Last updated: May 16, 2026Version 1.0.0

Cookie Policy

Effective date: June 10, 2026 Version: 1.0.0

This Cookie Policy explains, transparently, what cookies and similar technologies are, which ones we use on the platform, for what purpose, for how long, and how you can manage them. It complements the Privacy Policy and should be read together with it.

The platform is operated by nottepass Tecnologia Ltda., registered under CNPJ No. 51.890.784/0001-01 ("nottepass", "we", "us"). The data processing described here complies with Law No. 13,709/2018 (the Brazilian General Data Protection Law — LGPD) and the Brazilian Civil Rights Framework for the Internet (Law No. 12,965/2014).

By continuing to browse, you agree to the use of essential cookies, which are indispensable to the operation of the platform. Optional cookies (analytics and marketing) are only used with your consent, as explained below.

1. What cookies and similar technologies are

Cookies are small text files that a website stores in your browser to recognize your device, remember preferences, and allow the platform to work properly. In addition to cookies, we use technologies with a similar function, such as local storage (Local Storage and Session Storage) and, occasionally, pixels and web beacons (see sections 4 and 5).

For the purposes of this Policy, we treat all of these technologies equivalently whenever they perform the function of storing or accessing information on your device.

2. Why we use cookies

We use cookies and similar technologies to:

  • Keep you authenticated and protect your session;
  • Remember preferences, such as language and theme;
  • Enable essential features, such as the shopping cart;
  • Ensure the security of the platform and prevent fraud;
  • With your consent, measure platform usage and personalize marketing communications.

3. Categories of cookies we use

3.1 Essential cookies (always active)

These are indispensable to the operation and security of the platform. Without them, basic features such as login, language, and checkout do not work. Because they are strictly necessary, they do not require prior consent.

CookiePurposeDuration
refreshTokenKeeps your session securely authenticated. It is an HttpOnly cookie (inaccessible to scripts) and SameSite=Strict, an attribute that also protects against cross-site request forgery (CSRF) attacks.7 days
NEXT_LOCALERemembers your chosen language so the platform is displayed in your preferred language.12 months

Legal basis: legitimate interest (Art. 7, IX, of the LGPD) — operation and security of the platform.

For security, the access token used during browsing is kept only in the browser's memory and is not stored in a cookie, Local Storage, or Session Storage.

3.2 Analytics cookies (optional)

These collect information about how you use the platform — pages visited, time spent, and access source — mostly in aggregated form, to help us understand and improve the experience.

CookieProviderPurposeDuration
_ga, _ga_*Google AnalyticsPlatform usage and performance statisticsup to 24 months

Legal basis: consent (Art. 7, I, of the LGPD).

3.3 Marketing cookies (optional)

These allow us to measure campaigns and present communications and ads more relevant to your interests, both within and outside the platform.

CookieProviderPurposeDuration
_fbpMeta (Facebook/Instagram)Campaign measurement and remarketingup to 90 days

Legal basis: consent (Art. 7, I, of the LGPD).

Analytics and marketing cookies are only activated after your acceptance in the consent banner. Until you consent, only essential cookies are used.

4. Local storage (Local Storage and Session Storage)

In addition to cookies, the platform uses your browser's local storage for features that do not require sending data to the server with every request:

ItemPurposeDuration
np-cookie-consentRecords your cookie preferences (accepted categories, version, and date) so we can honor your choice and evidence your consentup to 12 months
Theme preferenceRemembers whether you chose the light or dark themePersistent, until cleared
Cart selection (guest)Keeps the items you selected before completing the purchaseTemporary
Local navigation historyImproves navigation between pages you visited on the platformPersistent, until cleared
Checkout idempotency keyPrevents duplicate charges when completing a purchaseSession

This data is stored on your device and can be deleted at any time in your browser settings. For authenticated users, the cookie consent record is also stored on our servers as evidence of your declaration of will, in accordance with the Privacy Policy.

5. Other similar technologies

We may use, especially in email communications:

  • Tracking pixels and web beacons: transparent images that indicate the delivery and opening of emails, helping us measure the effectiveness of communications and avoid improper sending.

When these technologies serve analytics or marketing purposes, we observe the same legal bases as in section 3.

6. Third-party cookies and services

Some cookies and technologies are set by third-party services that we use to operate the platform, process payments, or — with your consent — measure audience and campaigns. These third parties process data in accordance with their own policies, over which nottepass has no control. We recommend reading:

7. How to manage your preferences

7.1 Consent banner and "Manage Cookies"

On your first visit, we display a consent banner in which you can:

  • Accept all cookies;
  • Reject the optional ones (essential cookies remain active);
  • Customize your choice by category (analytics and marketing).

You can change or withdraw your preferences at any time by clicking "Manage Cookies" in the platform's footer. Your choices are recorded and honored on future visits, and are renewed periodically (at most every 12 months) or when this Policy is materially updated.

7.2 Browser settings

Most browsers allow you to block or delete cookies through their settings:

  • Chrome: Settings → Privacy and security → Cookies;
  • Firefox: Options → Privacy & Security → Cookies and Site Data;
  • Safari: Preferences → Privacy;
  • Edge: Settings → Cookies and site permissions.

Note: blocking or deleting essential cookies may prevent parts of the platform from working, such as login and checkout.

8. International data transfers

Some analytics, marketing, and infrastructure providers may process data on servers located outside Brazil. In such cases, we ensure that the transfer observes the requirements of the LGPD (Art. 33 et seq.), through appropriate contractual clauses and the requirement of protection standards compatible with Brazilian law.

9. Limitation of liability

nottepass takes reasonable measures to ensure that the use of cookies is secure and transparent. Nevertheless, and without prejudice to the legal guarantees ensured by the Brazilian Consumer Protection Code:

  • nottepass is not responsible for data processing carried out by third parties (such as Google, Meta, and the payment gateway) through their own cookies and technologies, which is governed exclusively by those third parties' policies;
  • The management of cookies and local storage on your device is your responsibility; nottepass is not responsible for consequences arising from blocking, clearing, or refusing essential cookies, including the unavailability or malfunction of platform features;
  • The technologies described here are provided "as is" and may experience temporary unavailability due to maintenance, third-party failures, or force majeure events;
  • nottepass is not responsible for settings, extensions, or software installed on your device that interfere with the operation of cookies or the platform.

10. Updates to this Policy

We may update this Cookie Policy whenever there are changes in the technologies used or in applicable legislation. The version in force is always the one published on this page, identified by the effective date. Material changes to the purposes of optional cookies may give rise to a new request for consent.

11. Governing law and jurisdiction

This Policy is governed by Brazilian law. The courts of the district of Presidente Prudente, State of São Paulo, are elected to resolve any disputes, without prejudice to the consumer's right to choose the courts of their own domicile (Art. 101, I, of the Consumer Protection Code).

12. Contact

Questions about this Cookie Policy or about the processing of your data may be sent to the Data Protection Officer (DPO):

Email: privacidade@nottepass.com.br


Last updated: June 10, 2026