BRASIBack to BRASI

Legal

Cookie Policy

We use the minimum number of cookies necessary to keep BRASI secure, functional, and improving. No advertising. No profiling. No tracking of sensitive activity. This page explains exactly what each cookie does and how you can control it.

Effective date: 1 May 2026Last reviewed: 1 May 2026Version: 1.0
Minimal cookie useNo advertising cookiesPrivacy-first analytics
01

What are cookies

Cookies are small text files that a website stores on your device — your computer, tablet, or phone — when you visit it. They are widely used to make websites work correctly, to remember your preferences, and to provide basic usage information to the site operator.

Cookies are not programs and cannot execute code. They cannot carry viruses or install software. They are simply small data files that help a service remember information between visits or across a single browsing session.

BRASI's approach to cookies

Minimal by design

BRASI uses the smallest number of cookies necessary to operate the platform. We do not use advertising cookies, tracking pixels, or any technology that profiles your behaviour across the web. We have no commercial interest in building a picture of who you are.

This policy explains precisely which cookies we use, why each one exists, how long it lasts, and how you can control or remove it. If you have questions not answered here, contact us at privacy@brasi.io.

03

Essential cookies

Essential cookies are strictly necessary for the platform to operate. Without them, core features — including page loading, security, and consent management — would not function. These cookies cannot be disabled while you use BRASI.

Cookie namePurpose — duration
brasi_sessionMaintains your browsing session state, enabling the platform to load pages correctly. Duration: session (deleted when you close your browser).
brasi_csrfCSRF (cross-site request forgery) protection token. Prevents malicious third-party sites from submitting forms on your behalf. Duration: session.
brasi_consentRecords the cookie preferences you have chosen via the preference centre, so we do not prompt you on every visit. Duration: 12 months.

No identity data in essential cookies

Essential cookies do not contain your name, email address, or any other personally identifying information. They store only a randomly generated session identifier.

04

Analytics cookies

BRASI uses privacy-first analytics to understand how the platform is used in aggregate. This helps us identify pages that are hard to navigate, features that are not being discovered, and technical issues that need fixing.

What our analytics does

  • Counts page views per URL to understand which sections are most visited
  • Records which country a visit originated from (country-level only, not city or postcode)
  • Identifies the browser type and device category (desktop / mobile / tablet)
  • Tracks aggregate session duration to understand engagement with content

What our analytics never does

Sensitive activity is never tracked

  • Survivor journal activity is completely excluded from analytics — we do not track what is written, when, or how often
  • Support provider conversations are never included in any analytics dataset
  • Individual user sessions are not profiled, attributed, or linked across visits
  • No personal data — including IP addresses — is stored in our analytics system
  • Data is never shared with advertising networks, data brokers, or any third party for commercial purposes
Cookie namePurpose — duration
brasi_analyticsDistinguishes unique page-view events within a single session without persisting a user identity across visits. Duration: session.

Analytics cookies are optional. You can disable them at any time using the cookie preference centre below, or via your browser settings, without affecting your ability to use any part of BRASI.

05

Authentication cookies

When you create an account and sign in to BRASI, authentication cookies are set to securely maintain your signed-in state. These cookies allow the platform to recognise that you are the same person between pages, so you do not need to sign in on every click.

Cookie namePurpose — duration
brasi_auth_tokenStores your encrypted session token, issued on sign-in. Used to authenticate your requests to the BRASI API. Duration: session, or up to 30 days if you select "Stay signed in".
brasi_refreshEnables silent session renewal — refreshes your auth token in the background when it is about to expire, so you are not interrupted mid-session. Duration: 7 days.

