Cookie Policy — InESS Solutions

Contents

What Are Cookies
Our Approach to Cookies
Categories of Cookies We Use
Cookie Inventory
Consent by Plan Tier
Managing Your Cookie Preferences
Data Retention
Named Data Sub-Processors
Your Rights by Region
EU and UK Users — Additional Information
Users in China (PIPL)
Users in the United States (CCPA / State Laws)
Updates to This Policy
Contact Us

This Cookie Policy explains how InESS Solutions Pvt. Ltd. ("InESS Solutions", "we", "us", or "our") uses cookies and similar tracking technologies on the InESS Supply Chain Management Platform (including ProcurePilot, PPV, CBOM, and all associated modules and websites). It applies to all users globally across all subscription plans.

This Cookie Policy forms part of our Privacy Policy and Terms & Conditions. By using the Platform, you consent to our use of cookies as described in this policy. You may withdraw or adjust consent at any time using our Cookie Preferences centre.

1. What Are Cookies

Cookies are small text files placed on your device when you visit a website or use a web application. They allow the site to remember your actions and preferences over a period of time. Similar technologies include web beacons, pixels, local storage, and session storage — all of which we refer to collectively as 'cookies' in this policy.

2. Our Approach to Cookies

InESS Solutions is built with a minimal cookie footprint. Following a thorough compliance audit, we reduced our cookie inventory to the minimum necessary for the Platform to function securely. We use cookies only where they are essential for the platform to operate, or — with your explicit consent — to remember your preferences.

We do not use cookies for advertising, profiling, or cross-site tracking, and we do not sell any data collected via cookies to third parties.

3. Categories of Cookies We Use

Strictly Necessary

Required for the platform to function. These enable user authentication, session security, and payment processing. They do not require your consent and cannot be disabled.

Functional

These remember your preferences such as language settings. They are only loaded after you give explicit consent.

Analytics

Currently not active. Google Analytics (GA4) has been removed from the Platform. If re-introduced, analytics cookies will only load after your explicit consent, and this policy will be updated in advance.

Marketing

Not active. We do not use marketing or retargeting cookies. If this changes in the future, this policy will be updated and your explicit consent will be requested before any marketing cookies are activated.

4. Cookie Inventory

The table below lists every cookie currently active on the InESS Platform. This reflects the live state of the platform as of Version 1.0 of this policy.

4.1 Strictly Necessary Cookies — Always Active

These cookies are required for the platform to work. No consent is required.

Cookie Name	Set By	Purpose	Duration	Consent Needed
`csrftoken`	InESS Platform	Cross-Site Request Forgery protection — secures all form submissions on the platform.	Session (deleted when browser closes)	No — security required
`saas_sessionid`	InESS Platform	Authenticates your login session and maintains access to your account and plan features.	Until logout or expiry	No — required to use platform

4.2 Payment Page Cookies — Strictly Necessary

The following cookies are set by Stripe only on pages where payment processing occurs (checkout, billing, plan upgrade). They do not appear on any other pages.

Cookie Name	Set By	Purpose	Duration	Consent Needed
`__stripe_mid`	Stripe, Inc.	Payment fraud prevention and secure transaction verification.	1 year	No — payment security
`__stripe_sid`	Stripe, Inc.	Stripe payment session management.	Session	No — payment processing

4.3 Functional Cookies — Consent Required

These cookies are only loaded after you accept Functional cookies in the consent banner.

Cookie Name	Set By	Purpose	Duration	Consent Needed
`googtrans` (×2)	Google Translate	Remembers your selected language or translation preference (e.g. /en/en). Appears on both the main domain and subdomain. Contains only your language preference — no personal data.	Session (deleted when browser closes)	Yes — Functional consent

If you decline Functional cookies, use your browser's built-in translation instead. Chrome, Edge, and Safari all support automatic page translation natively without any cookies.

4.4 Analytics Cookies — Currently Not Active

Google Analytics (GA4) has been removed from the Platform. If re-introduced, this table will be updated before reactivation and your explicit consent will be requested via the cookie banner.

4.5 Marketing Cookies — Not Active

No marketing or retargeting cookies are used. If this changes in the future, this policy will be updated and your explicit prior consent will be required.

5. Consent by Plan Tier

Consent is collected at two surfaces: the public marketing site via a cookie banner, and the application signup form via consent checkboxes.

Plan	Type	Consent Mechanism	DPA Required	Key Consideration
Demo / Trial	7-day free	Signup checkbox + disclosure	Rarely	Data retained 30 days post-expiry; no assumed marketing consent
Basic	Paid self-serve	Cookie banner + signup checkbox	Rarely	Banner must be globally compliant
Standard	Paid	Cookie banner + signup checkbox	Occasionally	EU/US buyers may request DPA before upgrade
Premium	Paid	Cookie banner + signup checkbox	Sometimes	Higher value deals attract more scrutiny
Enterprise	Contact Sales	Banner + documented consent records	Almost always	DPA is deal-critical; consent logs required

Trial / Demo Plan — Specific Rules

Trial signup requires an unchecked consent checkbox for the Privacy Policy and Cookie Policy before proceeding.
A separate, optional unchecked checkbox covers marketing communications. These are never bundled with Terms acceptance.
Trial data is retained for 30 days after trial expiry unless the user converts to a paid plan or requests earlier deletion.
Users may request deletion of their trial data at any time by emailing servicedesk@inessconsulting.com.

