Cookie Policy
Last updated: May 2026
AGTS uses cookies and similar technologies (localStorage, sessionStorage, web beacons) to operate the platform, secure sessions, remember your preferences, and understand how the service is used. This policy explains what we set, why we set it, how long it persists, and how you can control it.
1. Your consent
When you first visit AGTS we display a banner asking you to accept non-essential cookies. Strictly necessary cookies are set without consent because the platform cannot function without them. You can change your choice at any time by clearing site data in your browser or via the consent banner if available.
2. Categories of cookies we use
Strictly necessary
Required for authentication, security, fraud prevention, and session integrity. Cannot be disabled without breaking the platform.
| Name | Purpose | Duration |
|---|---|---|
| aq_at | Access token (httpOnly, secure, sameSite=strict) | 15 minutes |
| aq_rt | Refresh token (httpOnly, secure, sameSite=strict) | 30 days |
| aq_session | Non-httpOnly hint cookie. Tells the client a session exists so it can skip /auth/me calls when logged out. | 30 days |
Functional
Remember language and UI preferences. Set with consent where required.
| Name | Purpose | Duration |
|---|---|---|
| agts:locale (localStorage) | Stores your language choice (en or es) | Persistent until cleared |
| agts:recently-viewed (localStorage) | Recently viewed products for the marketplace surface | Persistent until cleared |
| agts:cart (localStorage) | Cart state before checkout | Persistent until cleared |
Analytics and performance
Help us understand how users interact with the platform so we can improve it. Aggregated and anonymized where possible. Set with consent.
| Name | Purpose | Duration |
|---|---|---|
| Vercel Analytics | Page-view and Core Web Vitals telemetry. No personal identifiers. | Session-scoped |
| Sentry session-replay | Error reporting and session reconstruction for debugging. PII redacted at capture. | Session-scoped (90 days at Sentry) |
Third-party processors
Set by services we use to deliver the platform. Subject to those providers’ policies.
| Name | Purpose | Duration |
|---|---|---|
| Stripe | Card payments, fraud detection on /checkout pages. | Per Stripe policy |
| Google Fonts | Font loading (no cookies; CSS only). | — |
3. Managing cookies
You can block, delete, or restrict cookies via your browser settings (Chrome, Firefox, Safari, Edge all expose this). Blocking strictly necessary cookies will prevent login. Where we offer a consent banner, you can withdraw consent at any time. To export or delete your account data, see our Privacy Policy.
4. Do Not Track
Many browsers send a Do-Not-Track signal. Industry standards for honoring DNT are unsettled. We currently do not respond differently to DNT signals, but we minimize tracking by default (no cross-site advertising cookies are set).
5. Changes
We may update this Policy from time to time. Material changes will be announced by email or by prominent notice on the platform.
6. Contact
Questions or to exercise privacy rights: privacy@safa.mx.
This document is provided for transparency. It is a draft pending review by qualified legal counsel and does not constitute legal advice.