Cookies Policy
Effective date: 02/19/2026 | Version: 1.2.0
This Cookies Policy explains how CPlay Social HUB uses cookies and similar technologies for operation, security, measurement, and advertising, with focus on LGPD and ANPD guidance, as well as GDPR and applicable European rules for cookies and equivalent technologies.
This policy is applied by CPLAY LTDA (CNPJ 60.661.726/0001-05), headquartered at Avenida Alvaro Otacilio, No. 3731, Sala 610, Cond. Jatiuca Trade Residence, Jatiuca, Maceio/AL, ZIP 57035-180, Brazil.
1. What Cookies Are
Cookies are small files stored in the browser to remember preferences, maintain sessions, and collect technical usage information.
2. Categories Used
Essential: required for authentication, security, and basic platform operation.
Analytics: support performance measurement and experience improvements, where applicable.
Contextual advertising: supports the free plan without individual profiling.
Personalized advertising: only where legal basis and specific consent exist, when required by law.
No non-essential category is activated in conflict with legal requirements on transparency, user choice, and revocation, including rules applicable in European territory.
2.1 Technologies currently used in the platform
The table below reflects the application's current technical mapping. Whenever tracking technology is added or changed, this section will be updated.
| Name | Type | Category | Purpose | Duration | Legal basis (reference) |
|---|---|---|---|---|---|
| sidebar_state | First-party cookie | Essential | Persist the visual state of the admin sidebar. | 7 days | Contract performance / operational legitimate interest |
| instagram_widget.admin.auth | localStorage (browser) | Essential | Persist authenticated admin session via Supabase Auth. | Until logout/session expiration | Contract performance / security |
| Google OAuth + Supabase Auth (third-party cookies/identifiers) | Third party (Google Accounts/Supabase) | Essential (authentication) | Enable Google SSO login, protect OAuth flow, and maintain secure authenticated session. | According to provider session and policy | Contract performance / security (without these items SSO may fail) |
| instagram_widget.admin_theme | localStorage (browser) | Functional | Remember theme preference (light/dark) in admin and legal pages. | Until manual browser cleanup | Legitimate interest (usability) |
| instagram_widget.default_account.<userId> | localStorage (browser) | Functional | Store the default account selected in the dashboard for better navigation. | Until manual browser cleanup | Legitimate interest (usability) |
| Widget sessionId (w_...) | In-memory identifier (not a cookie) | Technical measurement | Group widget events by technical session during the visit. | Tab/page lifetime | Legitimate interest (operational telemetry) |
| External ad server (service-configurable) | Third party (HTTP request/pixel) | Contextual/personalized advertising | Creative delivery, impression/click measurement, and ad-plan commercial operation. | According to media provider policy | Contract performance (contextual) and/or consent for personalization. |
3. Preference Management
Users can review non-essential cookie/technology preferences and withdraw consent previously granted, where applicable.
Disabling non-essential items does not prevent essential functionality use, but may limit optional resources.
Consent choices may be recorded for audit and compliance demonstration, observing minimization and adequate retention.
4. Retention
Retention period varies by purpose and cookie/technical identifier type, respecting minimization and operational necessity.
Where possible, short-lived technical identifiers and purge mechanisms are prioritized.
5. Updates
This policy may change to reflect legal, technical, or operational updates. The current version is always published with effective date.
Cookie preferences (no login required)
These choices are stored only in this browser. Essential security and operation items remain enabled.