Cookie Policy

This Cookie Policy explains how Naysa Infotech India Pvt. Ltd. (“Naysa”, “we”, “us”) uses cookies and similar technologies on our websites, dashboards, and enterprise SaaS applications. Cookies help deliver secure sessions, enable essential features, and (with your consent) support analytics to improve performance and user experience.

Our platforms serve regulated and compliance-sensitive industries (Travel, Insurance, FFMC/Forex, FinTech & Payments). We design cookie usage to remain consistent with audit expectations and to avoid storing regulated transaction data in client-side cookies.

• Corporate website(s) and marketing pages operated by Naysa.
• Product dashboards and admin panels for enterprise SaaS modules.
• White-label deployments, partner portals, or customer subdomains (where contractually applicable).
• Mobile-web experiences and embedded widgets (where cookies are used).

If you access a white-label instance operated by an enterprise client, additional cookie notices may apply as deployed by that client.

We design our cookie practices to align with India’s Digital Personal Data Protection Act, 2023 (DPDP Act), including:

• Purpose limitation: cookies are used for defined security, functionality, and (optional) analytics purposes.
• Consent: optional cookies are enabled based on your preferences, which you can change anytime.
• Withdrawal: you can withdraw consent for optional cookies via Cookie Preferences.
• Grievance: you may contact us for queries or redressal using details in the Contact section.

Cookies are small text files stored on your device by a website or application. We may also use similar technologies such as local storage, session storage, pixels, and SDK identifiers (where applicable) to support secure sessions and measure performance.

Strictly necessary cookies are required to operate our websites and SaaS applications securely. These may include authentication cookies, session identifiers, CSRF protection tokens, and load-balancing cookies. Disabling them may affect the availability and security of services.

With your consent, we may use analytics cookies to understand feature adoption, detect performance bottlenecks, and improve usability. We do not use analytics cookies to store regulated transaction data (e.g., forex transaction values, KYC documents, payment instrument details).

Functional cookies help remember your preferences and settings, such as language selection, UI layout, and accessibility preferences. If you disable functional cookies, some personalization features may be limited.

Where applicable, we may use additional cookies to support security and anti-fraud measures, such as detecting automated traffic, rate-limiting abuse, and identifying suspicious session behaviors. These mechanisms complement server-side audit logs and access controls.

• API keys are not stored in browser cookies.
• Authentication tokens (e.g., OAuth) are managed using secure, server-side controls based on implementation.
• Webhook validation and integration events are logged server-side for traceability.
• Machine-to-machine authentication is logically independent of browser cookie settings.

In some cases, third parties may set cookies when you interact with embedded services or integrations, depending on your enterprise configuration (e.g., payment gateway hosted pages, external identity/KYC flows, embedded analytics tools). Such cookies are governed by the third party’s policies.

Naysa operates a multi-tenant SaaS platform and may provide white-label deployments. Enterprise clients may enable their own third-party scripts (e.g., analytics, marketing tags) in customer-controlled environments. Where contractually applicable, enterprise clients are responsible for ensuring appropriate cookie notices and consents for their end users, including on subdomains and embedded widgets they manage.

• Optional cookies are enabled based on your selections (Manage preferences).
• Preferences are stored locally and can be changed at any time.
• Re-consent may be requested when material changes occur (e.g., new categories or significant vendor changes).
• Where applicable, enterprises may maintain consent logs for compliance and audit readiness.

Retention periods may vary based on enterprise configuration, deployment model, and applicable contractual requirements.

We prefer India-first hosting options. However, in some cases, service providers (e.g., analytics or infrastructure vendors) may process limited data outside India depending on enterprise settings. Where cross-border transfers occur, we apply vendor due diligence and contractual safeguards aligned to applicable requirements.

• India-first hosting options are available based on enterprise requirements.
• Backups and disaster recovery workflows support operational resilience.
• Audit and governance packs may be exportable for compliance reporting.

Some browsers offer a “Do Not Track” (DNT) setting. Industry standards for DNT are evolving, and we primarily rely on our cookie preference controls to manage optional cookie usage. You may disable optional cookies using the preferences tool at any time.

If we detect potential misuse of session identifiers or suspicious cookie-related behavior, we may take protective actions such as invalidating sessions, enforcing re-authentication, or applying additional verification steps. These measures are designed to complement server-side controls, audit logs, and access governance.

• This policy may be reviewed periodically as part of our governance and risk processes.
• Material changes may require re-consent for optional cookies.
• Version control is maintained for audit and enterprise procurement needs.

We provide this policy in a structured format for easy review. You can print or download a PDF copy using the “Download PDF” button. For clarifications, contact us using the details below.