Cookie Policy
Last updated: March 17, 2026
Salag is a product of Salag Software Development Services, a sole proprietorship registered in the Republic of the Philippines.
This Cookie Policy explains how Salag ("we", "us", "our") uses cookies and similar technologies when you visit or use our web application at salag.ph. It explains what these technologies are, why we use them, and your rights to control their use.
This policy is issued in compliance with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission of the Philippines. By using Salag, you acknowledge that you have read and understood this policy.
1. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They allow the site to recognise your device and remember certain information about your visit, such as whether you are logged in or what settings you have chosen.
Cookies are set either by the website you are visiting ("first-party cookies") or by third-party services operating on that site ("third-party cookies"). Cookies can be "persistent" (they remain on your device until they expire or you delete them) or "session" cookies (they are deleted automatically when you close your browser).
In addition to cookies, we may also use similar technologies such as browser local storage and session storage. These are explained in Section 3.
2. Legal Basis for Using Cookies
Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, we rely on the following lawful bases for placing and processing cookies:
- Contractual necessity: Strictly necessary cookies are required to deliver the Salag service you have contracted with us to provide. Without them, the platform cannot function.
- Legitimate interest: Security cookies, CSRF protection, and abuse-prevention technologies are deployed to protect both you and the platform from fraud and unauthorised access.
- Consent: For any optional cookies (such as analytics), we will request your explicit consent before placing them. You may withdraw that consent at any time by adjusting your browser settings (see Section 6).
Salag does not use cookies for advertising, cross-site behavioural tracking, or data brokerage of any kind.
3. Technologies We Use
Salag uses the following categories of browser-based storage technologies:
3.1 HTTP Cookies
Standard cookies transmitted between your browser and our servers via HTTP headers. Used for session management and security. All authentication cookies are set with the HttpOnly, Secure, and SameSite=Lax attributes, meaning they cannot be accessed by JavaScript and are only transmitted over HTTPS.
3.2 Browser Local Storage
Local storage is a browser-side mechanism that stores key-value data. Salag may use local storage to preserve UI preferences (such as theme or tool state) across page loads. This data never leaves your device and is not transmitted to our servers automatically.
3.3 Session Storage
Session storage works similarly to local storage but is cleared automatically when your browser tab is closed. Salag may use session storage for temporary in-progress form state to improve your experience while using tools.
4. Cookies We Set
4.1 Strictly Necessary Cookies
These cookies are essential for you to browse Salag and use its features. You cannot opt out of these cookies while continuing to use the platform because the service cannot function without them.
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
| next-auth.session-token | Maintains your authenticated session after login | First-party | 30 days |
| next-auth.csrf-token | Prevents cross-site request forgery (CSRF) attacks on all authenticated actions | First-party | Session |
| next-auth.callback-url | Stores the URL you were trying to access before being redirected to login, so you can be sent there after authentication | First-party | Session |
| __Host-next-auth.csrf-token | Secure variant of the CSRF token used in HTTPS environments for additional origin binding | First-party | Session |
4.2 Security and Abuse-Prevention Cookies
These cookies and related mechanisms protect the platform from automated attacks, spam, and account abuse. They are a subset of strictly necessary technologies.
| Technology | Purpose | Provider | Duration |
|---|---|---|---|
| Cloudflare Turnstile token | Privacy-preserving CAPTCHA challenge on the login and registration forms. Verifies that you are a human without tracking you across the web | Cloudflare, Inc. | Session |
| Rate limit fingerprint | A hashed, non-reversible combination of browser characteristics used server-side to enforce anonymous usage limits and detect abuse patterns. Not stored in a cookie; computed server-side from request headers | Salag (first-party) | Not stored |
4.3 Analytics Cookies (Optional)
We may use anonymised, aggregated analytics to understand how our tools are used so we can improve them. Any analytics implementation will adhere to the following principles:
- No personally identifiable information will be linked to analytics data.
- IP addresses will be anonymised or truncated before processing.
- We will update this policy and request your explicit consent before deploying any analytics cookies that require consent under applicable law.
