Cookie Policy

Last updated: January 1, 2025

1. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet, or other internet-connected device) when you visit a website. They are widely used to make websites work more efficiently, remember your preferences, and provide analytical information to website operators. Cookies do not typically contain information that personally identifies you, but personal data that we store about you may be linked to information obtained from cookies.

Cookies can be classified in several ways:

Session cookies are temporary and are deleted when you close your browser. They are used to maintain your session as you navigate between pages.
Persistent cookies remain on your device for a set period of time or until you delete them. They are used to remember your preferences across multiple visits.
First-party cookies are set directly by Paymonx (the website you are visiting).
Third-party cookies are set by a domain other than Paymonx, typically by service providers whose functionality we have embedded on our website.

In addition to traditional cookies, we and our partners may use similar technologies including web beacons (also called pixel tags or clear GIFs), local storage (including localStorage and sessionStorage), and fingerprinting techniques for security purposes. This Cookie Policy covers all such technologies collectively referred to as "cookies".

This policy applies to the Paymonx website at paymonx.org and to the Paymonx client dashboard. It does not apply to third-party websites that may be linked to from our website — those websites are governed by their own cookie policies.

2. Types of Cookies Paymonx Uses

We use four categories of cookies on our website and dashboard. The following describes each category and its purpose:

2.1 Strictly Necessary Cookies

These cookies are essential for the operation of our website and services. They enable core functionality such as security, session management, and authentication. Without these cookies, services that you have asked for — such as accessing your dashboard or initiating a payment — cannot be provided. Because these cookies are strictly necessary, they do not require your consent under applicable ePrivacy laws.

Strictly necessary cookies are used for:

Maintaining your login session across pages of the dashboard;
Storing your CSRF (Cross-Site Request Forgery) protection token to prevent unauthorised form submissions;
Routing requests correctly across our server infrastructure (load balancer stickiness);
Remembering your cookie consent preference so we do not repeatedly show the consent banner;
Enabling secure payment session state during transaction flows in PayEmbed.

2.2 Functional Cookies

Functional cookies allow our website to remember choices you make and provide enhanced, personalised features. They may be set by Paymonx or by third-party providers whose services we have embedded on our pages. The information these cookies collect is typically anonymised and they cannot track your browsing activity on other websites.

We use functional cookies for:

Remembering your preferred language and regional settings;
Remembering your dashboard layout and display preferences;
Enabling live chat and customer support widgets;
Storing your preferred currency display format;
Maintaining notification preferences.

2.3 Analytics Cookies

Analytics cookies collect information about how visitors use our website, such as which pages are visited most frequently and whether visitors receive error messages. This helps us understand visitor behaviour, measure the effectiveness of our content, and continuously improve the user experience. Analytics data is aggregated and does not identify individual visitors.

We use analytics cookies for:

Measuring page view counts, session duration, and bounce rates;
Identifying which features of the dashboard are most and least used;
Tracking the effectiveness of our documentation and help content;
Analysing the conversion funnel from website visit to account registration;
A/B testing of page layouts and content.

2.4 Security Cookies

Security cookies are used to protect Paymonx, its clients, and their end-users from fraud, abuse, and security threats. These cookies enable us to detect suspicious login behaviour, identify bot traffic, prevent automated account creation or credential stuffing attacks, and protect against cross-site scripting (XSS) and clickjacking.

Security cookies may record: device fingerprint components (browser type, screen resolution, installed fonts); session integrity tokens; rate-limiting identifiers; and fraud risk signals associated with your device or IP address. This data is processed by Paymonx and, where applicable, by our fraud prevention partners, in accordance with our Privacy Policy.

