Last updated: 14 April 2026 · Effective date: 14 April 2026
Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences, keep you signed in, and understand how you use the platform.
We use cookies in compliance with the Information Technology Act 2000, the Digital Personal Data Protection Act 2023 (DPDP Act), and applicable RBI guidelines on data privacy.
| Category | Cookie Name | Purpose | Duration |
|---|---|---|---|
| Essential | sb-access-token | Supabase authentication session token — required to stay logged in to the FusionKYC platform | Session |
| Essential | sb-refresh-token | Supabase session refresh — keeps your authenticated session alive | 7 days |
| Essential | __Host-next-auth | Next.js authentication state — required for secure platform access | Session |
| Functional | fusionkyc-language | Remembers your preferred language (Hindi, English, Gujarati etc.) for KFS documents | 30 days |
| Functional | fusionkyc-tenant | Stores your HFC tenant context for correct dashboard routing | Session |
| Analytics | _vercel_analytics | Vercel Web Analytics — anonymous, aggregated usage data. No personal data collected. | 90 days |
| Security | __Secure-csrf | CSRF protection token — prevents cross-site request forgery attacks | Session |
We do not use advertising cookies, third-party tracking cookies, or any cookies that build profiles for marketing purposes.
Essential cookies are necessary for the FusionKYC platform to function. They cannot be disabled. These include:
We use Vercel Web Analytics which collects anonymous, aggregated data about how pages are used (page views, load times, device type). This data contains no personal information and is not shared with third parties.
Vercel Analytics does not use cookies to track individual users across sessions — it uses a privacy-preserving approach compliant with GDPR and the DPDP Act 2023.
FusionKYC does not display advertisements. We do not allow any third-party advertisers or ad networks to place cookies on our platform. We do not share your data with advertising platforms.
Third-party integrations used by FusionKYC (Supabase, Smartauth, UIDAI, DigiLocker) may set their own cookies only on their respective domains — not on fusionkyc.com.
In compliance with UIDAI regulations and RBI KYC Master Directions 2016, Aadhaar numbers, biometric data, OTPs, and KYC documents are never stored in cookies, browser storage, or client-side state beyond the active session.
All KYC data is transmitted securely over HTTPS and stored encrypted in our Supabase database with row-level security policies.
You can control cookies through your browser settings:
| Browser | Cookie Settings Location |
|---|---|
| Chrome | Settings → Privacy and Security → Cookies and other site data |
| Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Safari | Preferences → Privacy → Manage Website Data |
| Edge | Settings → Privacy, Search, and Services → Cookies |
Note: Disabling essential cookies will prevent you from logging in to the FusionKYC platform. Analytics cookies can be disabled without affecting platform functionality.
In compliance with RBI data localisation requirements and the DPDP Act 2023, all FusionKYC customer data — including any data associated with cookies — is stored on servers located in India (Mumbai/ap-south-1 region).
No customer KYC data or session data is transferred outside India.
We may update this Cookie Policy from time to time. Material changes will be notified to registered HFC administrators via email at least 30 days before they take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
For questions about this Cookie Policy or to exercise your rights under the DPDP Act 2023: