Cookie Policy

Cookies are small text files that your browser stores on your device when you visit our website or use our web application. They allow us to remember your session, maintain security state, and improve platform performance.

In addition to cookies, we may use similar technologies including secure HTTP-only session tokens, local storage for UI preferences, and browser memory cache to support authentication flows, two-factor authentication state, and dashboard continuity.

We use cookies and similar storage in the following categories:

• Strictly necessary cookies: Required for login, secure sessions, role-based access control, CSRF protection, and platform safety. Disabling these will prevent the platform from functioning. This includes JWT session tokens and organization-context cookies set after you log in.
• Two-factor authentication (2FA) cookies: When you enable 2FA, a temporary challenge token is stored for the duration of the authentication flow. This token is cleared immediately after successful or failed verification and is never shared with third parties.
• Preference cookies: Remember your choices such as dark/light theme mode, selected organization context, and dashboard display preferences. These persist across sessions so you do not need to reconfigure them on each visit.
• Analytics cookies: Help us measure feature usage, page load performance, and error rates so we can improve reliability, speed, and overall user experience. These do not identify you personally.
• Payment partner cookies: Our payment gateway partner Razorpay may set session-scoped cookies when you initiate a wallet recharge or subscription payment. These are strictly necessary for secure transaction processing and are governed by Razorpay's privacy policy.
• WhatsApp integration state: When you connect your WhatsApp Business account via Meta OAuth, a short-lived state token is stored to verify the OAuth callback and prevent CSRF during the connection flow. This token is discarded immediately after the integration is established.

Some of our integrations and infrastructure partners may place their own cookies or similar identifiers subject to their own privacy policies. We review all third-party integrations before deployment, but we do not control their browser-side behavior outside our platform.

Current third parties that may set session-related data include our payment gateway (Razorpay) and Meta (for WhatsApp Business OAuth). No third party is given access to your GST filing data, bank statement data, or personal account information through cookies.

Cookie lifetimes vary by type:

• Session cookies (login tokens, 2FA challenge tokens, OAuth state) are cleared when you close your browser or log out.
• Preference cookies persist for up to 12 months or until you manually clear them.
• Analytics cookies have a maximum retention of 13 months from the date they are set.
• Payment partner cookies are session-scoped and expire when the transaction flow completes.

You can manage cookies from your browser settings by deleting stored cookies, blocking selected cookie types, or clearing all site data foronebooksgst.in.

If you disable strictly necessary cookies, core platform features will stop working — including login, secure dashboards, file uploads, wallet recharge, and WhatsApp campaign management. We recommend keeping essential cookies enabled for full platform functionality.

Analytics and preference cookies can be disabled without affecting core features, though your theme and display preferences will reset on each visit.

We may update this Cookie Policy when legal, technical, or product requirements change. The latest version is always shown on this page with the effective date at the top.

For privacy-related terms, please review our Privacy Policy.

For cookie-related queries, contact us at info@onebooksgst.in.