3. Specific Cookies Used by Paymonx

The following table lists the specific cookies placed on your device when you visit paymonx.org or use the Paymonx dashboard:

Cookie Name	Purpose	Duration	Type
`pmx_session`	Maintains your authenticated dashboard session. Contains an encrypted session token that identifies your login state.	Session (deleted on browser close)	Strictly Necessary / First-party
`pmx_csrf`	CSRF protection token. Validates that form submissions originate from legitimate Paymonx pages and not from malicious third-party sites.	Session	Strictly Necessary / First-party
`pmx_consent`	Stores your cookie consent preferences (accepted categories). Set in localStorage. Used to avoid showing the consent banner on subsequent visits.	12 months	Strictly Necessary / First-party (localStorage)
`pmx_lb`	Load balancer affinity cookie. Ensures that your requests are consistently routed to the same server instance during your session, maintaining state in transaction flows.	Session	Strictly Necessary / First-party
`pmx_lang`	Stores your preferred language setting for the dashboard interface.	12 months	Functional / First-party
`pmx_prefs`	Stores your dashboard display preferences, including table column visibility, default currency view, and notification settings.	12 months	Functional / First-party
`pmx_embed_session`	Session state for PayEmbed payment flows. Maintains the state of an in-progress embedded payment transaction between page loads.	30 minutes	Strictly Necessary / First-party
`pmx_analytics_id`	Anonymous visitor identifier used for internal analytics. Enables session stitching across pages without identifying the individual user.	12 months	Analytics / First-party
`pmx_ab`	Records which variant of an A/B test you have been assigned to, ensuring a consistent experience across your session.	30 days	Analytics / First-party
`pmx_risk_fp`	Security fingerprint token used for fraud detection and bot mitigation. Does not contain personally identifiable information; used solely for risk scoring.	6 months	Security / First-party
`pmx_rate`	Rate-limiting token to prevent automated abuse of the public website and API documentation pages.	Session	Security / First-party
`_support_chat_id`	Session identifier for the live customer support chat widget. Allows support conversations to be resumed if the page is refreshed.	7 days	Functional / Third-party

We periodically review and update our cookie inventory. If we introduce new cookies, we will update this policy and, where required, obtain fresh consent.

4. Third-Party Cookies

We integrate a limited number of third-party services on our website and dashboard that may set their own cookies. We have selected these providers carefully and require them to process data in compliance with applicable law.

4.1 Analytics Services

We use a privacy-focused web analytics service to understand aggregate website traffic patterns. Our analytics configuration is set to: anonymise IP addresses before storage, disable cross-site tracking, respect Do Not Track browser signals, and store data on servers located within the EEA. The analytics provider processes data as our data processor under a Data Processing Agreement.

4.2 Customer Support Widget

Our live chat and support ticketing functionality is provided by a third-party customer support platform. This service places functional cookies to maintain your support session and allow agents to assist you effectively. The support provider processes support conversation data as a data processor under a Data Processing Agreement with Paymonx.

4.3 Security and Fraud Prevention Services

Paymonx uses third-party fraud detection and bot mitigation services to protect the integrity of our platform. These services may place security cookies and/or use device fingerprinting techniques. The data collected is used solely for security purposes and is not used for advertising or cross-site tracking.

4.4 Content Delivery Network (CDN)

Our website assets are served via a Content Delivery Network. The CDN provider may set technical cookies for routing and caching purposes. These are strictly necessary for efficient content delivery and do not collect personal data.

We do not use any advertising cookies, retargeting cookies, or cookies that track your browsing behaviour across third-party websites for advertising purposes.

5. How to Manage Your Cookie Preferences

You have several options for managing cookies placed on your device. Please note that restricting or deleting cookies may affect the functionality of our website and dashboard.

5.1 Paymonx Cookie Consent Centre

When you first visit our website, we display a cookie consent banner that allows you to accept all cookies, accept only strictly necessary cookies, or customise your preferences by category. You can update your preferences at any time by clicking the "Cookie Settings" link in the footer of our website. Your preferences are stored in your browser's localStorage under the key pmx_consent.

5.2 Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically:

View which cookies are stored on your device and delete them individually or in bulk;
Block third-party cookies while allowing first-party cookies;
Block all cookies (note: this will prevent you from logging into the Paymonx dashboard);
Configure the browser to alert you when a cookie is being set.

Instructions for managing cookies in major browsers:

Google Chrome: Settings → Privacy and Security → Cookies and other site data
Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data
Apple Safari: Preferences → Privacy → Manage Website Data
Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data

Please consult your browser's help documentation for the most up-to-date instructions, as menu locations may change with browser updates.

5.3 Opt-Out Tools

For analytics cookies, you may also opt out by enabling the "Do Not Track" signal in your browser, which our analytics service is configured to respect. Some of our third-party providers may offer their own opt-out mechanisms, which will be documented in their respective privacy policies.

