Effective date: April 2026
Cookies are small text files that a website stores in the user's browser during their visit. They contain information that allows the site to recognize the browser on subsequent visits, keep you authenticated, remember your preferences, or provide specific functionalities.
There are different categories of cookies according to their purpose: essential (necessary for site operation), functional (improve experience), security (protect against attacks), analytics (collect usage statistics), and advertising (track the user for targeted ads).
Cookies can also be classified as session (deleted when the browser is closed) or persistent (remain stored for a determined period), and as first-party (set by the site you are visiting) or third-party (set by other domains, usually for cross-site tracking).
In this policy, we explain exactly which cookies the CSURFACE Threat Sensor Platform uses, their purpose, how long they remain stored, and how you can control them.
CSURFACE Threat Sensor uses a minimal set of strictly necessary cookies for Platform operation. All cookies listed below are set directly by the threatsensor.csurface.io domain (first-party cookies) and are not shared with third parties.
| Name | Category | Purpose | Duration |
|---|---|---|---|
session |
Essential | Keeps you authenticated on the Platform after login. Contains an opaque session identifier, stored encrypted on the server. It is marked as HttpOnly and Secure to prevent access via JavaScript and transmission over non-secure HTTP. |
Session or up to 24 hours |
lang / language |
Functional | Stores your language preference (en or pt-BR) so that the Platform is displayed in the chosen language on subsequent visits, even without login. |
1 year |
csrf_token |
Security | Anti-CSRF (Cross-Site Request Forgery) token used to protect forms and modification requests against cross-origin request forgery attacks. It is regenerated on each session. | Session |
Secure attribute, ensuring they are only transmitted over HTTPS connections;session cookie is marked as HttpOnly, preventing access via client-side JavaScript and mitigating XSS risks;SameSite=Lax or SameSite=Strict attribute to prevent cross-site attacks;We do not use third-party tracking, advertising, or analytics cookies.
We value your privacy and, for this reason, the CSURFACE Threat Sensor Platform does not use:
We only collect aggregated usage metrics on the server side, based on application logs, and only for operational and service improvement purposes, as described in our Privacy Policy.
You have full control over the cookies stored in your browser. You can view, block, or delete them through your browser settings. However, disabling essential cookies may prevent the Platform from functioning correctly, specifically the ability to log in and maintain active sessions.
Consult your browser's official documentation for instructions on how to manage cookies:
Most browsers also allow you to:
If you choose to disable all cookies, you can still access the public content of the Platform, but you will not be able to log in, save language preferences, or use features that require authentication.
To clear specific CSURFACE Threat Sensor cookies without affecting cookies from other sites, use your browser's "Manage site cookies" feature and look for the domain threatsensor.csurface.io.
This Cookie Policy may be updated periodically to reflect changes in the cookies we use or legal requirements. Whenever material changes are made, the effective date at the top of this page will be updated.
For questions related to this Cookie Policy, contact [email protected].
For more information about how CSURFACE processes your personal data in general, see our Privacy Policy and our Terms of Service.
Effective date: April 2026