LegalGDPR CompliantCCPA CompliantPECA Aware

Cookies Policy

This policy explains exactly what cookies and similar tracking technologies Receptify uses across its website, dashboard, and services what they do, why we use them, and how you can control them. Written plainly, without jargon.

Effective: May 15, 2026Last updated: May 15, 2026Version: 1.0Jurisdiction: Pakistan (Global reach)

Overview

Plain-language summary

Receptify uses strictly necessary cookies to run the platform (you cannot opt out of these), and optional functional and analytics cookies to improve your experience (you can opt out at any time). We do not use advertising or tracking cookies. We do not sell cookie-derived data.

This Cookies Policy applies to all digital properties operated by Receptify Inc. ("Receptify", "we", "us", or "our"), including our marketing website (receptify.com), the Receptify web dashboard, any sub-domains, API documentation portals, and any landing pages we operate (collectively, the "Services").

This policy should be read together with our Privacy Policy, which provides the broader context for how we handle personal data, including data that may be collected via cookies.

Although Receptify is incorporated and primarily based in Pakistan, our platform serves customers globally, including users in the European Economic Area (EEA), United Kingdom, United States, Canada, Australia, and the Middle East. This policy therefore addresses cookie compliance requirements across multiple jurisdictions, including Pakistan's Prevention of Electronic Crimes Act (PECA) 2016, the EU ePrivacy Directive, the GDPR, and the CCPA/CPRA.

01.What Are Cookies

Cookies are small text files that a website or application places on your device (computer, tablet, or mobile phone) when you visit or use it. They are universally supported by all major browsers and are the industry-standard mechanism for maintaining state in stateless HTTP-based web applications.

Each cookie contains a small amount of data typically a unique identifier string, the domain that set it, an expiration date, and various security flags. Your browser stores cookies and automatically sends them back to the originating server with each subsequent request, enabling the server to recognize you and recall preferences or session state.

1.1 Cookie Anatomy

AttributeDescriptionExample
NameUnique identifier for the cookiereceptify_session
ValueEncrypted or encoded data storedeyJhbGci... (JWT)
DomainWhich domain can read the cookiereceptify.com
PathURL path scope for the cookie/ (root all paths)
Expires / Max-AgeWhen the cookie is deleted30 days from issuance
HttpOnlyPrevents JavaScript from reading the valuetrue (for auth tokens)
SecureOnly transmitted over HTTPStrue (all Receptify cookies)
SameSiteCross-site request protection levelStrict or Lax

1.2 Why Cookies Matter for Security

For a B2B SaaS platform like Receptify, cookies are not merely a convenience they are a security mechanism. Our authentication system relies on HttpOnly, Secure, SameSite cookies to store refresh tokens in a way that is inaccessible to JavaScript running in the browser, protecting against cross-site scripting (XSS) token theft. CSRF protection tokens are also cookie-based.

Cookies are stored entirely on your device. Receptify does not store cookie values in our databases (except for session identifiers that map to server-side session records). Your actual authentication token value is never stored on our servers after it is issued.

02.Cookies We Use

Receptify uses four categories of cookies, aligned with the IAB Europe Transparency and Consent Framework (TCF) taxonomy and the ICC UK Cookie Guide. Each category serves a distinct purpose and has different consent requirements.

2.1 Strictly Necessary Cookies

Required

These cookies are essential for the platform to function. Without them, you cannot log in, maintain a session, or use any authenticated feature. These cookies do not require your consent under any global privacy regime because they are technically necessary for the provision of the service you explicitly requested.

