Cookies Policy
This policy explains exactly what cookies and similar tracking technologies Receptify uses across its website, dashboard, and services what they do, why we use them, and how you can control them. Written plainly, without jargon.
Overview
Plain-language summary
This Cookies Policy applies to all digital properties operated by Receptify Inc. ("Receptify", "we", "us", or "our"), including our marketing website (receptify.com), the Receptify web dashboard, any sub-domains, API documentation portals, and any landing pages we operate (collectively, the "Services").
This policy should be read together with our Privacy Policy, which provides the broader context for how we handle personal data, including data that may be collected via cookies.
Although Receptify is incorporated and primarily based in Pakistan, our platform serves customers globally, including users in the European Economic Area (EEA), United Kingdom, United States, Canada, Australia, and the Middle East. This policy therefore addresses cookie compliance requirements across multiple jurisdictions, including Pakistan's Prevention of Electronic Crimes Act (PECA) 2016, the EU ePrivacy Directive, the GDPR, and the CCPA/CPRA.
03.First & Third-Party Cookies
Cookies are also classified by origin who sets them. This distinction matters because third-party cookies can potentially track you across multiple websites, whereas first-party cookies are scoped to Receptify's own domains.
3.1 First-Party Cookies (Set by Receptify)
All cookies described in Section 2 above are first-party cookies. They are set by Receptify's servers under the receptify.com domain (and applicable sub-domains such as app.receptify.com, api.receptify.com, and customer-specific tenant sub-domains). These cookies can only be read by Receptify's own servers and cannot be accessed by other websites you visit.
3.2 Third-Party Cookies (Set by Sub-processors)
Some third-party services integrated into our platform may set their own cookies. We maintain strict control over which third-party scripts load on our pages and have reviewed each one:
| Provider | Cookie | Purpose | Opt-Out Available | Category |
|---|---|---|---|---|
| Stripe | __stripe_mid, __stripe_sid | Fraud detection on payment pages | No (required for payments) | Strictly Necessary |
| Stripe | _ga (Stripe's own analytics) | Stripe's internal analytics on checkout flow | Yes (via cookie preferences) | Analytics |
| Intercom (if enabled) | intercom-id-*, intercom-session-* | In-app chat widget state and session continuity | Yes (via cookie preferences) | Functional |
3.3 Third-Party Cookie Deprecation
The browser industry is phasing out third-party cookies. Google Chrome completed the deprecation of third-party cookies for most users. Receptify's architecture does not depend on third-party cookies for any core functionality. As this industry transition continues, this policy will be updated to reflect any changes to our technology stack.
04.Session vs Persistent Cookies
Beyond category and origin, cookies are classified by lifespan. Understanding this helps you know how long a cookie will remain on your device.
๐ Session Cookies
Session cookies have no expiration date set. They are stored in your browser's temporary memory and are automatically deleted when you close your browser tab or window.
Examples on Receptify: CSRF token, session identifiers used during your login flow.
๐ Persistent Cookies
Persistent cookies have an explicit expiration date. They remain on your device after you close the browser and are sent to the server on your next visit, until they expire or you delete them.
Examples on Receptify: Refresh token (30 days), theme preference (1 year), analytics ID (90 days).
| Cookie Type | Lifespan | Why This Duration |
|---|---|---|
| Authentication (access) | Session (15 min auto-refresh) | Minimize risk window if token is compromised |
| Authentication (refresh) | 30 days | Balance security with login convenience |
| CSRF token | Session | Regenerated every session for security |
| UI Preferences | 6 months โ 1 year | Avoid re-configuring preferences on every visit |
| Analytics | 90 days | Industry standard for pseudonymous analytics windows |
| Consent record | 1 year | Remember consent choices without re-prompting annually |
05.Similar Technologies
Cookies are not the only way websites store data on your device. Receptify's platform also uses a small number of complementary web storage technologies. For completeness and transparency, we disclose all of them here.