- We do not use analytics data to build individual user profiles for advertising or external sale.
5. Third-Party Integrations
Salag integrates with a small number of third-party services that may set their own cookies or access browser storage when you interact with their components. We do not control these cookies.
5.1 Cloudflare Turnstile
Used on our login and registration pages as a CAPTCHA replacement. Turnstile is designed to be privacy-preserving and does not track users across websites or build advertising profiles. For full details, see Cloudflare's Privacy Policy and the Turnstile data handling documentation.
5.2 Google OAuth (Sign in with Google)
If you choose to sign in using your Google account, Google may set cookies as part of the OAuth authentication flow. These cookies are managed entirely by Google and are subject to Google's Privacy Policy. Salag only receives the information you authorise Google to share (your name, email address, and profile picture). We do not receive or store your Google password.
You are not required to use Google sign-in. You may register with an email and password instead.
We do not permit advertising networks, data brokers, or social media trackers to place cookies on salag.ph.
6. How to Control and Manage Cookies
You have several options for controlling how cookies are used on your device. Please note that disabling strictly necessary cookies will prevent you from logging in to Salag and using its protected tools.
6.1 Browser Settings
All major browsers allow you to view, block, and delete cookies through their settings menus. Instructions for the most commonly used browsers:
- Google Chrome: Manage cookies in Chrome
- Mozilla Firefox: Manage cookies in Firefox
- Apple Safari: Manage cookies in Safari
- Microsoft Edge: Manage cookies in Edge
For a general guide to managing cookies across browsers, visit allaboutcookies.org.
6.2 Clearing Local and Session Storage
Browser local storage and session storage can be cleared through your browser's developer tools (Application tab) or through the same privacy/storage settings where cookies are managed. Clearing local storage will remove any saved UI preferences but will not affect your account data, which is stored securely on our servers.
7. Cookie Data Retention
The duration for which cookie data is retained depends on the type of cookie:
- Session cookies are automatically deleted when you close your browser tab or window.
- Persistent authentication cookies (specifically the session token) remain active for up to 30 days, or until you explicitly log out of Salag, whichever comes first. Logging out immediately invalidates and deletes your session token.
- Local storage data persists until you clear it through your browser settings or until Salag explicitly removes it.
- Security logs that record session activity (IP address, timestamp, device fingerprint hash) are retained for up to 90 days for fraud investigation and abuse prevention purposes, after which they are automatically purged.
8. Your Rights Under the Data Privacy Act of 2012
As a data subject under Republic Act No. 10173, you have the following rights with respect to any personal data processed through cookies and similar technologies:
- Right to be informed: You have the right to be informed of how your data is collected and used. This Cookie Policy fulfils that obligation.
- Right to access: You may request a copy of the personal data we hold about you, including that derived from session and usage logs.
- Right to object: You may object to the processing of your personal data where we rely on legitimate interest as a legal basis. Note that objecting to strictly necessary cookie processing will require you to stop using the platform.
- Right to erasure: You may request deletion of your account and associated data. Upon account deletion, your session tokens are immediately invalidated and your personal data is removed from active systems within 30 days.
- Right to withdraw consent: For any consent-based cookies (such as analytics), you may withdraw your consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: If you believe your rights have been violated, you may file a complaint with the National Privacy Commission of the Philippines.
To exercise any of these rights, contact us at privacy@salag.ph.
9. Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in our technology, legal requirements, or business practices. When we do:
- We will revise the "Last updated" date at the top of this page.
- For material changes, registered users will be notified by email at least 7 days before the changes take effect.
- If a change requires new consent (e.g., introducing optional analytics cookies), we will request your consent explicitly before those cookies are placed.
- Continued use of Salag after a non-material update constitutes acceptance of the revised policy.
10. Contact
If you have questions, concerns, or requests related to this Cookie Policy or the data processed through cookies, please contact us:
Business Name: Salag Software Development Services
Country: Republic of the Philippines
Privacy Contact: privacy@salag.ph
We aim to respond to all privacy-related enquiries within 15 business days, in accordance with the timelines prescribed under the Data Privacy Act of 2012.
Related policies