Cookie Policy

Overview

Nandi follows a minimal cookie approach similar to GitHub, using only essential cookies required for authentication and security. We do not use tracking, analytics, or marketing cookies.

Cookies We Use

Essential Authentication Cookies

Cookie Attributes

All our cookies use the following security attributes:

• HTTP-Only: Cannot be accessed by JavaScript, preventing XSS attacks
• Secure: Only transmitted over HTTPS in production
• SameSite=Lax: Provides CSRF protection while allowing normal navigation
• Path=/: Available across the entire application
• Domain: Restricted to our domain only

What We Don't Use

Technical Implementation

JWT-Based Sessions

• Sessions use JSON Web Tokens (JWT) stored in secure cookies
• No server-side session storage required
• Automatic expiration and refresh handling
• Cryptographically signed to prevent tampering

Security Features

• CSRF Protection: Built-in token validation
• XSS Prevention: HTTP-only cookie attributes
• Secure Transmission: HTTPS-only in production
• Domain Restriction: Cookies limited to our domain

Cookie Consent

Managing Cookies

Viewing Cookies

You can view our cookies in your browser's developer tools:

1. Open Developer Tools (F12)
2. Go to Application/Storage tab
3. Select Cookies → [our domain]

Clearing Cookies

• Logout: Automatically clears authentication cookies
• Browser Settings: Clear all cookies for our domain
• Incognito/Private Mode: Cookies automatically cleared when closing

Compliance

This cookie implementation complies with:

• GDPR: Essential cookies exempt from consent
• CCPA: No personal data tracking
• ePrivacy Directive: Only necessary cookies used
• Industry Best Practices: Security-first approach