5.1 localStorage
We use the browser's localStorage API to store non-sensitive UI state that does not need to be sent to the server with every request. localStorage data persists until explicitly cleared by the user or the application. Unlike cookies, it is not transmitted to the server automatically.
- โบDashboard layout preferences (column widths, view mode)
- โบRecently accessed agent IDs for quick navigation
- โบDismissed notification or announcement banners
- โบIn-progress form draft data (e.g. partially typed agent scripts) cleared on successful save
5.2 sessionStorage
sessionStorage works like localStorage but is scoped to a single browser tab and cleared when that tab is closed. We use it for transient UI state within a single session.
- โบWizard step progress (e.g. agent setup multi-step form state)
- โบTemporary search query state between navigations within the same tab
- โบModal and drawer open/close state for deep-link navigation
5.3 IndexedDB
Receptify does not currently use IndexedDB for any purpose. If this changes, this section will be updated before deployment.
5.4 Web Beacons / Pixels
No tracking pixels used
5.5 Device Fingerprinting
Device fingerprinting involves collecting browser and device characteristics (screen resolution, fonts, GPU, etc.) to identify a user across sessions without cookies. Receptify does not perform device fingerprinting for tracking purposes. Our fraud detection (provided by Stripe for payment processing) may collect device signals strictly for payment security; this is not used for behavioral advertising.
5.6 Service Workers
Some parts of the Receptify dashboard may use a Service Worker for offline capability and asset caching (improving load performance). Service workers do not store personal data they cache static application assets (JavaScript, CSS, images). The cache can be cleared by clearing your browser cache.
06.Legal Basis for Cookies
The legal basis for setting cookies varies by cookie category and the jurisdiction of the user. The following table maps each cookie category to its legal basis under the major frameworks applicable to Receptify's user base.
| Cookie Category | EU ePrivacy / GDPR | UK PECR | CCPA/CPRA | Pakistan PECA |
|---|---|---|---|---|
| Strictly Necessary | No consent required legitimate interest / service delivery | No consent required strictly necessary exemption | Not a sale; no opt-out required | No specific requirement; implicit in service delivery |
| Functional | Consent (Article 6(1)(a)) OR legitimate interest (Article 6(1)(f)) | Consent required unless strictly necessary | Not a sale; opt-out of 'sharing' available on request | No explicit requirement; best practice to obtain consent |
| Analytics | Consent required (Article 6(1)(a)) even for anonymized analytics unless fully aggregate | Consent required | Not a sale; consent not required but opt-out available | No explicit requirement; best practice to obtain consent |
| Marketing | N/A Receptify does not use marketing cookies | N/A | N/A | N/A |
08.Browser & Device Controls
In addition to our Cookie Preference Centre, you can manage cookies directly through your browser or device settings. The steps vary by browser; the most common are listed below.
Google Chrome
- 1.Open Chrome menu (โฎ) โ Settings
- 2.Click 'Privacy and security' โ 'Cookies and other site data'
- 3.Choose 'Block third-party cookies' or 'Block all cookies'
- 4.Or: Add receptify.com to the 'Sites that can always use cookies' list
Mozilla Firefox
- 1.Open Firefox menu (โฐ) โ Settings โ Privacy & Security
- 2.Under 'Enhanced Tracking Protection', choose Standard, Strict, or Custom
- 3.Or: Go to 'Cookies and Site Data' โ 'Manage Data' to delete specific cookies
Safari (macOS/iOS)
- 1.Safari โ Preferences (macOS) or Settings โ Safari (iOS)
- 2.Go to 'Privacy' tab โ Enable 'Prevent cross-site tracking'
- 3.On iOS: Settings โ Safari โ 'Block All Cookies'
Microsoft Edge
- 1.Open Edge menu (โฏ) โ Settings โ Privacy, search, and services
- 2.Under 'Tracking prevention', choose Basic, Balanced, or Strict
- 3.Or: Go to 'Cookies and site permissions' โ 'Manage and delete cookies'
Opera
- 1.Open Opera menu โ Settings โ Privacy & security
- 2.Click 'Site Settings' โ 'Cookies and site data'
- 3.Toggle 'Block third-party cookies' or configure per-site
Brave
- 1.Click the Brave Shields icon (๐ฆ) in the address bar
- 2.Adjust 'Cross-site cookies blocked' to your preference
- 3.For global settings: Brave menu โ Settings โ Privacy and security
8.1 Mobile Devices
On mobile devices, cookie controls are managed through the browser app's settings (not the device's system settings). The steps for mobile Chrome, Firefox, Safari (iOS), and Samsung Internet follow similar patterns to their desktop counterparts navigate to the browser's Settings menu and look for Privacy or Site Data sections.
