Effective date: 2026-05-21 Last updated: 2026-05-21
This Cookie Policy explains how Tripaay Technologies, operated by DevCommX (“Tripaay”), uses cookies and similar technologies on tripaay.com and app.tripaay.com.
This policy is published in addition to our Privacy Policy.
1. What cookies are
Cookies are small text files stored on your device when you visit a website. They are used to remember preferences, keep you signed in, and understand how the site is used.
Some “cookies” we use are not strictly cookies (e.g., localStorage or session-related browser storage). For brevity this policy refers to all of them as cookies.
2. What we use cookies for
| Category | Purpose | Strictly necessary? | Examples |
|---|---|---|---|
| Essential | Keep you signed in, prevent CSRF, route requests to the right region | Yes — cannot be turned off | Supabase auth session, CSRF token |
| Functional | Remember preferences (e.g., last selected agency if you belong to multiple) | No | tripaay_impersonate_org (staff-only), workspace preferences |
| Analytics | Aggregated usage statistics that help us improve the product. We are not currently running any analytics cookies. | No | (none active today) |
We do not use:
- Advertising or marketing cookies
- Third-party tracking pixels
- Cookies that follow you across other websites
3. How long cookies last
| Cookie | Duration |
|---|---|
| Authentication session | 7 days, rolling |
| CSRF protection | Session only |
| Impersonation cookie (staff only) | 1 hour |
When you sign out, your authentication cookie is invalidated immediately.
4. Your choices
You can:
- Block or delete cookies in your browser settings — though doing so for essential cookies will prevent you from signing in
- Use private / incognito mode for ephemeral sessions
- Sign out at any time to invalidate the session cookie
We honor your browser's Do Not Track and prefers-reduced-motion settings where applicable.
5. Future analytics
If we add analytics (e.g., Plausible or PostHog) in future, we will:
- Add an explicit consent banner before any analytics cookie is set
- Use privacy-first providers (no IP collection, no cross-site tracking)
- Update this policy 30 days before deploying
6. Contact
For questions about this Cookie Policy, email privacy@tripaay.com.