Cookie Policy
Last updated: March 29, 2026
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help us provide a functional and secure experience. This policy explains which cookies we use, why, and how you can control them.
This policy complies with the EU ePrivacy Directive (2002/58/EC, Art. 5(3)), the Spanish LSSI (Ley 34/2002, Art. 22.2), GDPR (Articles 6-7), and CalOPPA (Cal. Bus. & Prof. Code §22575).
2. Strictly Necessary Cookies
These cookies are required for the Platform to function. They cannot be disabled. No consent is required for these cookies under the ePrivacy Directive, as they are essential for the service you requested.
| Cookie Name | Purpose | Party | Duration |
|---|---|---|---|
| PHPSESSID | Maintains your login session | First-party | Session |
| REMEMBERME | Persistent login ("remember me" checkbox) | First-party | 7 days |
| csrf_token | Protects against cross-site request forgery attacks | First-party | Session |
| cookie_consent | Remembers your cookie preferences | First-party | 1 year |
3. Functional Cookies
These cookies enhance your experience by remembering preferences. They are not strictly necessary but improve usability.
| Storage | Purpose | Duration |
|---|---|---|
| localStorage: aitutor_skip_disclaimer | Remembers if you chose to skip the practice disclaimer video | Persistent |
| sessionStorage: arena:* | Stores active session configuration for voice/video practice | Browser session |
4. Analytics Cookies
We may use analytics services to understand how visitors interact with the Platform. If analytics cookies are used, they will only be set after you provide consent via our cookie banner, as required by the ePrivacy Directive and LSSI Art. 22.2.
Currently, we do not use third-party analytics tracking cookies. If this changes, this policy will be updated and consent will be requested per LSSI Art. 22.2.
5. Third-Party Cookies
The following third-party services may set cookies when you interact with their features:
- Stripe — sets cookies during the payment process for fraud prevention and payment processing. See Stripe's Cookie Policy.
- Google OAuth — sets cookies when you log in with Google. See Google's Cookie Policy.
6. Do Not Track Signals
As required by CalOPPA (Cal. Bus. & Prof. Code §22575(b)(6)), we disclose that our Platform does not currently respond to "Do Not Track" (DNT) browser signals. We do not use third-party advertising or behavioral tracking, so DNT signals do not change your experience on the Platform.
7. Managing & Deleting Cookies
You can control and delete cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Note: Blocking essential cookies (PHPSESSID, CSRF token) will prevent the Platform from functioning correctly. You will not be able to log in or use voice practice features.
To clear localStorage and sessionStorage, use your browser's Developer Tools (usually F12 → Application → Storage).
8. Changes to This Policy
We may update this Cookie Policy when we add or remove cookies, or when legal requirements change. Changes will be posted on this page with an updated revision date. If we introduce non-essential cookies that require consent, we will request it via a cookie consent banner before setting them.