8.2 Clearing Existing Cookies
To delete all Receptify cookies from your device, use your browser's "Clear browsing data" function and select "Cookies and site data". You can typically specify a time range and target only receptify.com. Note that clearing cookies will log you out of the platform.
09.Do Not Track
"Do Not Track" (DNT) is a browser setting that sends a signal to websites requesting that they not track the user across sites. It is implemented via the HTTP DNT: 1 header.
Currently, there is no universally agreed-upon standard for how websites must respond to DNT signals, and the DNT proposal has been largely deprecated by browser vendors (Safari removed it; Firefox retains it). There is no legal obligation in Pakistan, the EEA, the UK, or the United States (except California's limited CCPA guidance) to honor DNT signals.
Receptify's approach to DNT:
- โบWe detect the DNT: 1 header on incoming requests
- โบWhen detected, we automatically apply the equivalent of 'analytics cookies declined' behavior analytics cookies are not set
- โบStrictly necessary and functional cookies are still set regardless of DNT, as these are required for service operation
- โบThis behavior exceeds the legal minimum in all jurisdictions where we operate
9.1 Global Privacy Control (GPC)
Global Privacy Control is a newer browser signal (supported by browsers including Brave, Firefox, and DuckDuckGo) that signals opt-out of the sale or sharing of personal data. Under the CPRA, California businesses are legally required to honor GPC signals.
Receptify honors GPC signals from California users. When a GPC signal is detected from a California IP address, we treat it as an opt-out of any sharing of personal data for cross-context behavioral advertising (though we do not currently engage in such sharing regardless).
10.Pakistan & Regional Law
Our home jurisdiction
10.1 Prevention of Electronic Crimes Act (PECA) 2016
Pakistan's primary legislation governing digital data and cybercrime is the Prevention of Electronic Crimes Act (PECA) 2016. PECA does not contain prescriptive cookie consent requirements analogous to the EU ePrivacy Directive. However, it does establish:
- โบProhibition on unauthorized access to information systems (Section 3) Receptify's cookie implementation respects user consent and does not facilitate unauthorized data collection
- โบProtection of data privacy (Section 14 cyber stalking provisions broadly interpreted) Receptify does not use cookies for surveillance or tracking of individuals without their knowledge
- โบData collection for lawful purposes all cookie data collected by Receptify is for legitimate service delivery or analytics purposes
- โบObligations on service providers to respond to lawful government requests Receptify maintains cookie/session logs that may be disclosed under court order as required by PECA Section 31
10.2 Personal Data Protection Bill (Pakistan)
Pakistan is in the process of enacting a comprehensive Personal Data Protection Bill (PDPB). As of May 2026, the bill has been through multiple drafts and committee reviews. Receptify is monitoring the legislative process and is committed to compliance once the PDPB is enacted. Key provisions expected in the PDPB that would affect our cookie practices include:
- โบExplicit consent requirements for processing of personal data our existing consent mechanisms are already aligned with these anticipated requirements
- โบData minimization principles we already apply these; cookies store only what is necessary
- โบRight to access and erasure our Cookie Preference Centre and Privacy Policy already provide these rights globally
- โบAppointment of a Data Protection Officer we already maintain DPO contact details
- โบCross-border transfer restrictions our sub-processor SCCs and DPAs are already in place
10.3 Telecommunications (Re-organization) Act 1996
As a company using telecommunications infrastructure (via Twilio for call handling), Receptify is aware of PTA (Pakistan Telecommunication Authority) regulations. Session cookies used for our Twilio-integrated call dashboard fall within standard web service operation and are not subject to telecommunications-specific cookie restrictions.