NamePurposeDurationHttpOnlySecureSameSite
receptify_access_tokenShort-lived JWT for authenticated API requests15 minutesYesYesStrict
receptify_refresh_tokenRotate access tokens without re-login30 daysYesYesStrict
receptify_csrfCross-site request forgery protection tokenSessionNo (must be readable by JS to submit)YesStrict
receptify_tenantIdentifies your organization subdomain contextSessionYesYesLax
receptify_consentRecords your cookie consent choices1 yearNoYesLax

2.2 Functional Cookies

Optional

Functional cookies remember your preferences and settings to provide a more personalized experience. They are not essential to the core service but meaningfully improve usability. If you decline these, the platform will still work, but some preferences (like your selected theme) will not persist between sessions.

NamePurposeDurationHttpOnlySecureSameSite
receptify_themeStores dark/light mode preference1 yearNoYesLax
receptify_localeStores language/locale preference1 yearNoYesLax
receptify_sidebarStores sidebar collapsed/expanded state6 monthsNoYesLax
receptify_table_prefsStores dashboard table sort/filter preferences6 monthsNoYesLax
receptify_onboardingTracks onboarding checklist dismissal statePermanent (until cleared)NoYesLax

2.3 Analytics Cookies

Optional

Analytics cookies help us understand how users interact with the platform which features are used most, where users drop off in onboarding flows, and what performance issues arise. This data is used exclusively to improve Receptify and is not shared with third parties for commercial purposes. Our analytics infrastructure is self-hosted and privacy-preserving: IP addresses are anonymized and no cross-site tracking is performed.

NamePurposeDurationHttpOnlySecureSameSite
receptify_analytics_idPseudonymous visitor ID for session stitching90 daysNoYesLax
receptify_session_idGroups page views into a single visit session30 minutes (sliding)NoYesLax
receptify_feature_flagsRecords which A/B test variant you are assigned30 daysNoYesLax

Privacy-preserving analytics

Receptify does not use Google Analytics, Meta Pixel, or any third-party analytics service that builds cross-site profiles. All analytics data is processed on our own infrastructure, stored in our own database, and subject to our Privacy Policy retention periods. Analytics identifiers are pseudonymous they cannot be linked to your name or email without additional data held separately.

2.4 Marketing / Advertising Cookies

N/A

We do not use advertising cookies

Receptify does not deploy marketing, advertising, retargeting, or behavioral tracking cookies of any kind. We do not work with advertising networks, do not serve programmatic ads, and do not share cookie data with data brokers. This applies to our marketing website, dashboard, and all sub-domains.

03.First & Third-Party Cookies

Cookies are also classified by origin who sets them. This distinction matters because third-party cookies can potentially track you across multiple websites, whereas first-party cookies are scoped to Receptify's own domains.

3.1 First-Party Cookies (Set by Receptify)

All cookies described in Section 2 above are first-party cookies. They are set by Receptify's servers under the receptify.com domain (and applicable sub-domains such as app.receptify.com, api.receptify.com, and customer-specific tenant sub-domains). These cookies can only be read by Receptify's own servers and cannot be accessed by other websites you visit.

3.2 Third-Party Cookies (Set by Sub-processors)

Some third-party services integrated into our platform may set their own cookies. We maintain strict control over which third-party scripts load on our pages and have reviewed each one:

ProviderCookiePurposeOpt-Out AvailableCategory
Stripe__stripe_mid, __stripe_sidFraud detection on payment pagesNo (required for payments)Strictly Necessary
Stripe_ga (Stripe's own analytics)Stripe's internal analytics on checkout flowYes (via cookie preferences)Analytics
Intercom (if enabled)intercom-id-*, intercom-session-*In-app chat widget state and session continuityYes (via cookie preferences)Functional
Receptify has contractually restricted all sub-processors from using cookies set on our domains for their own advertising or cross-site tracking purposes. Sub-processor cookies are strictly scoped to the service they provide on our platform.

3.3 Third-Party Cookie Deprecation

The browser industry is phasing out third-party cookies. Google Chrome completed the deprecation of third-party cookies for most users. Receptify's architecture does not depend on third-party cookies for any core functionality. As this industry transition continues, this policy will be updated to reflect any changes to our technology stack.

