COOKIES POLICY
Cookies Policy
Last updated · 2026-05-16
This page lists every cookie and cookie-equivalent (localStorage, sessionStorage) that Helburu may set on your device, in plain language. We keep the list small on purpose. Spanish law (LSSI-CE Art. 22) requires us to disclose every non-essential cookie and let you control them; we go beyond that and disclose the essential ones too.
What we use
Strictly necessary (always on)
-
Firebase Auth (helburu-app.com) — when you
sign in via the web bridge (the magic-link redirect at
/auth-callback), Firebase stores a session token in your browser'slocalStorage. Technically not a cookie, but it serves the same function (persisting authentication across reloads). Required for sign-in to work. Lifespan: until you sign out or clear browser data. -
Cloudflare bot management (
__cf_bm) — our DNS and CDN provider sets this cookie automatically on every request to protect against bots and DDoS. Lifespan: 30 minutes. Required for security. More info.
Analytics (cookieless)
- Plausible Analytics — we use Plausible to count anonymous, aggregate page views and outbound link clicks (so we can see which landing copy works without tracking individuals). Plausible does NOT use cookies, does NOT collect personal data, and does NOT track users across other sites. All data is anonymous and aggregated. Their data policy.
What we don't use
We deliberately don't use, and have never installed, any of the following:
- Google Analytics, Google Tag Manager, Google Ads pixels.
- Facebook / Meta Pixel, TikTok Pixel, LinkedIn Insight Tag.
- Any other advertising or retargeting tracker.
- Third-party cookies of any kind.
- Browser fingerprinting libraries.
- Session-recording tools (Hotjar, FullStory, etc.).
If we ever add anything like the above (we don't plan to), we'll surface a one-time consent banner on the landing before it activates, with the new effective date listed here.
Managing cookies
Most browsers let you block or delete cookies through settings: Chrome, Safari, Firefox, Edge. Blocking strictly-necessary cookies (Firebase Auth, Cloudflare bot management) will prevent sign-in or fail the security check on our domain — we have no way around that.
In-app (iOS & Android)
The Helburu mobile app does not use web cookies. It does use standard platform mechanisms (iOS Keychain, Android SharedPreferences) to remember your sign-in state, plus Firebase Installations ID for push delivery. None of this is shared with third parties. See our Privacy Policy for the full data breakdown.
Questions
For anything about your data, our full Privacy Policy describes what we collect, why, and your rights under GDPR. For other questions, email info@helburu-app.com.
CONTACT
info@helburu-app.com
Helburu · Madrid, Spain