SinaptiSinapti

Last updated: 2026-06-12 · v2026-06-12

Cookie Policy

This Cookie Policy explains what cookies and similar technologies are, which ones Sinapti uses (available at https://app.sinapti.com), for what purpose, and how you can accept, reject and withdraw your consent at any time.

This policy has been prepared following the Guidance on the use of cookies issued by the Spanish Data Protection Agency (AEPD) and the layered-information model.

What are cookies?

A cookie is a small text file that a website stores in your browser or device when you visit it. It allows the site to remember information about your visit, such as your login session or your preferences.

Alongside cookies, Sinapti uses other browser storage technologies that serve equivalent functions and which, for the purposes of this policy and of applicable law, receive the same treatment as cookies:

Throughout this policy, the term "cookies" covers both cookies in the strict sense and these similar technologies.

Types of cookies by purpose

Technical or essential cookies (no consent required)

These are indispensable for the application to work and to provide the service you expressly request when you register, sign in and use Sinapti. They do not require your consent and cannot be disabled from the settings panel, because without them the service cannot be provided. They include:

Analytics cookies (consent required)

They allow us to measure and analyse, in aggregate, how the application is used (performance, errors, user-experience metrics) in order to improve it. They are only activated if you give your consent. If you do not, they are not loaded.

Marketing or advertising cookies (consent required)

These would be used to display personalised advertising or to measure campaigns. Sinapti currently does not use any cookie in this category. We keep this section for information purposes in case any are added in the future, in which case your prior consent would be requested and this policy would be updated.

Detailed table of cookies and storage

NameType / PurposeCategoryDurationOwnership
authjs.session-token / __Secure-authjs.session-tokenMaintains the authenticated user session (JWT token)Technical / essentialSession / until sign-outFirst-party
authjs.csrf-token / __Host-authjs.csrf-tokenProtection against CSRF attacks on forms and actionsTechnical / essentialSessionFirst-party
authjs.callback-url / __Secure-authjs.callback-urlHandles redirection after sign-inTechnical / essentialSessionFirst-party
authjs.pkce.code_verifier, authjs.state, authjs.nonceSecurity of Google sign-in (OAuth/PKCE)Technical / essentialSession (ephemeral, during login)First-party
sinapti_consent_idAnonymous identifier that links and evidences your cookie decision (consent record)Technical / essential13 monthsFirst-party
localeRemembers the language chosen by the userTechnical / essential (user choice)12 monthsFirst-party
sinapti-theme (localStorage)Remembers the theme preference (light/dark/system)Technical / essential (user choice)Persistent until clearedFirst-party
sinapti_cookie_consent (localStorage)Stores your cookie decision in the browser so the banner is not shown again while it remains validTechnical / essentialUp to 13 months / until clearedFirst-party
sinapti-sidebar-collapsed, sinapti-global-tags, calendar-prefs, sinapti-dismissals (localStorage)Remember interface settings: sidebar, filters, calendar view and dismissed noticesTechnical / essential (user choice)Persistent until clearedFirst-party
sinapti-offline (IndexedDB)Local storage of documents for offline editing (Yjs) and later synchronisationTechnical / functionalPersistent until clearedFirst-party
sinapti-embeddings (IndexedDB)Local cache for semantic search (only if you enable that feature on the device)Technical / functionalPersistent until clearedFirst-party
RUM SDK session cookie (OpenObserve) [SDK technical name]Identifies the user-experience analytics sessionAnalytics[duration: ___] (typically session / ~15 min of inactivity)First-party (self-hosted)

The authentication cookies carry the __Secure- / __Host- prefix and the secure attribute only in the production environment (HTTPS). Exact names may vary slightly depending on the version of the authentication library.

Legal basis

How to accept, reject and withdraw consent

When you first access the application, Sinapti shows a cookie banner with clear information about its use. In that banner:

Until you make a decision, no non-essential cookie is installed.

To change your decision later, you can reopen the panel at any time through the "Cookie preferences" link available in the application footer. There you can review and modify your choices or fully withdraw your consent.

In addition, you can manage or delete cookies from your browser settings (Chrome, Firefox, Safari, Edge, etc.), as well as clear local storage (localStorage / IndexedDB). Please note that deleting technical cookies may prevent the application from working correctly (for example, by signing you out).

International transfers

The analytics cookies used by Sinapti rely on OpenObserve RUM, self-hosted by Sinapti on infrastructure located in the European Union (OVHcloud). Therefore, the use of cookies does not involve international transfers of data to third countries.

If third-party cookies entailing international transfers were added in the future, this would be expressly stated in this policy and, where applicable, the corresponding consent would be obtained with the safeguards required by the GDPR.

Retention of consent

Your cookie decision is retained for a maximum of 13 months, in line with the AEPD recommendation. Once that period elapses (recorded internally via an expiry date, expiresAt), or when this policy changes materially (controlled via a policy version), we will request your consent again by showing the banner once more.

Your consent will also be requested again if you clear your browser storage.

Changes to the cookie policy

We may update this Cookie Policy to reflect changes in the cookies we use, in the technology employed, or in applicable law. When changes are material, we will notify you by showing the banner again to obtain your consent anew. We recommend that you review this page periodically; the last-updated date and the current version appear in the header of this document.