04.Session vs Persistent Cookies

Beyond category and origin, cookies are classified by lifespan. Understanding this helps you know how long a cookie will remain on your device.

๐Ÿ• Session Cookies

Session cookies have no expiration date set. They are stored in your browser's temporary memory and are automatically deleted when you close your browser tab or window.

Examples on Receptify: CSRF token, session identifiers used during your login flow.

๐Ÿ“… Persistent Cookies

Persistent cookies have an explicit expiration date. They remain on your device after you close the browser and are sent to the server on your next visit, until they expire or you delete them.

Examples on Receptify: Refresh token (30 days), theme preference (1 year), analytics ID (90 days).

Cookie TypeLifespanWhy This Duration
Authentication (access)Session (15 min auto-refresh)Minimize risk window if token is compromised
Authentication (refresh)30 daysBalance security with login convenience
CSRF tokenSessionRegenerated every session for security
UI Preferences6 months โ€“ 1 yearAvoid re-configuring preferences on every visit
Analytics90 daysIndustry standard for pseudonymous analytics windows
Consent record1 yearRemember consent choices without re-prompting annually

05.Similar Technologies

Cookies are not the only way websites store data on your device. Receptify's platform also uses a small number of complementary web storage technologies. For completeness and transparency, we disclose all of them here.

5.1 localStorage

We use the browser's localStorage API to store non-sensitive UI state that does not need to be sent to the server with every request. localStorage data persists until explicitly cleared by the user or the application. Unlike cookies, it is not transmitted to the server automatically.

  • โ€บDashboard layout preferences (column widths, view mode)
  • โ€บRecently accessed agent IDs for quick navigation
  • โ€บDismissed notification or announcement banners
  • โ€บIn-progress form draft data (e.g. partially typed agent scripts) cleared on successful save

5.2 sessionStorage

sessionStorage works like localStorage but is scoped to a single browser tab and cleared when that tab is closed. We use it for transient UI state within a single session.

  • โ€บWizard step progress (e.g. agent setup multi-step form state)
  • โ€บTemporary search query state between navigations within the same tab
  • โ€บModal and drawer open/close state for deep-link navigation

5.3 IndexedDB

Receptify does not currently use IndexedDB for any purpose. If this changes, this section will be updated before deployment.

5.4 Web Beacons / Pixels

No tracking pixels used

Receptify does not use web beacons, tracking pixels, clear GIFs, or similar invisible tracking elements. No third-party advertising or analytics pixel (Meta Pixel, Google Tag Manager, LinkedIn Insight, TikTok Pixel, etc.) is loaded on any page of our platform or marketing website.

5.5 Device Fingerprinting

Device fingerprinting involves collecting browser and device characteristics (screen resolution, fonts, GPU, etc.) to identify a user across sessions without cookies. Receptify does not perform device fingerprinting for tracking purposes. Our fraud detection (provided by Stripe for payment processing) may collect device signals strictly for payment security; this is not used for behavioral advertising.

5.6 Service Workers

Some parts of the Receptify dashboard may use a Service Worker for offline capability and asset caching (improving load performance). Service workers do not store personal data they cache static application assets (JavaScript, CSS, images). The cache can be cleared by clearing your browser cache.

07.Managing Your Cookie Preferences

You have multiple ways to control which cookies Receptify sets on your device. Your choices are respected in real time and your preferences are saved for future visits.

7.1 Receptify Cookie Preference Centre

The easiest way to manage your cookie preferences is through our Cookie Preference Centre, accessible via:

  • โ€บThe cookie banner displayed on your first visit to any Receptify page
  • โ€บThe 'Cookie Preferences' link in the footer of every Receptify page
  • โ€บDashboard Settings โ†’ Privacy & Cookies (for logged-in users)
  • โ€บThe 'Manage Cookie Preferences' button in the left sidebar of this page

In the Cookie Preference Centre, you can independently toggle Functional cookies and Analytics cookies on or off. Your strictly necessary cookies cannot be disabled as they are required to log in and use the platform.

