Cookies Policy
This Cookies Policy describes the use of cookies and similar technologies
(localStorage, sessionStorage, IndexedDB) in the application
Scriptorium, operated by
pibiCo Compañía de Inteligencia de Negocio y Control SL
("pibiCo"), VAT ES B52567831, registered office at
Avenida de La Costa, 35-6T, 33201 Gijón, Asturias, Spain. This policy
complies with Art. 22.2 LSSI-CE (Spanish e-commerce law), the GDPR and the
AEPD's Cookies Guide (current version).
1. What are cookies?
Cookies are small text files that a website stores in your browser or
device when you visit it. They allow recognising the User on subsequent
visits, remembering preferences and managing the session. Together with
cookies we also use local storage (localStorage,
sessionStorage) to save UI preferences, language and consent
state.
2. Cookie types by purpose
2.1 Strictly necessary (always active)
Essential for the Platform to work. No consent required under Art. 22.2 LSSI-CE (technical exception).
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
auth_jwt | Authenticated session (HttpOnly, Secure, SameSite=Strict) | First-party | 24 hours |
pibico_refresh | Automatic session renewal | First-party | 30 days |
pibico_consent_api_script (localStorage) | Cookie consent state | First-party | 12 months |
cf_turnstile | Anti-bot (Cloudflare Turnstile) | Third-party | 30 minutes |
X-Org-Id (header) | Active multi-tenant organisation selection | First-party | Session |
2.2 Analytics (opt-in)
Help us understand how the Platform is used to improve it. Only active if the User accepts them in the cookie banner.
| Cookie | Purpose | Duration |
|---|---|---|
| We currently do not use third-party analytics cookies. | ||
2.3 Marketing (opt-in)
Used to personalise commercial communications. Only active with explicit consent.
| Cookie | Purpose | Duration |
|---|---|---|
| We currently do not use marketing cookies. | ||
3. Cookie types by ownership
- First-party: managed directly by pibiCo from its servers.
- Third-party: managed by external providers (e.g. Cloudflare Turnstile for anti-bot, Stripe for payment checkout pages). Each third party operates under its own policy.
4. Cookie types by duration
- Session: deleted when the browser is closed.
- Persistent: remain on the device for the duration shown in the table above or until the User deletes them.
5. Consent management
5.1 Cookie banner
The cookie banner appears the first time the User accesses Scriptorium and offers:
- Accept all: enables all categories.
- Necessary only: declines analytics and marketing.
- Configure: granular per-category control with toggles.
Consent is recorded with version + timestamp in
localStorage under the key pibico_consent_api_script.
When we publish a materially different version of cookies, consent is
requested again.
5.2 Modify preferences
The User can review or modify preferences at any time from Settings → Cookies inside the Platform or by clicking "Manage cookies" in the footer.
5.3 Withdraw consent
The User can withdraw consent at any time, with the same procedure used to grant it. Withdrawal does not affect the lawfulness of processing based on previous consent.
6. Browser-level deactivation
The User may also disable or delete cookies from the browser configuration:
Note that disabling strictly necessary cookies may prevent the Platform from working correctly (authentication, anti-bot security, session persistence).
7. International transfers
Some third parties (Cloudflare, Stripe) may store cookies on servers outside the EEA. Transfers are made on the basis of Standard Contractual Clauses or Adequacy Decision where applicable.
8. Updates
This Policy may be updated when cookies are added or removed. The new version will be published with its effective date and, if changes are material, fresh consent will be requested.
9. Contact information
For any question about cookies write to soporte@pibico.es or to the DPO at soporte@pibico.es.
Last updated: 2026-05-10 · Version 1.0.0