5.4 Mobile Devices

On mobile devices, you can manage cookie and tracking settings through your device's operating system settings. On iOS, navigate to Settings → Safari → Privacy & Security. On Android, open your browser app and access its Privacy settings.

6. Impact of Disabling Cookies on Service Functionality

While you have the right to restrict or block cookies, it is important to understand the functional impact of doing so:

Disabling strictly necessary cookies: You will not be able to log into the Paymonx dashboard, initiate or complete payment transactions via PayEmbed, or access any authenticated features of our Services. These cookies cannot be disabled without preventing the core functionality of the Services.
Disabling functional cookies: Your language and display preferences will not be saved between sessions. You may need to re-enter preferences on each visit. The customer support chat widget may not function correctly.
Disabling analytics cookies: You will still be able to use all features of the website and dashboard. Paymonx will be less able to understand how our services are used and identify areas for improvement, but this has no direct impact on your experience.
Disabling security cookies: You may experience additional verification steps (e.g., CAPTCHA challenges) as our system will be unable to identify your device as a trusted source. In some cases, access to certain features may be restricted as a precautionary measure.

If you encounter any issues after adjusting your cookie settings, please contact our support team at legal@paymonx.org.

7. Our Cookie Consent Mechanism

Paymonx implements cookie consent using a lightweight, privacy-respecting mechanism based on the browser's localStorage API. Our approach does not itself set a persistent cookie to record consent — instead, consent preferences are stored as a JSON object in localStorage under the key pmx_consent.

The consent mechanism is implemented as an Immediately Invoked Function Expression (IIFE) embedded in our cookie.js script. This approach has the following characteristics:

No pre-consent tracking: Non-essential cookies and scripts are not loaded until after you have provided consent through the banner. The IIFE reads your stored preference synchronously and only activates non-essential services if a valid consent record exists.
Granular consent: Consent is recorded per category (functional, analytics, security) so that you can accept some categories and reject others.
Consent timestamp: We record the timestamp at which consent was given, enabling us to expire and refresh consent after 12 months.
Legitimate basis documentation: Our consent records serve as evidence of the legal basis for placing non-essential cookies, as required under the Spanish Law 34/2002 (LSSI-CE) implementing the ePrivacy Directive, and consistent with GDPR Article 7.
No server-side dependency: Consent is managed entirely client-side and does not require a network request to our servers, minimising latency and avoiding the paradox of setting a cookie to ask for cookie consent.

When you accept or decline cookies through our consent banner, the pmx_consent localStorage entry is set to a JSON object indicating your choices. On subsequent page loads, the IIFE reads this value and activates only the permitted categories of scripts and cookies.

You may reset your consent at any time by clearing localStorage for paymonx.org in your browser, or by using the "Cookie Settings" link in our website footer.

8. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, updates to applicable law (including guidance from the AEPD or the European Data Protection Board), or changes to the technologies we deploy. When we make material changes, we will:

Update the "Last updated" date at the top of this page;
Display a notification on our website banner asking you to review and re-confirm your cookie preferences;
Where the changes affect registered clients, send an email notification to the address on file.

Changes will take effect from the date they are posted on this page. We encourage you to review this policy periodically. If you have any concerns about changes to our cookie practices, please contact us using the details in Section 9.

Previous versions of this Cookie Policy are available upon request from legal@paymonx.org.

9. Contact Information

If you have any questions about this Cookie Policy, wish to exercise your rights in relation to cookie-based data processing, or want to report a concern about our cookie practices, please contact us at:

Data Protection Team
Paymonx S.L.
Carrer de la Diputacio 279
08007 Barcelona, Spain
Email: legal@paymonx.org

We will respond to all cookie-related inquiries within 10 business days. For broader privacy and data subject rights requests, please refer to our Privacy Policy, which contains full information about your rights under the GDPR and how to exercise them.

If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish data protection authority, the Agencia Espanola de Proteccion de Datos (AEPD), at www.aepd.es.

10. Related Policies

This Cookie Policy should be read in conjunction with our Privacy Policy, which provides comprehensive information about how Paymonx collects, uses, and protects your personal data, and our Terms of Service, which governs your use of the Paymonx platform and Services. Together, these three documents form the complete framework for understanding your relationship with Paymonx and your rights as a user.