10.4 SBP Payment Regulations
The State Bank of Pakistan (SBP) issues regulations for payment service providers. Stripe's fraud-detection cookies (__stripe_mid, __stripe_sid) used on our billing pages are required for PCI DSS compliance and are consistent with SBP payment security guidelines.
11.International Compliance
Receptify's cookie practices are designed to meet or exceed the requirements of all major international privacy frameworks applicable to our user base.
| Jurisdiction | Framework | Key Requirement | Receptify Compliance |
|---|---|---|---|
| European Union | EU ePrivacy Directive (2002/58/EC) + GDPR | Prior consent for non-essential cookies; consent must be freely given, specific, informed, and unambiguous | Geo-targeted consent banner; no non-essential cookies set before consent; granular category toggles |
| United Kingdom | UK PECR + UK GDPR | Same as EU ePrivacy post-Brexit; ICO guidance followed | Same consent banner applies to UK users; 'Reject All' option prominently displayed |
| United States (California) | CCPA / CPRA | No consent gate required for analytics cookies; opt-out of 'sale' or 'sharing'; GPC signal honored | Opt-out mechanism in cookie centre; GPC honored; no sale of cookie data |
| Canada | PIPEDA / Quebec Law 25 | Meaningful consent for collection; Quebec Law 25 requires prior consent similar to GDPR | Consent banner shown to Canadian users; Quebec users treated equivalently to EEA users |
| Australia | Privacy Act 1988 (as amended) | Reasonable notice of data collection; consent not strictly required for analytics | Informational banner for Australian users; full cookie disclosure in this policy |
| UAE / Middle East | UAE PDPL; Saudi PDPL | Consent for personal data collection; data minimization | Consent mechanism applied; no cross-border transfer without safeguards |
| Pakistan | PECA 2016; anticipated PDPB | No prescriptive cookie law currently; PDPB expected | Transparency via this policy; PDPB-ready consent mechanisms in place |
13.Updates to This Policy
Receptify will update this Cookies Policy when we add, remove, or change cookies in a material way; when our sub-processors change their cookie practices; when applicable law changes (in particular as Pakistan's PDPB is enacted and EU ePrivacy Regulation progresses); or when we make changes to consent mechanisms.
- โบMaterial changes (new cookie categories, new third-party cookies, changes to consent approach): Email notice to account holders at least 14 days before the change; prominent banner in the dashboard; consent re-collected where required by law.
- โบMinor changes (adding or removing a single cookie within an existing category, updating expiration dates, clarifying descriptions): 'Last updated' date updated; no direct notification; cookie banner re-shown if consent version changes.
- โบEmergency changes (required by law, security incident response): Implemented immediately; notice provided as soon as practicable.
- โบPakistan PDPB enactment: When the PDPB becomes law, we will review and update this policy within 60 days to reflect any new requirements, and will email all account holders with a summary of changes.
All previous versions of this Cookies Policy are archived and available on request by emailing privacy@devzey.com. The current version is always accessible at receptify.com/cookies.
14.Contact & Data Protection Officer
For any questions, concerns, or requests relating to this Cookies Policy, cookies we set, or how to exercise your rights in connection with cookie data, please contact us:
๐ฎ
Postal Address
Receptify Inc., Pakistan [Address on file]
We aim to respond to all cookie-related inquiries within 5 business days and all formal data subject requests within 30 calendar days (extendable by 60 days for complex requests, with notice).