Security properties

  • Authentication cookies are set with the HttpOnly flag, meaning they cannot be accessed by JavaScript — this protects against XSS (cross-site scripting) attacks
  • Authentication cookies are set with the Secure flag, meaning they are only transmitted over HTTPS connections — never over unencrypted HTTP
  • Authentication cookies are scoped to the BRASI domain only and cannot be read by third-party sites
  • Token values are cryptographically signed and validated on every request — a modified token is rejected immediately

Signing out clears all authentication cookies

When you sign out of BRASI, all authentication cookies are immediately deleted from your browser and invalidated server-side. They cannot be reused after sign-out.

06

User preferences

Preference cookies store lightweight UI state so that the platform remembers your settings between visits. These are optional and contain no personal data. Disabling them means the platform will revert to its defaults each time you visit.

Cookie namePurpose — duration
brasi_ui_prefsRemembers display preferences you have set, such as text size and accessibility options. Duration: 6 months.
brasi_toc_stateRemembers whether the table of contents sidebar was expanded or collapsed on your last visit to a policy page. Duration: 30 days.
brasi_nav_stateRemembers the open or closed state of the mobile navigation menu. Duration: session.

Optional and removable

Preference cookies can be cleared from your browser settings at any time without losing access to your account or any of your private content. Your journal entries, messages, and account data are stored server-side and are not affected by clearing browser cookies.

07

Managing cookies

Using the BRASI preference centre

The easiest way to manage your cookie choices on BRASI is to use the preference centre on this page. You can toggle analytics and preference cookies on or off at any time. Essential and authentication cookies cannot be disabled, as they are required for the platform to work.

Managing cookies in your browser

All major browsers allow you to view, block, or delete cookies. The links below point to the official cookie management guides for the most common browsers.

  • Google Chrome: Settings → Privacy and security → Cookies and other site data
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Apple Safari: Preferences → Privacy → Manage Website Data
  • Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data

Blocking all cookies

If you configure your browser to block all cookies, some parts of BRASI will not work correctly. In particular, you will not be able to remain signed in to your account, and the platform will not be able to remember your consent preferences. Essential functionality depends on the essential and authentication cookies described in Sections 03 and 05.

Deleting existing cookies

Clearing your browser's cookies removes all BRASI cookies from your device. This will sign you out of your account and reset your preference choices. Your account and all your private content remain intact server-side — clearing cookies only affects your local session state.

08

Third-party services

No advertising or data-broker integrations

BRASI does not integrate with any advertising network, social media pixel, data broker, or behavioural tracking service. The only third-party service we use is a privacy-first analytics provider — selected specifically because it does not collect personal data.

Analytics provider

BRASI uses Plausible Analytics, an open-source, privacy-first analytics platform that does not use cookies to track users and does not collect personally identifiable information. Plausible is GDPR compliant, does not track users across sessions or across sites, and does not build user profiles.

Even within Plausible, BRASI configures exclusion rules to ensure that sensitive platform areas — including any pages related to journaling, provider conversations, or account details — do not appear in analytics reporting.

Content delivery and infrastructure

BRASI's infrastructure uses standard hosting and content-delivery services to ensure the platform loads quickly and securely. These services may set technical cookies as part of network-level security (for example, to distinguish human traffic from automated bots). These technical cookies do not contain personal data and are not used for tracking purposes.

Third-party servicePurpose — data shared
Plausible AnalyticsAggregate page-view counting. No personal data. No cookies stored. Privacy-first by design.
Hosting infrastructureSecure platform delivery. Technical security cookies only. No personal data shared.

What we will never integrate

  • Meta Pixel, Google Ads, or any advertising network cookie
  • LinkedIn Insight Tag or any social media tracking pixel
  • HotJar, FullStory, or any session-recording tool
  • Any third-party service that profiles individual users or shares data with brokers
  • Any analytics tool that stores persistent identifiers for individual users

If we ever add a new third-party integration that uses cookies, we will update this policy, notify users, and ask for your consent before activating it. Questions about third-party services can be directed to privacy@brasi.io.

BRASI Ltd · Cookie Policy · Version 1.0 · Effective 1 May 2026

privacy@brasi.io