Disabling functional cookies will mean your UI preferences (theme, language, layout) will not be saved between sessions. Disabling analytics cookies will not affect your ability to use any Receptify feature it only affects our ability to understand how you use the platform.

7.2 Withdrawing Consent

You may withdraw previously given consent at any time by returning to the Cookie Preference Centre. Withdrawal of consent is prospective it does not affect processing already carried out under your prior consent. When you withdraw consent for a cookie category:

  • โ€บReceptify will immediately stop setting new cookies in that category
  • โ€บExisting cookies in that category will be deleted from your browser within 24 hours or on your next page load
  • โ€บYour updated consent record will be stored in the strictly necessary receptify_consent cookie

7.3 Consent Record & Audit

Receptify maintains a server-side log of consent decisions for compliance audit purposes. This record includes: the timestamp of your consent or withdrawal, your IP address (anonymized after 30 days), the consent version (linked to this policy version), and which categories you accepted or rejected. This consent log is retained for 3 years.

08.Browser & Device Controls

In addition to our Cookie Preference Centre, you can manage cookies directly through your browser or device settings. The steps vary by browser; the most common are listed below.

๐ŸŒ

Google Chrome

  1. 1.Open Chrome menu (โ‹ฎ) โ†’ Settings
  2. 2.Click 'Privacy and security' โ†’ 'Cookies and other site data'
  3. 3.Choose 'Block third-party cookies' or 'Block all cookies'
  4. 4.Or: Add receptify.com to the 'Sites that can always use cookies' list
๐ŸฆŠ

Mozilla Firefox

  1. 1.Open Firefox menu (โ˜ฐ) โ†’ Settings โ†’ Privacy & Security
  2. 2.Under 'Enhanced Tracking Protection', choose Standard, Strict, or Custom
  3. 3.Or: Go to 'Cookies and Site Data' โ†’ 'Manage Data' to delete specific cookies
๐Ÿงญ

Safari (macOS/iOS)

  1. 1.Safari โ†’ Preferences (macOS) or Settings โ†’ Safari (iOS)
  2. 2.Go to 'Privacy' tab โ†’ Enable 'Prevent cross-site tracking'
  3. 3.On iOS: Settings โ†’ Safari โ†’ 'Block All Cookies'
๐Ÿ”ท

Microsoft Edge

  1. 1.Open Edge menu (โ‹ฏ) โ†’ Settings โ†’ Privacy, search, and services
  2. 2.Under 'Tracking prevention', choose Basic, Balanced, or Strict
  3. 3.Or: Go to 'Cookies and site permissions' โ†’ 'Manage and delete cookies'
๐Ÿ”ด

Opera

  1. 1.Open Opera menu โ†’ Settings โ†’ Privacy & security
  2. 2.Click 'Site Settings' โ†’ 'Cookies and site data'
  3. 3.Toggle 'Block third-party cookies' or configure per-site
๐Ÿฆ

Brave

  1. 1.Click the Brave Shields icon (๐Ÿฆ) in the address bar
  2. 2.Adjust 'Cross-site cookies blocked' to your preference
  3. 3.For global settings: Brave menu โ†’ Settings โ†’ Privacy and security
If you use browser settings to block all cookies, you will not be able to log in to Receptify, as our authentication system depends on HttpOnly cookies to store your session tokens. We recommend using our Cookie Preference Centre to selectively disable non-essential cookies while keeping authentication cookies active.

8.1 Mobile Devices

On mobile devices, cookie controls are managed through the browser app's settings (not the device's system settings). The steps for mobile Chrome, Firefox, Safari (iOS), and Samsung Internet follow similar patterns to their desktop counterparts navigate to the browser's Settings menu and look for Privacy or Site Data sections.

