Cookie Policy

v2026.07 · July 3, 2026

OneRealSet only uses cookies and browser storage that are strictly necessary for the application to work: one language cookie and a handful of local storage items. We do not use analytics, advertising, profiling or third-party cookies, which is why you will not see a cookie banner — the law does not require one for these technical items. This policy explains in plain language exactly what we use, what it is for, how long it lasts and how you can manage it from your browser.

1. Who is responsible

The OneRealSet website and application (an online personal training platform with an AI coach available via web chat and WhatsApp) are operated from Spain by: - Owner: [RELLENAR: nombre y apellidos del titular] - Tax ID (NIF): [RELLENAR: NIF] - Address: [RELLENAR: domicilio] - Email: [RELLENAR: email de contacto] This cookie policy is provided in compliance with Article 22.2 of Spanish Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE), and complements our Privacy Policy, which explains in detail how we process your personal data.

2. What cookies and similar technologies are

Cookies are small text files that a website stores in your browser. They are used, for example, to remember a preference (such as your language) between one visit and the next. They are sent to the server with every request to the site that created them. There are also similar technologies. The most relevant one in OneRealSet is browser local storage (localStorage): a space where the site saves data directly on your device. Unlike cookies, that data is not automatically sent to the server and does not expire on its own: it remains until the application or you delete it. Spanish law (Article 22.2 LSSI-CE) treats cookies and these similar technologies in the same way: both are data storage and retrieval devices on the user's equipment. That is why this policy covers both.

3. Exactly what we use

OneRealSet uses only the following items, all of them technical and first-party. There is nothing else: - NEXT_LOCALE — Type: first-party technical cookie, set with the SameSite=Lax attribute. Purpose: to remember your language preference (Spanish or English) so the application is shown in your language on every visit. Duration: 1 year (365 days) from when it is set or renewed. - one-realset-store — Type: first-party local storage (localStorage). Purpose: to keep the application state in your browser (for example, your dashboard data and interface preferences) so the app runs smoothly and you do not lose context between visits. Duration: no automatic expiry; it remains until the application updates it or you clear the site data. - Supabase session tokens — Type: first-party local storage (localStorage); these are the keys whose names start with "sb-". Purpose: to keep you securely signed in (authentication). Without them you would have to enter your password constantly. Duration: for as long as the session is active; they are renewed automatically and removed when you sign out. - streak_alert_last_date — Type: first-party local storage (localStorage). Purpose: to remember, in this browser, when the last training streak alert was shown to you, so the same notice is not repeated on the same day. Duration: no automatic expiry; it remains until you clear the site data. We do not use any analytics, advertising, tracking or profiling cookies or storage, and we do not place third-party cookies on our domain.

4. Why we do not ask for consent (no banner)

The law only requires consent for cookies that are not necessary to provide the service. Article 22.2 of the LSSI-CE exempts from consent those storage devices that are strictly necessary to provide a service expressly requested by the user, and the cookie guidance issued by the Spanish Data Protection Authority (AEPD) confirms that technical cookies — such as session or authentication cookies, and personalisation chosen by the user, for example the language — fall within that exemption. Every item OneRealSet uses (language, application state, authentication session and the streak alert marker) fits that category: they are essential to, or directly instrumental for, the service you yourself request when using the app. That is why we do not show a cookie banner: not because we have chosen to skip it, but because it is not required when only exempt cookies are used. Being honest also means not asking you for unnecessary clicks.

5. Third-party cookies

OneRealSet does not embed third-party cookies on its website or in its application: no social media, advertising or audience measurement cookies. An important clarification about payments: subscriptions are paid through Stripe. When you start a payment or manage your subscription, you do so on Stripe's checkout and billing portal pages, which are served from Stripe's own domain (not ours). On that domain, Stripe may use its own cookies, for example for security and fraud prevention purposes, in accordance with its own cookie policy, which we recommend you review. OneRealSet does not control those cookies and does not place them on our domain. Also remember that we never store card numbers. If you use the coach via WhatsApp, that conversation takes place in the WhatsApp application, which uses no cookies from us and is governed by the terms and policies of its own provider.

6. How to manage or delete cookies and local storage

You can view, block and delete both cookies and local storage from your browser settings. The exact steps vary by browser and version, but in general: - Chrome and Edge: settings menu, privacy and security section, cookie and site data options (or clear browsing data). - Firefox: settings, privacy and security section, cookies and site data. - Safari: preferences or settings, privacy section, manage website data. - In most browsers you can also click the padlock or settings icon next to the address bar to manage the data for this site only. From those options you can delete OneRealSet's data specifically or all sites' data, and set default blocking rules. Bear in mind that clearing the site data will sign you out and reset your language preference; your account and training data are not lost, because they are stored on our servers, not in your browser.

7. What happens if you block them

Because OneRealSet only uses technical items, blocking them directly affects how the application works: - Without the Supabase session tokens it is not possible to stay signed in: you will not be able to use any feature that requires an account. - Without one-realset-store the application cannot keep its state in the browser and may behave erratically or more slowly. - Without the NEXT_LOCALE cookie the application will not remember your language and will revert to the default language on every visit. - Without streak_alert_last_date you may see the same streak alert repeated several times on the same day. Public informational pages may remain readable, but the application as a service needs these items to function. There is no signed-in version of OneRealSet that works with storage completely blocked.

8. Changes to this policy

If in the future we add cookies or technologies that are not exempt — for example, analytics tools — we will do two things before activating them: ask for your prior consent through a cookie banner as required by law, and update this policy to describe, in the same level of detail, what is being added, for what purpose and for how long. Any relevant change will be reflected in the version number and the last-updated date shown at the top of this policy. We recommend reviewing it from time to time. The current version is v2026.07, updated on July 3, 2026.

9. Legal framework

This policy is governed by the applicable Spanish and European Union legislation, in particular: - Spanish Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE), especially Article 22.2. - Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR). - Spanish Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD). - The AEPD's cookie guidance, as interpretative criteria. The details of how we process your personal data — including the health data in your training profile, the legal bases, our processors and your GDPR rights — are set out in our Privacy Policy, which is the reference document for those matters. The governing law and jurisdiction are those of Spain, without prejudice to the rights you may have as a consumer under the law of your place of residence.

10. Contact

If you have any questions about this cookie policy or about how OneRealSet uses your browser storage, you can write to us at [RELLENAR: email de contacto]. To exercise your data protection rights (access, rectification, erasure, objection, restriction, portability or withdrawal of consent), please see the Privacy Policy and the Settings > Privacy section of the application, where many of these actions are available directly. If you believe our processing does not comply with the law, you have the right to lodge a complaint with the Spanish Data Protection Authority, AEPD (www.aepd.es).