Cookie Policy

Short version: we use functional cookies to keep you logged in and to secure the application. We don't run analytics, don't track you across sites, and don't share data with advertising networks.

1. What is a cookie

A cookie is a small text file a website stores in your browser to remember information between requests. "First-party" cookies are set by the site you're visiting; "third-party" cookies are set by domains other than the one in your address bar — typically advertising or analytics services. Verisand sets first-party functional cookies only.

2. What this site sets

The Verisand marketing website (this site) sets no cookies of its own. The only state we store locally is a single browser localStorage entry that records whether you've dismissed the cookie notice at the bottom of the page, so we don't show it again on your next visit. It is not a cookie and contains no personal data.

3. What the product application sets

Customers using the Verisand platform receive the following strictly-necessary cookies when signed in. They are not optional — the application cannot function without them.

• Session cookie. Identifies your authenticated session. HttpOnly, Secure, SameSite=Lax. Expires when you log out or after the session-idle timeout.
• CSRF token. Protects state-changing requests against cross-site request forgery. Same expiry as the session.
• MFA challenge cookie. Holds a short-lived challenge during multi-factor-authentication login. Expires within minutes.
• Trusted-device token. Optional — only set if you explicitly choose "trust this device" during MFA. 90-day expiry, scoped to a single device fingerprint.

4. Third-party security cookies

Our content-delivery and edge-protection provider may set additional security-related cookies to mitigate automated abuse. These are required for access to the Service and are not used for tracking or advertising. Your browser's developer tools will list the cookies active on a given page.

5. What Verisand does not do

• No third-party analytics.
• No advertising or retargeting cookies.
• No cross-site tracking pixels.
• No fingerprinting for advertising purposes.
• No selling or sharing of cookie-derived data with third parties.

If we change this in the future — for example, by adding privacy-respecting analytics — we will update this page and ask for consent before non-functional cookies are set.

6. Controlling cookies

You can clear or block cookies through your browser settings. Blocking the strictly-necessary product cookies described above will break login and prevent use of the product application. The marketing site is fully usable without cookies; only the dismissal of the cookie notice will not persist between visits.

7. Changes

Material changes to this Cookie Policy will be published here in line with the change process described in the Privacy Policy.

8. Contact

Questions about cookies: privacy@verisand.ai.