Cookie Policy — Qravio

This Cookie Policy explains how TODO: Company Legal Name Pvt. Ltd. ("Qravio", "we", "our", or "us") uses cookies and similar tracking technologies on qravio.com. It should be read alongside our Privacy Policy.

1. What Are Cookies?

Cookies are small text files that a website places on your device when you visit. They allow the site to remember information about your visit — such as whether you are logged in — making your next visit easier and the site more useful.

Cookies can be session cookies (deleted when you close your browser) or persistent cookies (remain on your device for a set period or until you delete them). They can be set by us (first-party) or by third-party services we use (third-party cookies).

Similar technologies — such as localStorage and sessionStorage — work like cookies but store data in your browser rather than as files. We use these for the same purposes described below, and this policy covers them equally.

2. Cookies We Use

We keep our cookie footprint minimal. Here is a complete list of what we set and why:

Essential Cookies

These cookies are strictly necessary for the Service to function. You cannot opt out of them while using the Service.

Cookie / Key	Set by	Purpose	Duration
`sb-<project>-auth-token`	Supabase (first-party)	Stores your encrypted authentication session token so you stay logged in across page navigations and browser restarts.	Until sign-out or token expiry (default 1 week, refreshed on activity)
`sb-<project>-auth-token-code-verifier`	Supabase (first-party)	PKCE code verifier used during OAuth sign-in flows (Google, GitHub). Deleted immediately after login completes.	Session (deleted after OAuth callback)
`workspace_slug` (localStorage)	Qravio (first-party)	Remembers your last active workspace so you land on the correct dashboard after returning to the app.	Persistent (until cleared)

Analytics Cookies

These cookies help us understand how visitors use the Service so we can improve it. They collect data in aggregate and do not identify individual users.

Cookie / Key	Set by	Purpose	Duration
`va_id`	Vercel Analytics (first-party)	Anonymous visitor identifier used to count unique visitors on the marketing site. No personal data is attached — Vercel Analytics is cookieless by default and uses this only when a persistent count is needed.	1 year

We do not use Google Analytics, Facebook Pixel, or any behavioural advertising cookies.

Preference Cookies

These store your UI preferences so you do not have to reset them on every visit.

Cookie / Key	Set by	Purpose	Duration
`sidebar_collapsed` (localStorage)	Qravio (first-party)	Remembers whether you prefer the sidebar expanded or collapsed in the dashboard.	Persistent (until cleared)
`billing_cycle` (sessionStorage)	Qravio (first-party)	Remembers your monthly/yearly toggle selection on the pricing page within a single browsing session.	Session

3. Third-Party Cookies

Certain features of the Service rely on third-party providers that may set their own cookies:

Provider	When set	Purpose	Their policy
Razorpay	When you open the payment checkout modal	Razorpay sets cookies to facilitate secure payment processing, fraud detection, and checkout session continuity.	razorpay.com/privacy
Cloudflare	On every page load	Cloudflare may set `__cf_bm` (bot management) and `_cfuvid` (rate-limiting) cookies as part of its security and performance infrastructure. These are strictly functional.	cloudflare.com/privacypolicy

We do not control third-party cookies. Please refer to each provider's privacy policy for details on how they use the data they collect.

4. How to Manage Cookies

Browser Settings

You can configure your browser to block or delete cookies at any time. Note that blocking essential cookies (Section 2) will prevent you from staying logged in to Qravio.

Chrome: Settings → Privacy and security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

Opt-Out of Analytics

Vercel Analytics respects the Do Not Track (DNT) header. If your browser sends a DNT signal, Vercel Analytics will not record your visit. You can enable DNT in most browsers under Privacy settings.

Clearing localStorage and sessionStorage

To clear browser storage used by Qravio, open your browser's developer tools (F12 → Application → Storage) and clear the data for qravio.com. This will reset your preferences and log you out.

5. Cookies on QR Scan Landing Pages

When a visitor scans one of your QR codes and lands on a Qravio-hosted landing page (e.g. a vCard or PDF page), we set a single session cookie to distinguish unique visitors from repeat scans for your analytics. This cookie:

Contains only a random session identifier — no personal data
Is not linked to any Qravio user account
Expires at the end of the browser session
Is not used for advertising or cross-site tracking

If you use a custom domain for your QR landing pages, this cookie is set on your custom domain, not on qravio.com.

6. Changes to This Policy

We may update this Cookie Policy when we add new features or change our use of cookies. We will update the "Last updated" date on this page and, for material changes, notify registered users by email. We encourage you to review this page periodically.

7. Contact

For any questions about this Cookie Policy or our use of cookies, contact us at:

TODO: support@qravio.com
TODO: Company Legal Name Pvt. Ltd., TODO: Registered Office Address, City, State – PIN Code, India