Migração 100% grátis + 1 mês grátis com cupom MIGRAR1MES · novos clientes em planos até R$ 200/mês Migrar agora

Cookie Policy

Version 1.0 ·
Convenience translation. This is a courtesy translation of the original Portuguese version. In case of any discrepancy, the Portuguese version prevails for all legal purposes.

1. What are cookies?

Cookies are small text files that websites store in your browser (Chrome, Firefox, Edge, Safari) when you visit a page. They allow the site to remember information between visits — such as your login session, preferred language, items in your cart, or whether you have already seen the cookie banner.

Similar technologies include local storage, session storage, web beacons and pixels — in this document we use "cookies" to refer to all of them.

2. Types of cookies we use

We classify cookies into four categories:

  • Essential cookies — required for the basic operation of the site (session, login, cart, CSRF security). Cannot be disabled, as the site does not function without them. Legal basis: contract performance.
  • Performance / analytics cookies — collect anonymous data about how you use the site (most visited pages, time on site). They help improve the experience. Legal basis: legitimate interest or consent.
  • Marketing cookies — used to personalize ads and measure campaigns (Meta Pixel, Google Ads). Legal basis: explicit consent.
  • Third-party cookies — set by other domains we load on the site (Google Analytics, YouTube, Google Fonts). Each third party has its own policy.

3. Rollin Host cookie list

Essential

  • rh_session — keeps your session active in the client portal. Duration: until logout or 7 days.
  • rh_csrf — security token against CSRF attacks. Duration: session.
  • rh_consent — records your cookie preferences (CMP). Duration: 12 months.
  • rh_theme — remembers whether you use light or dark mode. Duration: 12 months.
  • rh_lang — chosen language (pt-BR, en, es). Duration: 12 months.

Performance / Analytics (with consent only)

  • _ga, _ga_*, _gid (Google Analytics 4 via GTM) — anonymized usage analysis. Duration: 14 months.
  • _hjid, _hjSession* (Hotjar, optional) — anonymized session recording for UX analysis. Duration: 12 months.

Marketing (with consent only)

  • _fbp, _fbc (Meta Pixel) — campaign attribution on Facebook/Instagram. Duration: 90 days.
  • NID, IDE (Google Ads via GTM) — remarketing and measurement. Duration: 6 months.

4. Third-party cookies

We load third-party resources that may set their own cookies. Each third party follows its own privacy policy:

  • Google — Google Analytics 4, Google Tag Manager (GTM), Google Fonts, reCAPTCHA, Google Ads. Google Privacy Policy.
  • Meta (Facebook / Instagram) — Meta Pixel for campaigns. Meta Policy.
  • Cloudflare — DDoS protection and CDN (cookie __cf_bm, essential). Cloudflare Privacy Policy.
  • Hotjar (optional) — session recording for UX analysis. Hotjar Privacy Policy.
  • Nikko (proprietary AI assistant) — conversational chat hosted on our infrastructure. Conversations are retained in session for 48 hours; after human escalation they migrate to our CRM under Rollin Host LGPD responsibility.

5. How to manage your preferences

5.1 Cookie banner (CMP)

On your first visit we display a cookie banner where you can accept all, reject non-essential cookies, or customize by category. Your choice is stored for 12 months and can be revoked at any time by clicking "Cookie settings" in the site footer.

5.2 Browser settings

You can also block or delete cookies directly in your browser:

  • Chrome: Settings → Privacy and security → Third-party cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Cookies and site permissions

Note: blocking essential cookies may break site functionality (login, cart, client panel). We recommend disabling only marketing and analytics cookies if you prefer greater privacy.

6. Consent and LGPD

Under the LGPD (Law 13.709/2018), non-essential cookies are activated only after your explicit consent. Until then, only strictly necessary cookies (session, security) are set — no analytics or marketing data is collected.

As a data subject, you have the right to:

  • Know which cookies we use and for what purpose.
  • Revoke consent at any time (opt-out).
  • Request deletion of personal data collected via cookies.
  • Data portability in a structured format.

To exercise these rights, see our Privacy Policy or contact the DPO through the channels below.

7. Changes to this policy

This Cookie Policy may be updated when we add new tools or change the purpose of processing. Significant changes are communicated by email and prominently displayed on the site at least 30 days in advance.

8. Contact and DPO

  • Legal name: Rollin Servicos Digitais e Tecnologia LTDA
  • Tax ID (CNPJ): 64.204.851/0001-39
  • DPO: Francis Oliveira
  • DPO email: dpo@rollinhost.com.br
  • Address: Rua Pais Leme, 215, Suite 1713 · Pinheiros · Sao Paulo – SP · ZIP 05424-150 · Brazil
  • Phone: +55 (19) 3199-2720