8.2 Clearing Existing Cookies

To delete all Receptify cookies from your device, use your browser's "Clear browsing data" function and select "Cookies and site data". You can typically specify a time range and target only receptify.com. Note that clearing cookies will log you out of the platform.

09.Do Not Track

"Do Not Track" (DNT) is a browser setting that sends a signal to websites requesting that they not track the user across sites. It is implemented via the HTTP DNT: 1 header.

Currently, there is no universally agreed-upon standard for how websites must respond to DNT signals, and the DNT proposal has been largely deprecated by browser vendors (Safari removed it; Firefox retains it). There is no legal obligation in Pakistan, the EEA, the UK, or the United States (except California's limited CCPA guidance) to honor DNT signals.

Receptify's approach to DNT:

  • โ€บWe detect the DNT: 1 header on incoming requests
  • โ€บWhen detected, we automatically apply the equivalent of 'analytics cookies declined' behavior analytics cookies are not set
  • โ€บStrictly necessary and functional cookies are still set regardless of DNT, as these are required for service operation
  • โ€บThis behavior exceeds the legal minimum in all jurisdictions where we operate

9.1 Global Privacy Control (GPC)

Global Privacy Control is a newer browser signal (supported by browsers including Brave, Firefox, and DuckDuckGo) that signals opt-out of the sale or sharing of personal data. Under the CPRA, California businesses are legally required to honor GPC signals.

Receptify honors GPC signals from California users. When a GPC signal is detected from a California IP address, we treat it as an opt-out of any sharing of personal data for cross-context behavioral advertising (though we do not currently engage in such sharing regardless).

10.Pakistan & Regional Law

Our home jurisdiction

Receptify is incorporated and headquartered in Pakistan. While we serve customers globally and comply with GDPR and CCPA, we are also guided by Pakistani law in our domestic operations.

10.1 Prevention of Electronic Crimes Act (PECA) 2016

Pakistan's primary legislation governing digital data and cybercrime is the Prevention of Electronic Crimes Act (PECA) 2016. PECA does not contain prescriptive cookie consent requirements analogous to the EU ePrivacy Directive. However, it does establish:

  • โ€บProhibition on unauthorized access to information systems (Section 3) Receptify's cookie implementation respects user consent and does not facilitate unauthorized data collection
  • โ€บProtection of data privacy (Section 14 cyber stalking provisions broadly interpreted) Receptify does not use cookies for surveillance or tracking of individuals without their knowledge
  • โ€บData collection for lawful purposes all cookie data collected by Receptify is for legitimate service delivery or analytics purposes
  • โ€บObligations on service providers to respond to lawful government requests Receptify maintains cookie/session logs that may be disclosed under court order as required by PECA Section 31

10.2 Personal Data Protection Bill (Pakistan)

Pakistan is in the process of enacting a comprehensive Personal Data Protection Bill (PDPB). As of May 2026, the bill has been through multiple drafts and committee reviews. Receptify is monitoring the legislative process and is committed to compliance once the PDPB is enacted. Key provisions expected in the PDPB that would affect our cookie practices include:

  • โ€บExplicit consent requirements for processing of personal data our existing consent mechanisms are already aligned with these anticipated requirements
  • โ€บData minimization principles we already apply these; cookies store only what is necessary
  • โ€บRight to access and erasure our Cookie Preference Centre and Privacy Policy already provide these rights globally
  • โ€บAppointment of a Data Protection Officer we already maintain DPO contact details
  • โ€บCross-border transfer restrictions our sub-processor SCCs and DPAs are already in place

10.3 Telecommunications (Re-organization) Act 1996

As a company using telecommunications infrastructure (via Twilio for call handling), Receptify is aware of PTA (Pakistan Telecommunication Authority) regulations. Session cookies used for our Twilio-integrated call dashboard fall within standard web service operation and are not subject to telecommunications-specific cookie restrictions.

