Cookie Policy
Last updated: February 2026
1. What Are Cookies?
Cookies are small text files that websites store in your browser when you visit them. They are used to keep your session active, protect forms against attacks, and remember your authentication preferences. They are essential for the platform to function securely.
2. Cookies We Use
2.1 Strictly Necessary
These cookies are essential for the platform to operate. Without them, you would not be able to sign in, submit forms, or use basic features. They cannot be disabled because the platform would not function without them.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| XSRF-TOKEN | Protection against CSRF (Cross-Site Request Forgery) attacks. Every form you submit includes this token to verify that the request originates from our site and not from a malicious third party. | 2 hours | First-party |
| quadraprofile_session | Session identifier. Allows the server to recognize your browser as you navigate the platform, maintaining your authentication state and temporary data (such as active filters or in-progress forms). The content is encrypted with AES-256-CBC. | 2 hours of inactivity | First-party |
| remember_web_* | Only set if you check the “Remember me” box when signing in. Stores an encrypted token that allows you to reconnect automatically without re-entering your password. | 5 years | First-party |
Security: All our first-party cookies are transmitted exclusively over HTTPS (Secure flag), are marked as HttpOnly (not accessible from JavaScript, except XSRF-TOKEN which requires it), and use the SameSite=Lax policy to prevent sending in third-party contexts.
3. Browser Local Storage
In addition to cookies, we use browser local storage (localStorage) to save interface preferences. This information is never sent to the server and remains exclusively on your device.
| Key | Purpose |
|---|---|
| qp-theme | Stores your light or dark mode preference in the management interface. |
| whatsapp_tooltip_seen | Records whether you have already seen the WhatsApp button tooltip so it is not shown repeatedly. |
| whatsapp_contacted | Records whether you have already contacted us via WhatsApp to adjust the widget behavior. |
| site_visits | Local visit counter to personalize the contact widget experience. |
| tour_*_completed | Marks which interactive guided tours you have completed so they are not repeated. |
| printInstructionsShown | Records whether the certificate printing instructions have already been shown. |
| selected_plan | Temporarily stores the plan selected on the pricing page to pre-fill the registration form. |
4. Third-Party Services
To operate the platform we use external services that may set their own cookies or collect technical data (such as your IP address) when delivering content:
Google Fonts
We load the Inter typeface from fonts.googleapis.com. When requesting the fonts, Google receives your IP address and may log the request on its servers. Google Fonts does not set tracking cookies, but it does process connection data. For more information, see the Google Fonts privacy policy.
Cloudflare CDN
We use Cloudflare's content delivery network (cdnjs.cloudflare.com) to load open-source libraries such as Font Awesome (icons). Cloudflare may set technical cookies such as __cfruid to identify clients behind shared IPs and apply security measures. These cookies are classified as “strictly necessary” according to Cloudflare's own classification.
Transbank
Only during the payment process. When you are redirected to the Transbank payment gateway to complete a transaction, Transbank sets its own session cookies necessary to process the payment securely. These cookies operate exclusively on Transbank's domain and are not under our control.
No advertising or tracking: QuadraProfile does not use advertising cookies, retargeting cookies, or tracking cookies for commercial purposes. We do not sell or share browsing data with advertising networks.
5. Cookie Duration
The cookies we use are classified by their duration:
- Short-lived cookies: XSRF-TOKEN and quadraprofile_session expire after 2 hours of inactivity. If you close the browser and reopen it within that period, the session remains active.
- Persistent cookies: remember_web_* is only set if you choose “Remember me”. It persists for up to 5 years or until you sign out manually, whichever comes first.
6. Managing and Deleting Cookies
You can manage, block, or delete cookies from your browser settings:
Google Chrome
Settings → Privacy and security → Cookies and other site data
Mozilla Firefox
Settings → Privacy & Security → Cookies and Site Data
Safari
Preferences → Privacy → Manage Website Data
Microsoft Edge
Settings → Cookies and site permissions → Manage and delete cookies
Important: If you delete the XSRF-TOKEN or quadraprofile_session cookies, your active session will be terminated and you will need to sign in again. Public forms (such as the data deletion request) also require these cookies to function correctly.
To delete local storage data (localStorage), you can use your browser's developer tools (F12 → Application → Local Storage) or clear all site data from the privacy settings.
7. Legal Basis
The use of strictly necessary cookies is based on our legitimate interest in providing a secure and functional service (Art. 6.1.f GDPR). Without these cookies, the platform cannot operate.
In the case of the remember_web_* cookie, the legal basis is the explicit consent of the user when checking the “Remember me” box on the sign-in form.
8. Changes to This Policy
If we introduce new categories of cookies (for example, analytics or marketing), we will update this policy and, where appropriate, request your consent before activating them. The “last updated” date at the top of this page indicates when the most recent revision was made.
9. Contact
If you have questions about the use of cookies or wish to exercise your privacy rights, you can contact us: