Cookie Policy
Updated
This policy explains what cookies and similar technologies OpticPOS uses on opticpos.com and inside the OpticPOS application, why we use them, and how you can control them.
1. What is a cookie?
A cookie is a small text file a website asks your browser to store. It lets the site recognise you on your next visit, keep you signed in, remember preferences, or measure how the site is used. Similar technologies — local storage, session storage, pixels — work the same way; this policy covers all of them together.
2. Categories we use
We group cookies into four categories:
| Category | Purpose | Can you opt out? |
|---|---|---|
| Strictly necessary | Auth cookies (access_token, refresh_token), CSRF protection, load balancing. | No — the app won’t function without them. |
| Functional | Remembering your current store, sidebar collapse state, recent patient selections. | Yes — but some preferences won’t persist. |
| Analytics | Aggregated, anonymized product usage (page loads, button clicks) to improve the product. | Yes — via your browser settings or the banner on first visit. |
| Marketing | Currently none. If we ever add marketing cookies (e.g., re-targeting ads) we’ll update this table and seek consent. | N/A |
3. Specific cookies we set
access_token,refresh_token— strictly necessary; JWT-based session. httpOnly, Secure, SameSite=None.opticpos_access_token— strictly necessary; browser localStorage fallback used when the browser blocks third-party cookies (Safari ITP, strict Chrome).demo_prefill— functional; session-scoped, used only to pre-fill the login form when you click a “Sign in as…” button on /demo. Deleted the moment the form is filled.dashboard_widgets,current_store— functional; remember your dashboard layout and last-active store between visits.
4. Third-party services
We use the following sub-processors. Each may set its own cookies, governed by their own privacy policies:
- Resend — transactional email delivery (no cookies on our site; only inside outbound emails).
- Razorpay / Stripe — payment processing (loaded only on billing pages).
- Emergent Cloud — application hosting.
5. How to control cookies
- Most browsers let you block or delete cookies from Settings → Privacy. Blocking strictly-necessary cookies will log you out.
- On first visit to our marketing site you’ll see a banner to accept or reject non-essential cookies.
- You can email [email protected] to revoke any prior cookie consent.
6. Do Not Track
We currently do not honour browser “Do Not Track” headers because they have no agreed standard. You can still opt out of analytics cookies as described above, which has the same practical effect.
7. Updates
We’ll update this page whenever we add, remove or significantly change the cookies we use. The “Updated” date at the top reflects the latest revision.