Cookie policy

Last updated: 29 April 2026

This Cookie Policy sets out how Kyrylo Myronov, a self-employed individual (autónomo) operating U.M.A Stage and U.M.A ("we", "us", "our"), deploys cookies and comparable browser technologies when you access our website at https://umetal.app.

Where cookie data is combined with other information held about you, the combined dataset may constitute personal data.

What are cookies?

Cookies are small text files written to your browser or device storage when you visit a website. Cookies originating from us are first-party cookies; those originating from external services we integrate are third-party cookies.

Why do we use cookies?

We rely on cookies to operate the platform, maintain security, and ensure reliability. Strictly necessary cookies underpin authentication and access to protected areas; additional cookies may support service analytics and platform development.

How can I control cookies?

Cookie preferences can be adjusted at any time through your browser settings. Disabling strictly necessary cookies will impair sign-in and access to authenticated areas.

Essential website cookies

These cookies are required to deliver core platform functionality and restrict access to authenticated sections.

Name:
uma_backend_jwt
Purpose:
First-party httpOnly cookie storing the operator backend session token, issued after Clerk authentication is exchanged for a backend session. Required for all authenticated API calls. Not accessible to JavaScript.
Provider:
umetal.app
Service:
U.M.A (first-party)
Type:
http_cookie
Expires in:
session (cleared on sign-out)
Name:
__client
Purpose:
Clerk main session token — keeps you signed in across visits. Expiry is controlled by Clerk and may persist up to ~10 years; it is cleared on explicit sign-out or account deletion.
Provider:
.clerk.umetal.app
Service:
Clerk (View Service Privacy Policy)
Type:
server_cookie
Expires in:
~10 years (Clerk-controlled; cleared on sign-out)
Name:
__client_uat
Purpose:
Tracks your Clerk authentication state to synchronise sign-in status across browser tabs.
Provider:
.umetal.app
Service:
Clerk (View Service Privacy Policy)
Type:
server_cookie
Expires in:
~10 years (Clerk-controlled; cleared on sign-out)
Name:
__client_uat_ES3iAftJ
Purpose:
Clerk environment-scoped authentication state token — same purpose as __client_uat for this deployment key.
Provider:
.umetal.app
Service:
Clerk (View Service Privacy Policy)
Type:
server_cookie
Expires in:
~10 years (Clerk-controlled; cleared on sign-out)
Name:
__cf_bm
Purpose:
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
Provider:
.clerk.umetal.app
Service:
Cloudflare (View Service Privacy Policy)
Type:
http_cookie
Expires in:
1799 seconds
Name:
__cf_bm
Purpose:
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
Provider:
.img.clerk.com
Service:
Cloudflare (View Service Privacy Policy)
Type:
server_cookie
Expires in:
1800 seconds
Name:
_cfuvid
Purpose:
Used by Cloudflare to identify trusted web traffic for bot management and rate limiting.
Provider:
.clerk.umetal.app
Service:
Cloudflare (View Service Privacy Policy)
Type:
server_cookie
Expires in:
session

Browser local storage items

These are not cookies — they are items stored in your browser's localStorage. Unlike cookies they are never transmitted to our servers in HTTP requests, but they are disclosed here for full transparency.

Key:
__clerk_environment
Purpose:
Clerk stores environment configuration in browser localStorage to initialise its authentication SDK. Not a cookie; never transmitted to servers.
Provider:
www.umetal.app
Persists:
Persistent (until browser storage is cleared)
Key:
uma_cookie_consent_v1
Purpose:
Stores your cookie banner preference (dismissed, with timestamp). Used solely to suppress the banner on subsequent visits. Not transmitted to servers.
Provider:
www.umetal.app
Persists:
Persistent (until browser storage is cleared)

How can I control cookies on my browser?

Mobile app (U.M.A)

The U.M.A fan application (fan.umetal.app) does not use browser cookies. Authentication tokens are stored in your device's secure enclave — iOS Keychain on iPhone and Android Keystore on Android — using expo-secure-store. These tokens are never stored in plaintext and are not accessible to other apps on your device.

Location data (used to display nearby venues on the map) is processed in-memory and is not persisted on our servers. You can revoke location permission at any time in your device's settings.

How often will you update this Cookie Policy?

This policy may be revised when cookie usage changes, our operations evolve, or applicable legal or regulatory requirements are updated. The revision date shown above identifies the current version.

Where can I get further information?

Enquiries regarding this policy or our use of cookies may be directed to contact@umetal.app.

Kyrylo Myronov
C. Marcellino Camacho, 8, Camas, Sevilla, Andalusia, 41900, Spain

Privacy policy · Terms of use · Home

We use only essential cookies required to keep you signed in and the service secure. These cannot be disabled without breaking sign-in. See our Cookie Policy and Privacy Policy.