6. Managing Your Cookie Preferences

Cookie Preferences Centre

A 'Cookie preferences' link is available in the footer of every page. Clicking this reopens the consent panel where you can change your choices at any time. Withdrawal of consent will take effect immediately for new cookie loads.

Browser Settings

Most browsers allow you to block or delete cookies. Note that disabling Strictly Necessary cookies will prevent login and access to platform features.

Google Translate

If you decline Functional cookies, the Google Translate widget will not load. Your browser's built-in translation works as a full alternative without any cookies.

7. Data Retention

Session cookies (csrftoken, saas_sessionid, googtrans) are deleted automatically when you close your browser.
Stripe cookies: __stripe_mid expires after 1 year; __stripe_sid is session-only.
Trial user data is retained for 30 days post-expiry unless a paid plan is activated or deletion is requested.
If you request account deletion, all non-aggregated personal data is deleted within 30 days.
Aggregated anonymised data may be retained indefinitely as it cannot identify individuals.

8. Named Data Sub-Processors

The following third-party services process personal data on our behalf in connection with cookie or tracking activity. Data Processing Agreements or equivalent arrangements are in place with each.

Sub-Processor	Service	Data Processed	Location	Privacy Policy
Stripe, Inc.	Payment processing	Payment session data, fraud prevention signals	US / EU	stripe.com/privacy
Google LLC	Translate widget	Language preference only (non-personal: e.g. /en/en)	US	policies.google.com/privacy

9. Your Rights by Region

Depending on your location, you may have specific rights regarding your personal data collected via cookies or our platform.

Region	Law	Consent Model	Banner Required	Key User Rights	Risk Level
India	DPDP Act 2023	Opt-in	Not yet mandated	Access, correct, erase	Medium
UAE / KSA / Qatar	National PDPL	Consent-based	No specific format	Access, correct, delete	Medium
Singapore	PDPA 2012	Consent / Legit. Interest	No specific format	Access, correct	Low–Medium
Malaysia	PDPA 2010	Consent-based	No specific format	Access, correct	Low
EU	GDPR + ePrivacy	Opt-in only	Yes — strictly	Access, delete, port, restrict, automated decisions	High
UK	UK GDPR + PECR	Opt-in only	Yes — strictly	Same as EU	High
US (California)	CCPA / CPRA	Opt-out (CA)	Partial	Opt-out of sale, delete, non-discrimination	Medium–High
Canada	PIPEDA + Law 25	Opt-in (Quebec)	Quebec: Yes	Access, correct	Medium
Australia	Privacy Act 1988	Disclosure-based	No	Access, correct	Low–Medium
China	PIPL 2021	Explicit consent	Yes	Access, correct, delete, port	High
Taiwan	PDPA 2010	Consent-based	No specific format	Access, correct, delete	Medium

To exercise any of these rights, email servicedesk@inessconsulting.com. We respond within 30 days. EU and UK users may also lodge a complaint with their local supervisory authority.

10. EU and UK Users — Additional Information

Legal Basis for Processing

Strictly Necessary cookies: Legitimate interest / contractual necessity — no consent required.
Functional cookies (googtrans): Your explicit consent, withdrawable at any time.
Analytics and Marketing: Not currently active. Will require explicit opt-in consent if introduced.

EU Representative

As InESS Solutions is incorporated in India, we have appointed an EU Representative for GDPR purposes as required by GDPR Article 27. Contact: [INSERT EU REPRESENTATIVE NAME, ADDRESS AND EMAIL].

Data Processing Agreements

Enterprise customers in the EU and UK may request a DPA as a standard contract annex. Contact servicedesk@inessconsulting.com.

11. Users in China (PIPL)

We collect only the minimum personal data necessary for the service.
Cross-border data transfer from China is conducted under applicable PIPL legal mechanisms.
You have the right to access, correct, delete, and transfer your personal data.
For PIPL-specific queries, email servicedesk@inessconsulting.com with subject line 'PIPL Request'.

12. Users in the United States (CCPA / State Laws)

California residents have the following rights under CCPA/CPRA: the right to know what data we collect, the right to delete it, the right to opt out of its sale, and the right to non-discrimination for exercising these rights.

InESS Solutions does not sell personal data.

To submit a CCPA request, email servicedesk@inessconsulting.com with subject line 'CCPA Request'. Residents of Virginia, Colorado, Texas, and other US states with privacy laws have similar rights which we honour regardless of state.

13. Updates to This Policy

We update this policy when our technology stack, product features, or applicable laws change. For material changes we will notify you via:

An in-app notification on next login
An email to your registered address
A banner on our marketing site for 30 days post-update

The Effective Date at the top of this document reflects the current version date. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

14. Contact Us

Company	InESS Solutions Pvt. Ltd.
Registered Office	174, 1st Floor, 19th Main Rd, Sector 4, HSR Layout, Bengaluru, Karnataka 560102, India
General Contact	servicedesk@inessconsulting.com
Subject Line	Privacy Request — [Your Name / Company]

We aim to respond to all privacy requests within 30 days. For EU/UK GDPR matters, we aim to acknowledge within 72 hours.