ArchitectureA supervised JVM-class runtime — OLTP on seven engines, OLAP on three. AI-native, MCP-native, observable as plain SQL.Read the architecture
Está viendo la edición Perú. Está viendo la edición Colombia. You're viewing the Pakistan edition. Cambiar a la edición global →Cambiar a la edición global →Switch to the global edition →
Legal

Cookies Policy

This policy explains the cookies and similar technologies used by Airtool Technologies S.L. on this site. It is the per-cookie disclosure the Spanish data-protection authority (AEPD) requires of every site, including sites that — like this one — set no analytics or marketing cookies.

What is a cookie?

A cookie is a small text file that a website stores on your device when you visit it. Cookies are widely used to make websites work, to make them work more efficiently, and to provide information to the owners of the site. Some cookies are set by the site you are visiting (first-party cookies) and others are set by domains other than the one you are visiting (third-party cookies).

Similar technologies — such as the browser's local storage and session storage — are governed by the same legal regime as cookies under Article 5(3) of the ePrivacy Directive. This policy covers both.

Regulatory framework

The processing of cookies on this site is governed by Article 5(3) of the ePrivacy Directive (2002/58/EC, amended by 2009/136/EC), Regulation (EU) 2016/679 (GDPR), the Organic Law 3/2018 (LOPDGDD), the EDPB Guidelines 2/2023 on the technical scope of Article 5(3), and the Spanish Data Protection Agency Guía sobre el uso de cookies (current edition). The CONTROLLER is AIRTOOL TECHNOLOGIES S.L., Pasaje Torras i Bages 2, 08017 Barcelona, Spain. Contact: info@airtool.io.

Cookies set by this site

This site does not set any marketing or profiling cookies. Google Analytics 4 is used for aggregate audience measurement — its cookies (_ga and _ga_[MEASUREMENT-ID]) are only set if the visitor explicitly consents via the banner displayed on first visit.

_ga (analytics, consent required)

  • Name: _ga
  • Controller: AIRTOOL TECHNOLOGIES S.L. and Google LLC (joint controllers for analytics processing).
  • Purpose: distinguish individual visitors for aggregate audience measurement. Used by Google Analytics 4.
  • Duration: 2 years.
  • Type: analytics.
  • Consent required: yes — only set after the visitor accepts via the cookie-consent banner. Google Consent Mode v2 keeps measurement in the denied state until consent is granted.
  • Third-country transfer: data is transmitted to Google LLC in the United States under standard contractual clauses (Article 46 GDPR, post-Schrems II).

_ga_[MEASUREMENT-ID] (analytics, consent required)

  • Name: _ga_[MEASUREMENT-ID] (where [MEASUREMENT-ID] is the GA4 property identifier for this site).
  • Controller: AIRTOOL TECHNOLOGIES S.L. and Google LLC (joint controllers).
  • Purpose: persist session state for Google Analytics 4.
  • Duration: 2 years.
  • Type: analytics.
  • Consent required: yes — same conditions as _ga above.
  • Third-country transfer: same as _ga above.

cookie-consent-v1 (functional)

  • Name: cookie-consent-v1
  • Controller: AIRTOOL TECHNOLOGIES S.L. (first-party, browser localStorage — not an HTTP cookie).
  • Purpose: store the visitor's consent choice (accepted or rejected) so the banner is not shown again on subsequent visits.
  • Duration: until cleared by the visitor. Stored in localStorage, not subject to browser cookie expiry.
  • Type: functional / consent-management.
  • Consent required: no — strictly-necessary exemption applies. The storage write is required to honour the visitor's stated choice and is the minimum necessary to avoid re-asking on every page load.

deister_locale (functional, structurally inert on this site)

  • Name: deister_locale
  • Controller: AIRTOOL TECHNOLOGIES S.L. (first-party)
  • Purpose: persist the visitor's regional navigation choice across page loads.
  • Duration: one year (max-age 31,536,000 seconds).
  • Type: functional / UI-customisation.
  • Consent required: no — strictly-necessary exemption applies under EDPB Guidelines 2/2023 §3.2 and AEPD Guía table 4 (cookies de personalización exentas del consentimiento).
  • Status on airtool.io: not set in practice. The shared inline script that writes this cookie is gated on URLs matching /pk/, /pe/ or /co/. Airtool.io has no such URLs, so the cookie is never written on this domain. It is listed here for transparency because the disclosure obligation under GDPR Article 13 runs from the intent to process, not from the de-facto write count.

Browser storage similar to cookies

The public surface of this site uses localStorage for two purposes:

  • cookie-consent-v1: stores the visitor's consent choice (see "Cookies set by this site" above).
  • deister_locale: stores the visitor's regional navigation choice (see deister_locale entry above).

Two admin-only assets (designer.js and editor-panel.js) also use localStorage to persist editor UI state, but those assets only render behind authenticated admin sessions and are not loaded on public pages.

Third-party network requests

The site emits a JavaScript beacon to Cloudflare Web Analytics (static.cloudflareinsights.com for the beacon script; cloudflareinsights.com for the measurement endpoint). The beacon reports aggregate page-view data — URL, referrer host, viewer country, browser and operating system, core-web-vitals performance signals — to Cloudflare. No cookie is set by Cloudflare. No persistent client identifier is stored. Sessions are derived from a daily-rotating salt of the visitor's IP address and user-agent, so the same visitor on two different days is counted as two anonymous visitors. The CONTROLLER receives only aggregate counts on the Cloudflare dashboard. The processing qualifies for the strictly-necessary-analytics exemption from consent under Article 5(3) of the ePrivacy Directive, EDPB Guidelines 2/2023 §3.2 and the AEPD analytics-exemption criteria.

If the visitor consents via the cookie banner, the site loads Google Analytics 4 via gtag.js (www.googletagmanager.com) and transmits page-view and event data to Google's measurement endpoints (www.google-analytics.com, analytics.google.com). This is a third-country transfer to the United States under standard contractual clauses (Article 46 GDPR, post-Schrems II). No GA4 request is made before the visitor accepts or after the visitor rejects.

The site embeds video content via youtube-nocookie.com with the dnt=1 (do-not-track) parameter, exposed only as a poster-image facade. The iframe is loaded only after the visitor explicitly clicks the poster, at which point Google's own YouTube terms apply to the resulting connection. No cookies are set before the visitor's click.

Typography is self-hosted under /assets/fonts/ — no third-party font origin is contacted.

Managing cookies

You can clear any cookie at any time using your browser's standard privacy controls. Every modern browser (Chrome, Edge, Firefox, Safari, Brave, Vivaldi, etc.) provides settings to view, delete and block cookies, both globally and per site. See your browser's documentation for the exact path.

To withdraw analytics consent and clear the GA4 cookies, click "Cookie settings" in the footer of any page. Clearing the cookie-consent-v1 entry from localStorage will cause the consent banner to reappear on your next visit.

Changes to this policy

If we add a new cookie or similar technology to this site, this policy will be updated in the same commit that ships the change. The Content Security Policy currently in force makes it mechanically impossible to add a third-party tracker without an explicit Terraform diff that we audit through both the security-posture and analytics review topics, so this disclosure stays in sync with the deployed reality by construction.

See also the Privacy Policy at /privacy-policy/ for the broader data-protection framework, the data-subject rights, and the AEPD complaint route.