Cookie and Tracking Notice — Veloxis
Effective date: [to be set on first publication] Last revised: 2026-05-24 Data Fiduciary: VKG & Associates, Chartered Accountants Contact: krishna@vkg.co.in
This notice describes the cookies and similar local-storage technologies that the Veloxis Platform uses. It is read together with the Privacy Policy and is issued under §5 of the Digital Personal Data Protection Act, 2023.
The Platform's posture is minimum-necessary — only cookies essential to the authenticated user session are set by default. No analytics, advertising, or third-party tracking cookie is placed without express user consent. The Firm does not sell or share cookie-derived data.
1. Cookies set by Veloxis
| Cookie | Purpose | Type | Duration | Set by |
|---|---|---|---|---|
next-auth.session-token |
Authenticated user session | Strictly necessary | 7 days | Veloxis (server) |
next-auth.csrf-token |
Cross-site-request-forgery protection on form submits | Strictly necessary | Session | Veloxis (server) |
next-auth.callback-url |
Holds the URL the user was attempting to access before login | Strictly necessary | Session | Veloxis (server) |
These cookies are required for the user to be able to use the Platform at all (they hold the authenticated session token and the CSRF token). The Firm relies on DPDP §7(a) (where the data principal has voluntarily provided personal data and has not indicated they do not consent) for processing these cookies, read with the §5 notice provided by this document. The user is informed of their presence through this notice at the point of first login.
2. Local-storage and session-storage entries
The Veloxis web application uses the browser's localStorage and sessionStorage for client-side state. These are not transmitted to the server with each request, are scoped to the veloxis.vkg.co.in origin, and are deleted when the user clears browser data.
| Key | Purpose | Lifetime |
|---|---|---|
veloxis-hmr-invalidate-* |
Hot-reload coordination in development; no production data | Session |
veloxis-ledger-master-* |
Cached Ledger Master Excel content for the current engagement (per feedback_smart_check_design retains stable tokens) |
Until cleared |
veloxis-fs-grouping-* |
Cached FS Grouping classifications for the current engagement | Until cleared |
veloxis-tb-snapshot-* |
Cached Trial Balance for offline use within the same session | Session |
These are not cookies; they are client-side storage used to make the user interface responsive. They contain audit working data accessible to the logged-in user only. They are wiped when the user logs out.
3. Cookies not set
The Platform does not set:
- Google Analytics, Facebook Pixel, or any other web-analytics or advertising cookie.
- Third-party social-plugin cookies (LinkedIn, Twitter, Facebook share buttons).
- Cross-site session-tracking cookies.
If the Firm decides in future to enable any of the above, this notice will be revised before the cookie is set and the user will be asked to consent through a cookie-banner UI.
4. Cookies from third-party content
The Veloxis web application is served from the Firm's own domain (veloxis.vkg.co.in); no third-party origin sets cookies in the user's browser during normal use of the Platform. Documents stored in Cloudflare R2 are fetched server-side by the Firm and delivered to the user from the Firm's origin; R2 does not set cookies in the user's browser.
The Firm does not embed third-party content (e.g., YouTube videos, social-network embeds) inside the Platform.
5. How to control cookies
- Strictly necessary cookies cannot be disabled without breaking authentication. The user can clear them via the browser's site-data controls and log in again.
- Other cookies / local storage can be cleared at any time via the browser's site-data controls.
- The user may use Incognito / Private browsing if they wish to ensure no cookie persists beyond the session.
The Firm respects the browser's "Do Not Track" header but does not currently emit any tracking that would honour it differently than the default.
6. Updates
The Firm will revise this notice whenever a new cookie is added. Material revisions are communicated to authenticated users via in-app notice. The revision date is recorded at the top of this document.
7. Grievance
Questions about cookies on Veloxis may be raised with the Grievance Officer at krishna@vkg.co.in.