umu Cookie & Local Storage Policy
Last updated: 18.03.2026
1. What are cookies?
Cookies are small text files stored by your browser when you visit a website, at the server's request. They are automatically sent back to the server with each subsequent HTTP request, allowing the site to maintain your authenticated session and preferences.
The use of cookies on umu.ro is governed by the ePrivacy Directive 2002/58/EC, transposed into Romanian law as Law no. 506/2004 on the processing of personal data and protection of privacy in the electronic communications sector, as well as GDPR (Regulation EU 2016/679) and Law no. 190/2018.
2. Cookies we use
umu.ro uses exclusively cookies that are strictly necessary for the technical operation of the platform. We do not use marketing, advertising, or behavioural tracking cookies.
| Name | Type | Duration | Purpose |
|---|---|---|---|
access_token | Strictly necessary | 15 minutes | JWT authentication token. Grants access to the protected areas of your account. Marked HttpOnly and Secure β not accessible from JavaScript. Also expired automatically after 15 minutes of inactivity. |
refresh_token | Strictly necessary | 7 days | Session renewal token. Keeps your session active without requiring your password every 15 minutes. Invalidated automatically on logout or password change. Marked HttpOnly and Secure. |
gdpr_consent | Preference | 1 year | Stores your cookie preference (accepted / declined) so the consent banner is not shown on every visit. |
3. Local storage (localStorage)
In addition to cookies, the platform uses your browser's local storage (localStorage) for certain preferences and convenience features. Unlike cookies, localStorage items are never automatically sent to the server β they are accessible only from JavaScript, in your browser, and involve no data transfer to the server on each request.
Legally, localStorage items are not governed by the ePrivacy Directive / Law 506/2004 (which targets HTTP cookies), but by the general GDPR principles of data minimisation and purpose limitation.
| Key | Duration | Purpose |
|---|---|---|
umu_lang | Persistent (until manually cleared) | Remembers your language preference (Romanian / English) to display the platform in your chosen language. The value is a language tag: ro or en. Contains no personal data. |
umu_loved_links | Persistent (until manually cleared) | Stores the list of link IDs that visitors have marked as favourites on public profiles. Works offline, without an account, exclusively in your browser. Contains no identifiable personal data. |
umu_visitor_token | Persistent (until manually cleared) | An anonymous session token for unauthenticated visitors, used to avoid recording duplicate link clicks on public profiles within the same browsing session. The token is generated randomly on your device and is not associated with any personal identity. |
You can delete these items at any time from your browser settings β Storage β Site data / localStorage.
4. Third-party cookies
umu.ro does not use cookies placed by third parties for advertising or tracking purposes. We do not integrate Google Analytics, Facebook Pixel, ads, or any other third-party tracking service that would place cookies in your browser.
The platform's internal statistics system (click counts on your links) operates without cookies, based on the anonymised data described in our Privacy Policy.
5. How to manage cookies
The authentication cookies (access_token and refresh_token) are strictly necessary for the platform to function in an authenticated state. Without them, you cannot log in to your account. If you block or delete them, you will be automatically logged out.
The preference cookie (gdpr_consent) can be deleted at any time through your browser settings. Deleting it will show the consent banner again on your next visit.
You can manage or delete cookies through your browser settings:
- Chrome: Settings β Privacy and security β Cookies and other site data
- Firefox: Settings β Privacy & Security β Cookies and Site Data
- Safari: Preferences β Privacy β Manage Website Data
- Edge: Settings β Cookies and site permissions
6. Legal basis
Authentication cookies are placed on the basis of performance of a contract (Art. 6(1)(b) GDPR) β they are strictly necessary to provide the service you have requested. Under Art. 5(3) of the ePrivacy Directive (Law 506/2004), strictly necessary cookies are exempt from the prior consent requirement.
The preference cookie (gdpr_consent) is placed on the basis of legitimate interest (Art. 6(1)(f) GDPR) β storing your consent preference directly serves your interest in not having to repeat the same choice on every visit.
LocalStorage items (umu_lang, umu_loved_links, umu_visitor_token) do not fall under the ePrivacy Directive and are stored on the basis of legitimate interest (Art. 6(1)(f) GDPR) and the principle of data minimisation (Art. 5(1)(c) GDPR).
Because we use only strictly necessary or preference cookies (no marketing or tracking cookies), we display an informational banner and give you the option to decline preference cookies.
7. Changes to this policy
We may update this policy periodically, for example if we add new features that involve additional cookies or local storage items. Any changes will be communicated by updating the date above and, for significant changes, by direct notification.
8. Contact
For any questions about the use of cookies or local storage on umu.ro:
Email: i@umu.ro