Last updated: March 6, 2026
Disclaimer: This English version is provided for informational purposes only. The legally binding version is the Portuguese original available at /cookies. In case of any discrepancy, the Portuguese version shall prevail.
Data Controller: 45.597.034 Jonh Wilian Mariano Catalunha CNPJ: 45.597.034/0001-43 Website: clickvault.com.br Contact: dpo@clickvault.com.br
1. What Are Cookies?
Cookies are small text files that websites store in your browser when you visit them. They allow the website to remember information about your visit, such as your preferences or login details, making it easier for you to navigate the platform on subsequent visits.
There are different types of cookies:
- Strictly necessary cookies: essential for the basic operation of the website, such as keeping your login session active. Without them, the website cannot function properly.
- Performance/analytics cookies: collect data about how visitors use the website (e.g., Google Analytics). ClickVault does NOT use this type of cookie.
- Marketing/advertising cookies: track your activity across different websites to display personalized ads (e.g., Meta Pixel). ClickVault does NOT use this type of cookie.
2. Which Cookies Does ClickVault Use?
ClickVault uses only strictly necessary cookies required for the platform to operate. These cookies are essential to ensure that you can log in and use your account features securely.
| Cookie | Purpose | Type | Duration | HttpOnly | Secure | SameSite |
|---|---|---|---|---|---|---|
sb-access-token | JWT session token for user authentication | Strictly necessary | Session (expires when the browser is closed) | Yes | Yes | Lax |
sb-refresh-token | Automatic login session renewal | Strictly necessary | 7 days | Yes | Yes | Lax |
Security settings explained:
- HttpOnly: the cookie cannot be accessed by browser scripts, protecting against XSS (Cross-Site Scripting) attacks.
- Secure: the cookie is only transmitted over encrypted HTTPS connections.
- SameSite (Lax): the cookie is not sent with cross-site requests, protecting against CSRF (Cross-Site Request Forgery) attacks.
3. What ClickVault Does NOT Use
For full transparency, we declare that ClickVault does not use any of the following mechanisms:
- Analytics cookies (Google Analytics, Hotjar, Mixpanel, or similar)
- Marketing or advertising cookies (Meta Pixel, Google Ads tags, or similar)
- Third-party tracking cookies of any kind
- localStorage (browser local storage)
- sessionStorage (browser session storage)
- Browser fingerprinting for platform user identification
4. Tracking Script (t.js) — Transparency
ClickVault provides its customers with a traffic protection script (t.js) that is installed on the customers' own websites. It is important to clarify how this script behaves:
- The script does not install cookies on the devices of visitors to customer websites.
- The script does not use localStorage or sessionStorage.
- The script does not persist any information on the visitor's device.
- Data collection is performed through a single POST request to ClickVault's server, with no local storage involved.
- The data collected is used exclusively for traffic quality analysis and bot protection.
5. Legal Basis (LGPD and Brazilian Internet Civil Framework)
The use of strictly necessary cookies by ClickVault is supported by the following legal bases:
- LGPD (Law No. 13,709/2018), Art. 7, Section V: the processing of personal data is permitted when necessary for the performance of a contract or pre-contractual procedures related to a contract of which the data subject is a party, at the data subject's request.
- LGPD, Art. 7, Section IX: processing is permitted when necessary to serve the legitimate interests of the controller, except where the fundamental rights and freedoms of the data subject prevail.
- Brazilian Internet Civil Framework (Law No. 12,965/2014), Art. 7: guarantees the user's right to clear and complete information about the collection, use, storage, and protection of their personal data.
Because ClickVault uses only strictly necessary cookies for platform operation, a cookie consent banner is not required. This exemption is consistent with the interpretation of Brazil's National Data Protection Authority (ANPD) and with European guidelines (ePrivacy Directive), which serve as a complementary reference.
6. How to Manage or Block Cookies
Although the cookies used by ClickVault are strictly necessary, you have the right to manage or block cookies in your browser. Here is how to do so in the most common browsers:
- Google Chrome: Settings > Privacy and security > Cookies and other site data
- Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
- Microsoft Edge: Settings > Cookies and site permissions > Cookies and data stored
- Safari: Preferences > Privacy > Manage Website Data
Important notice: if you block ClickVault's strictly necessary cookies, you will be unable to maintain an active login session, which will prevent normal use of the platform.
7. Changes to This Policy
ClickVault reserves the right to update this Cookie Policy at any time. Significant changes will be communicated through a notice on the platform or by email. The "last updated" date at the top of this document will always reflect the most recent version.
8. Contact
If you have any questions about this Cookie Policy or the use of your personal data, please contact us:
- Email: dpo@clickvault.com.br
- Website: clickvault.com.br
- Data Controller: 45.597.034 Jonh Wilian Mariano Catalunha
- CNPJ: 45.597.034/0001-43
You may also exercise your rights under the LGPD (access, correction, deletion, portability, among others) by sending a request to the email address above.
This document is part of ClickVault's legal compliance documentation and should be read in conjunction with the Privacy Policy and the Terms of Service.