours with remember-me — legal basis: contract performance (LGPD, art. 7, V).

NEXT_LOCALE — essential/functional, first-party — remember preferred language (pt-BR, en, es) — duration: persistent per browser — legal basis: contract performance.

sm_confirmation_challenge — essential, first-party — validate confirmation of sensitive actions (e.g., restore) — duration: approximately 5 minutes — legal basis: legitimate interest in security (art. 7, IX).

sm_cookie_consent — essential, first-party — record your cookie preferences — duration: up to 12 months — legal basis: transparency obligation and proof of consent.

Google reCAPTCHA cookies (e.g., _GRECAPTCHA) — third-party security — prevent sign-up abuse when enabled by the administrator — duration: per Google — legal basis: consent (art. 7, I) — loaded only after acceptance.

Google OAuth cookies — third-party — social login when you click Sign in with Google — duration: per Google — legal basis: contract performance at your request.

Algolia cookies — third-party functional — panel search when the feature is configured — duration: per Algolia — legal basis: consent (art. 7, I) — loaded only after acceptance.

localStorage (theme and fleet layout) — similar technology, first-party — interface preferences — no fixed expiry until you clear the browser — legal basis: contract performance / service experience.

The session cookie keeps you authenticated across panel pages. Without it, you cannot use the Service after login.

The language cookie avoids reselecting language on every visit.

The confirmation challenge cookie protects critical operations and expires quickly after use or timeout.

These cookies cannot be disabled via the banner without compromising core Service functionality.

reCAPTCHA: when enabled, Google's script is loaded only after you consent to third-party security cookies. Without that consent, email sign-up may be unavailable while protection is active.

Google OAuth: cookies may be set during the social login redirect you initiate. Also see Google's privacy policy.

Algolia: when global search is configured, the integration initializes only after consent for third-party functional cookies.

We do not sell data obtained through cookies and do not use cookies for behavioral advertising.

On first visit, we show a banner with equivalent options: accept all cookies, reject non-essential cookies, or manage categories individually.

You can reopen preferences anytime via the Manage cookies link in the site and panel footer.

You can also block or delete cookies in browser settings. Blocking essential cookies will prevent login, language retention, or confirmation of sensitive operations.

Revoking consent for non-essential categories applies immediately to new script loads; cookies already set by third parties may require manual browser cleanup.

We may update this policy to reflect legal, operational, or integration changes. The effective date will be shown at the top of the document.

Relevant changes may require new consent when categories or purposes are modified.

For cookie questions or to exercise rights related to personal data, use the in-platform support channel or institutional contacts published on this site.

This Cookie Policy details browser storage technologies. Broader personal data processing — including account, backup, and support data — is described in the Privacy Policy and should be read together.