1. What this policy covers
This Cookie Policy explains how Vezraa (“Vezraa”, “we”, “us”, or “our”) uses cookies and similar storage technologies when you visit vezraa.com or use the Vezraa Service. It supplements our Privacy Policy and our Terms of Service.
For a definition of “personal data,” the legal bases we rely on, your rights, and how to contact us, see the Privacy Policy.
2. What cookies and storage are
A cookie is a small text file a website asks your browser to store. Each time you visit, your browser sends the cookie back so the site can recognize your session. Cookies are scoped to a domain and have an expiry. Local storage and session storage are similar browser-side stores accessible only to scripts on the same site.
We refer to all of these together as “storage” in this policy. We treat them consistently: only the categories described below are used, and only for the purposes described below.
3. Categories we use
We use only the following two categories:
- Strictly necessary. Required to deliver the Service you have explicitly requested. Without these the Service does not work — for example, you cannot stay logged in. We do not seek consent for strictly necessary storage because it is exempt under EU ePrivacy rules and analogous laws when limited to providing a service the user has requested.
- Functional preferences. Optional UI state we keep in local storage so the dashboard remembers your last view (for example, sidebar collapsed state, last opened scan). No personal data of identifiable third parties is stored. You can clear these at any time.
We do not use the following categories: analytics tracking cookies, ad targeting cookies, social-media share cookies, or cross-site profiling cookies. See Section 6.
4. Cookies & storage currently in use
The list below reflects the current state of the Service. We update it whenever we add, remove, or change storage. The version stamp at the top of this page records the date of the last update.
| Name / pattern | Type | Purpose | Lifetime | Category |
|---|---|---|---|---|
sb-<project>-auth-token | Cookie (HttpOnly) | Supabase Auth session — keeps you signed in across page loads. | Session / 1 hour rolling | Strictly necessary |
sb-<project>-auth-token-code-verifier | Cookie | PKCE code verifier used during OAuth and magic-link login. | Cleared after sign-in (≤ 5 min) | Strictly necessary |
admin_session | Cookie (HttpOnly) | Authenticates admin users on /admin routes only. | Session | Strictly necessary |
vezraa:ui:* | Local storage | Dashboard preferences (e.g., sidebar collapsed, last selected scan). | Until cleared | Functional preferences |
We also store a transient request-counter key on Upstash Redis as part of our rate limiter; that key is keyed by a hashed identifier of your request (such as IP or API key hash) and is never written to your browser.
5. Third-party cookies
When you click “Continue with Google” or “Continue with GitHub,” you are temporarily redirected to the Google or GitHub authentication domain, which sets its own cookies under its own domain. Those cookies are governed by Google's cookie policy or GitHub's privacy statement respectively. We have no control over them and do not read or share them.
When you reach the Razorpay billing portal or the Razorpay checkout page (when you upgrade or manage your subscription), Razorpay sets its own cookies under razorpay.com. See Razorpay's privacy policy.
6. No advertising, retargeting, or tracking pixels
Vezraa does not run Google Ads, Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, X (Twitter) Pixel, Pinterest Tag, Reddit Pixel, Quora Pixel, Microsoft UET, or any other advertising or retargeting tracker. We do not use Google Analytics, Mixpanel, Amplitude, PostHog session replay, FullStory, Hotjar, or similar third-party analytics or session-replay products on our marketing or product pages.
We do not sell or share your personal data for cross-context behavioral advertising. See the “No sale, no targeted advertising” section of our Privacy Policy.
7. How to control cookies and storage
You can control cookies and local storage in several ways:
- Browser settings. Every modern browser lets you view, delete, and block cookies and clear local storage. See your browser's help pages for Chrome, Firefox, Safari, Edge, or Brave.
- Sign out. Signing out removes the Supabase auth cookies. You will need to sign in again to use the dashboard.
- Delete account. Deleting your Vezraa account removes all server-side data we hold for you and invalidates all sessions; see the “Data retention” section of our Privacy Policy.
Blocking strictly necessary cookies will prevent core features (sign-in, dashboard) from working. Blocking only functional preferences will reset UI preferences each visit but will not break the Service.
8. Do Not Track & Global Privacy Control
Because we do not engage in cross-context behavioral advertising and do not sell personal data, browser-based Do Not Track and Global Privacy Control (GPC) signals do not change our processing behavior in practice. We honor GPC as an opt-out request to the extent required by applicable law (such as CCPA/CPRA).
9. Changes to this policy
We may update this Cookie Policy from time to time to reflect changes in the storage we use or in applicable law. The current version is always available at vezraa.com/cookies with the “Last updated” date at the top of this page. For material changes, we will provide reasonable notice (generally at least thirty (30) days) by email and/or by posting a prominent notice in the Service.
10. Contact
For questions about this Cookie Policy, contact udayakirantumma@gmail.com. See also our Privacy Policy and Subprocessor List.