MTOS v1.0.1 · Legal
Cookie Policy
Approved Manish Tiffins cookie, session, security, and PWA storage policy.
Effective date: 2026-07-06 · Last updated: 2026-07-06
1. Authentication Cookies
- refreshToken — staff session (HttpOnly, Secure, SameSite=Strict)
- customerRefreshToken — customer portal session (HttpOnly, Secure)
- Delivery staff tokens — separate secure session cookies
- Purpose: maintain authenticated sessions; essential for platform operation
2. Session Cookies
- Session identifiers tied to login state
- Duration: access token ~15 minutes; refresh token up to 7 days
- Cleared on logout or expiry
3. Security Cookies
- CSRF and session integrity tokens where applicable
- Rate-limit and abuse-prevention identifiers
- Purpose: protect accounts and prevent unauthorised access
4. Local Storage
- Customer access token — in-memory/session storage for API calls
- UI preferences — display settings where enabled
- Not shared with third parties
5. PWA Offline Storage
- Service worker cache (manish-tiffins-apps-v3) — offline shell and static assets
- Cached routes: portal, delivery, and kitchen login pages
- Clear via browser "Clear site data" or app uninstall
6. Data Sale
MTOS does not sell customer data.