Skip to main content

Cookie Policy

Last updated: May 2026

Introduction

This Cookie Policy explains what cookies are, which ones we use on megrowthes.com and app.megrowthes.com, what we use them for, and how you can manage your consent. It is an integral part of our Privacy Policy and applies to anyone who visits or uses our services.

What are cookies?

Cookies are small text files that a website stores on your device when you visit it. They allow the site to remember your actions and preferences (language, signed-in state, consents) for a period of time, so you don't have to re-enter them every time you return or navigate between pages. We also use similar technologies such as the browser's localStorage, which serves an equivalent purpose.

Legal basis and consent

We process the data associated with cookies in accordance with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC (ePrivacy), and the Spanish Organic Law 3/2018 on the Protection of Personal Data (LOPDGDD). The legal basis is:

  • Strictly necessary cookies: legitimate interest (Art. 6.1.f GDPR) and the technical exemption of Art. 22.2 LSSI, including authentication cookies used only when you explicitly request sign-in or click "Sign in with Google".
  • Analytics cookies: explicit prior consent (Art. 6.1.a GDPR), collected per category through our banner.
  • Marketing cookies: explicit prior consent (Art. 6.1.a GDPR), collected per category through our banner. No marketing scripts are loaded today.

Cookie categories

Essential

Required for the site to work: sign-in, registration, the Google OAuth redirect when you choose Google sign-in, anti-bot verification, language. They cannot be disabled and do not require consent.

Analytics (opt-in)

Aggregated, anonymous metrics with PostHog (EU Cloud). Sentry session replay is also gated by this category: if you decline analytics, the PostHog SDK is not loaded and no replays are sent to Sentry. You can turn this off any time from the banner or your profile.

Marketing (opt-in)

Reserved for future campaign-tracking integrations (e.g. HubSpot). No marketing script is loaded today; the category exists in the banner for transparency so you can grant or refuse consent specifically.

Cookie and storage detail

This table reflects the cookies and local-storage entries we currently use. We review it periodically and update it when our technical stack changes.

Name Domain Category Provider Purpose Retention
mg-consent .megrowthes.com Essential Me Growth (first-party) Shared cookie across megrowthes.com and app.megrowthes.com that stores the per-category consent state (essential / analytics / marketing), version and date. Lets us honour the decision when the user moves between subdomains without re-showing the banner. 13 months
cookie-consent megrowthes.com Essential Me Growth (first-party) Local copy of the landing consent state (same JSON shape as mg-consent). Kept for environments where the browser blocks subdomain cookies. 12 months
cookie-preferences app.megrowthes.com Essential Me Growth (first-party) Local copy of the consent state inside the app, equivalent to cookie-consent on the landing. 12 months
NEXT_LOCALE app.megrowthes.com Essential Me Growth (first-party) Remember the selected language (ES / EN). 12 months
sb-*-auth-token app.megrowthes.com Essential Supabase Keep you signed in. Session / until sign-out
sb-*-auth-token-code-verifier app.megrowthes.com Essential Supabase Secure authentication flow (PKCE). 5 minutes
Google account / session / security cookies (e.g. SID, HSID, __Secure-1PSID, __Secure-3PSID, NID and related Google cookies) accounts.google.com / .google.com Essential for Google sign-in only Google Identity Services Used by Google on Google domains during the OAuth redirect to authenticate your Google Account and return the sign-in result to Me Growth. We do not set or read these cookies on megrowthes.com; the redirect happens only if you click "Sign in with Google". Google may also use existing Google cookies for its own account, security, preferences, or advertising purposes under Google's policies. Set by Google according to your Google Account / browser settings
cf_clearance, cf_chl_* challenges.cloudflare.com Essential Cloudflare Turnstile Anti-bot verification during sign-up and sign-in. 30 minutes
ph_* .megrowthes.com via /mg-flow on megrowthes.com and app.megrowthes.com Analytics (opt-in) PostHog (EU Cloud) Coarse funnel analytics. No session recording, free text, or PII. The SDK is not loaded until you accept this category. 12 months
sentryReplaySession megrowthes.com / app.megrowthes.com Analytics (opt-in) Sentry (EU) Replay session identifier for error diagnostics. Only started after you accept the analytics category. Session
— (no marketing cookies active) Marketing (opt-in) No marketing scripts are loaded today. When one is added (e.g. HubSpot), it will be listed here and only loaded if you accept this category.

Google OAuth cookies are only involved if you click "Sign in with Google" and are set and controlled by Google on Google domains; we do not load them otherwise. Analytics and marketing cookies are only loaded if you accept the corresponding category in the banner. If you decline, no PostHog, Sentry replay, or marketing script touches your browser.

Third parties we share data with

Where the providers below act as our processors, they are bound by a Data Processing Agreement (DPA) and process the data exclusively for the purposes described. Where a provider operates its own account or security service (e.g. Google Identity Services for federated sign-in), its public privacy terms also apply.

  • Supabase — authentication and database (EU servers, eu-west-1, Dublin).
  • Vercel — hosting for the site and the application.
  • Cloudflare — CDN and anti-bot protection (Turnstile).
  • PostHog — product analytics (EU Cloud).
  • HeyGen — conversational avatar service.
  • Brevo — email communications (newsletter, notifications).
  • Resend — transactional emails (account verification, password reset).
  • Sentry — technical error monitoring (PII scrubbed before sending).
  • Google Identity Services — optional federated sign-in redirect and account linking (only when you choose this method).

How to manage your consent

You are in control at all times:

  • Initial banner: three equivalent options — "Reject all", "Customize" and "Accept all". If you choose "Customize" you can enable/disable Analytics and Marketing separately; Essential cookies are mandatory.
  • Change later: clear site data in your browser to see the banner again, or go to your profile → Privacy to change preferences per category.
  • Versioning: if the banner or policy changes, we bump the consent version and the banner reappears to collect a new, per-category consent.
  • Browser settings: every modern browser also lets you block or delete cookies from its settings.

Your rights

You have the right to access, rectify, erase, restrict the processing of, port, and object to the processing of your data. You can exercise these rights by writing to:

Email: info@megrowthes.com

If you believe we have not responded properly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, https://www.aepd.es/).

Changes to this policy

We may update this Cookie Policy to reflect technical, legal, or operational changes. When we do, we will update the "Last updated" date in the header and, if the changes are material, we will show you the banner again to collect a new consent.