10.4 SBP Payment Regulations

The State Bank of Pakistan (SBP) issues regulations for payment service providers. Stripe's fraud-detection cookies (__stripe_mid, __stripe_sid) used on our billing pages are required for PCI DSS compliance and are consistent with SBP payment security guidelines.

11.International Compliance

Receptify's cookie practices are designed to meet or exceed the requirements of all major international privacy frameworks applicable to our user base.

JurisdictionFrameworkKey RequirementReceptify Compliance
European UnionEU ePrivacy Directive (2002/58/EC) + GDPRPrior consent for non-essential cookies; consent must be freely given, specific, informed, and unambiguousGeo-targeted consent banner; no non-essential cookies set before consent; granular category toggles
United KingdomUK PECR + UK GDPRSame as EU ePrivacy post-Brexit; ICO guidance followedSame consent banner applies to UK users; 'Reject All' option prominently displayed
United States (California)CCPA / CPRANo consent gate required for analytics cookies; opt-out of 'sale' or 'sharing'; GPC signal honoredOpt-out mechanism in cookie centre; GPC honored; no sale of cookie data
CanadaPIPEDA / Quebec Law 25Meaningful consent for collection; Quebec Law 25 requires prior consent similar to GDPRConsent banner shown to Canadian users; Quebec users treated equivalently to EEA users
AustraliaPrivacy Act 1988 (as amended)Reasonable notice of data collection; consent not strictly required for analyticsInformational banner for Australian users; full cookie disclosure in this policy
UAE / Middle EastUAE PDPL; Saudi PDPLConsent for personal data collection; data minimizationConsent mechanism applied; no cross-border transfer without safeguards
PakistanPECA 2016; anticipated PDPBNo prescriptive cookie law currently; PDPB expectedTransparency via this policy; PDPB-ready consent mechanisms in place

13.Updates to This Policy

Receptify will update this Cookies Policy when we add, remove, or change cookies in a material way; when our sub-processors change their cookie practices; when applicable law changes (in particular as Pakistan's PDPB is enacted and EU ePrivacy Regulation progresses); or when we make changes to consent mechanisms.

  • โ€บMaterial changes (new cookie categories, new third-party cookies, changes to consent approach): Email notice to account holders at least 14 days before the change; prominent banner in the dashboard; consent re-collected where required by law.
  • โ€บMinor changes (adding or removing a single cookie within an existing category, updating expiration dates, clarifying descriptions): 'Last updated' date updated; no direct notification; cookie banner re-shown if consent version changes.
  • โ€บEmergency changes (required by law, security incident response): Implemented immediately; notice provided as soon as practicable.
  • โ€บPakistan PDPB enactment: When the PDPB becomes law, we will review and update this policy within 60 days to reflect any new requirements, and will email all account holders with a summary of changes.

All previous versions of this Cookies Policy are archived and available on request by emailing privacy@devzey.com. The current version is always accessible at receptify.com/cookies.

14.Contact & Data Protection Officer

For any questions, concerns, or requests relating to this Cookies Policy, cookies we set, or how to exercise your rights in connection with cookie data, please contact us:

๐Ÿ“ง

Cookie / Privacy Queries

privacy@devzey.com

๐Ÿ”

Security Issues

security@devzey.com

๐Ÿ“ฎ

Postal Address

Receptify Inc., Pakistan [Address on file]

EEA and UK residents may contact our EU/UK representative (details on request) or lodge a complaint with their national supervisory authority for example, the ICO in the UK (ico.org.uk) or their national DPA in the EEA. You also have the right to complain to the relevant authority in the country where you live, work, or believe an infringement occurred.

We aim to respond to all cookie-related inquiries within 5 business days and all formal data subject requests within 30 calendar days (extendable by 60 days for complex requests, with notice).

Effective: May 15, 2026 ยท Version 1.0 ยท Receptify Inc., Pakistanโ†‘ Back to top