Cookie Policy
Last updated: 11 July 2026
1. What cookies are
A cookie is a small text file stored on your device when you visit a website. Cookies let the site remember your preferences, keep you signed in, and measure page performance. This policy explains the cookies we use on bmdecor.es.
2. Legal basis
Under Article 22.2 of Law 34/2002 (LSSI-CE) and the GDPR, we may install essential cookies without consent; everything else requires your prior, informed, unambiguous consent. We obtain that consent via the cookie banner on your first visit and any time the consent record is cleared.
Our banner follows the AEPD's 2024 Cookie Guide: the “Reject” and “Accept all” buttons are presented with equal visual prominence; no box is pre-ticked; and revoking consent is as easy as granting it via the “Manage cookies” link in the footer.
3. Essential cookies
These cookies are strictly necessary for the site to work and are installed regardless of your consent choice.
- Session cookie — keeps you signed in once you authenticate. Issued by AWS Cognito. HTTP-only, Secure, SameSite=Lax. Expires with the browser session or on sign-out.
- Cart cookie — remembers items added to the Bag between page loads. HTTP-only, Secure. Expires after 30 days.
- Consent record —
bmdecor_consentinlocalStoragestores your chosen cookie level, and a companion cookiebmdecor_consent_level(12 months, first-party) carries the same choice so our servers can honour it on every request. Neither is a tracking cookie; they exist only to remember and enforce your decision. Cleared or renewed via “Manage cookies” in the footer. - Pre-launch bypass cookie —
bm_prelaunch_bypass, installed only during the preview phase, lets invited testers skip the “coming soon” page. Removed at public launch. - Language cookie —
bmdecor_localeremembers the language you choose with the ES | EN switcher. Each page's language is determined by its own address (/en/…URLs serve the English version); this cookie keeps your preference for the customer area and for showing the Stripe payment page in your language. It is set only when you use the switcher. First-party, SameSite=Lax. Expires after 12 months.
4. Analytics cookies (optional)
If you accept “All” cookies, we activate PostHog, our product-analytics provider, to measure how visitors move through the boutique. PostHog installs a unique-identifier cookie and (first-party) session cookies to group events from the same browser. If you sign in or complete an order, we link this activity to your account identifier and email so we can measure the full shopping journey; the profile is deleted with your account under our erasure process. Data is stored on PostHog infrastructure in the European Union (Frankfurt, Germany) under a GDPR-compliant data-processing agreement.
PostHog covers the following on this site:
- Page views and navigation — which pages you visit and in what order, to understand the most relevant content and drop-off points.
- Autocapture of clicks and form submissions — aggregated interactions (clicks, form submits, rage-clicks) on generic UI elements.
- Heat maps — derived from the click data; shows where interaction concentrates.
- Session recording (sampled) — approximately 20% of consented sessions are recorded as video-style playback to debug UX issues. Text input values, passwords and payment fields are masked before leaving your browser — the recording shows that a field exists, never what you typed. Elements with class
ph-maskorph-no-captureare additionally blocked. - Feature flags and surveys — used for gradual rollouts and in-product surveys. No data is captured until you interact.
If you accept only “Essential” cookies, PostHog is completely disabled and none of the above runs.
5. Third-party cookies and trackers
We don't include third-party advertising cookies. Third-party services that may appear during your visit are:
- Stripe —
__stripe_mid(1 year, fraud) and__stripe_sid(30 minutes, session). Installed only when you reach the checkout page; classified as essential to take payment. - PostHog — first-party
ph_*cookies for unique identifier and session attribution; installed only after accepting “All” cookies. - PostHog Error Tracking — error capture built into the same PostHog project; in our configuration it installs no additional cookies beyond those already described for analytics. Session recording is disabled.
6. Managing your consent
The cookie banner appears on your first visit. You can change your mind at any time by clicking “Manage cookies” in the footer — this clears the consent record so the banner reappears and you can choose again. Accepting “Essential” after previously accepting “All” immediately disables analytics.
You can also block or delete cookies through your browser's privacy settings. Blocking essential cookies will prevent sign-in and cart persistence.
7. Changes to this policy
We may update this policy to reflect changes to the cookies we use. The “Last updated” date in the header reflects the latest change. Material changes are re-consented via the banner.
8. Contact and complaints
Enquiries: privacy@bmdecor.es. For the full data-protection framework see our Privacy Policy. Complaints may be filed with the Spanish Data Protection Agency (AEPD) at www.aepd.es.