Cookies Policy
Last updated: 29 April 2026 (v2.1)
Version: 2.1
Effective date: 29 April 2026
This Cookies Policy explains how GET HAUZED, S.L. ("Hauzed", "we", "us", "our") uses cookies and similar technologies on the website www.hauzed.com and the Hauzed mobile application (together, the "Platform").
This Policy is part of our Privacy Policy and our Terms of Service. For full information about how we process personal data, please refer to those documents.
This Policy is issued under EU Regulation 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD), Spanish Law 34/2002 on the Information Society and Electronic Commerce (LSSI-CE) and the Irish ePrivacy Regulations 2011.
1. What is a cookie?
A cookie is a small text file placed on your device (computer, phone, tablet) by a website. Cookies allow websites to remember information about your visit, such as language preferences, login state, or analytics signals. We also use other similar technologies (local storage, web beacons, pixels and SDKs in our mobile application). For simplicity, this Policy refers to all of them as "cookies".
2. Types of cookies we use
We use only two categories of cookies:
2.1 Strictly necessary cookies
These cookies are essential for the Platform to function. Without them, you cannot log in, your session cannot be maintained, and basic security features cannot operate. These cookies do not require your consent under Article 5(3) of the ePrivacy Directive and Article 22 LSSI-CE.
2.2 Analytics and product-improvement cookies
These cookies help us understand how Members use the Platform so we can improve it. They include event tracking and session replay. These cookies require your prior consent, which you can give, refuse or withdraw at any time through our cookie banner or your account preferences.
We do not use:
- Advertising or profiling cookies placed by Hauzed itself;
- Third-party advertising cookies for retargeting outside the Platform.
If we introduce advertising cookies in the future, we will update this Policy and request your fresh consent before placing any non-essential cookie.
3. Detailed list of cookies
3.1 Strictly necessary
| Cookie / technology | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
hauzed_session | Hauzed (first-party) | Maintains your authenticated session | HTTP cookie | Session (deleted on logout) |
hauzed_csrf | Hauzed (first-party) | Protects against cross-site request forgery | HTTP cookie | Session |
hauzed_lang | Hauzed (first-party) | Stores your language preference (EN / ES) | HTTP cookie | 12 months |
hauzed_consent | Hauzed (first-party) | Stores your cookie-consent choices | HTTP cookie / local storage | 12 months |
sb-access-token | Supabase | Authentication token (JWT). Stores the access token after user login so the frontend and backend can verify identity on each request | HTTP cookie / local storage | Persistent (refreshed continuously; valid until logout) |
sb-refresh-token | Supabase | Session refresh token. Long-lived token used to obtain new access tokens without re-login, enabling persistent login across sessions | HTTP cookie / local storage | Persistent (until logout or session revocation) |
_vercel_jwt | Vercel (Deployment Access) | JSON Web Token used to authenticate access to protected deployments (e.g. password-protected previews) | HTTP cookie | Persistent (until token expiry or logout) |
__prerender_bypass | Vercel (Next.js Preview Mode) | Indicates Next.js Preview Mode is active for fetching draft / unpublished content | HTTP cookie | Session (cleared when Preview Mode is exited) |
__next_preview_data | Vercel (Next.js Preview Mode) | Stores encrypted preview-mode token enabling display of draft content | HTTP cookie | Session |
__cf_bm | Cloudflare (via Vercel) | Bot detection and DDoS protection | HTTP cookie | 30 minutes |
3.2 Analytics and product improvement (consent required)
| Cookie / technology | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
ph_<project_api_key>_posthog | PostHog | Identifies and tracks users for product analytics. Stores a unique distinct_id, session ID and feature flags so returning users can be recognised. Configured with sensitive-field masking on session replays | HTTP cookie / local storage | 365 days |
va_* | Vercel Analytics | Aggregated traffic and performance metrics | HTTP cookie | 24 hours |
PostHog is configured to mask personal data on session replays (input fields, document uploads). Replays do not capture document content or message contents.
We will keep this list updated. The most current list is published at www.hauzed.com/en/cookies.
4. Your control over cookies
4.1 Cookie banner
When you first visit the Platform, a cookie banner asks you to accept or reject non-essential cookies. You can:
- Accept all — strictly necessary + analytics;
- Reject all — only strictly necessary;
- Customise — choose which categories you accept.
Your choice is stored in the hauzed_consent cookie for 12 months. After 12 months we will ask again.
4.2 Changing your preferences
You can change your cookie preferences at any time:
- Click "Cookie preferences" in the website footer;
- In your account settings, under "Privacy & Cookies".
4.3 Managing cookies in your browser
You can also block or delete cookies directly through your browser settings. Each browser is different - see:
- Chrome: support.google.com/chrome/answer/95647
- Firefox: support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop
- Safari (macOS / iOS): support.apple.com/guide/safari/manage-cookies-sfri11471/mac
- Edge: support.microsoft.com/microsoft-edge
Note: blocking strictly necessary cookies will prevent the Platform from working correctly.
5. Mobile application
In the Hauzed mobile application we use SDKs (PostHog, Supabase, Sentry where applicable) that store identifiers in your device's local storage. The same consent rules apply: only strictly necessary identifiers are stored without consent; analytics SDKs activate only after you opt in.
You can reset advertising and tracking identifiers in your device settings (Apple iOS: Settings → Privacy → Tracking; Android: Settings → Privacy → Ads).
6. International transfers
Where our analytics provider (PostHog, Vercel Analytics) processes data outside the European Economic Area, we rely on Standard Contractual Clauses and other safeguards as described in our Privacy Policy.
7. Your rights
Cookies are personal data when they identify you, even indirectly. You have the rights described in our Privacy Policy, including the rights of access, rectification, erasure, objection, and to lodge a complaint with the Spanish Data Protection Agency (AEPD) or the Irish Data Protection Commission (DPC).
8. Changes to this Policy
We may update this Policy when we add or remove cookies, change providers, or to reflect legal updates. The "Last updated" date at the top reflects the most recent change. We will notify Members of material changes by in-app banner or email at least 14 days before they take effect.
9. Contact
For any question about cookies:
GET HAUZED, S.L.
Calle Circumval·lació, 77, 3º 3ª, 08240 Manresa, Barcelona, Spain
Email: info@hauzed.com
Phone: +34 936 07 56 78