Cookie Policy
This Cookie Policy explains what cookies and browser storage FindOzi uses, why we use them, and how you can control them. Read this alongside our Privacy Policy. FindOzi keeps first-party cookie use minimal. We do not use advertising cookies or tracking pixels.
What are cookies
Cookies are small text files a website can place on your device. They are often used to keep you signed in, remember preferences, or understand how a site is used. Local storage and session storage are related browser features that can hold small amounts of data; our app uses local storage for session data as described below. HttpOnly cookies, if any are set by our API host for session continuity, are not readable by our front-end JavaScript in the same way and are part of the standard security model.
What we use
FindOzi uses the following browser storage mechanisms:
- Session cookie (fozi_token). When you sign in, our server sets an HttpOnly session cookie named
fozi_token. This contains a signed JWT (JSON Web Token) that keeps you logged in. It is marked HttpOnly (not accessible to JavaScript) and Secure (only sent over HTTPS). It expires after 7 days by default, or 30 days if you choose "Remember me." Signing out clears this cookie. - Local storage — session flag (fozi_session). We store a simple session flag and a cached copy of your basic profile (name, plan, avatar) in localStorage so the UI can show your account state without an extra network request. This is cleared on sign-out.
- Local storage — preferences and progress. We store your recent searches, tutorial and course progress, dashboard language preference, and notification settings in localStorage so your experience is consistent across page loads. None of this data is shared with third parties.
- Session storage — LearnLab cache. LearnLab content is temporarily cached in sessionStorage with a 5-minute expiry to reduce network requests. This is cleared automatically when you close the browser tab.
- Google Sign-In. If you use Google to sign in, Google's OAuth flow may set cookies on Google's own domains. We do not control or read those cookies. See Google's Privacy Policy for details.
- Razorpay (payments). When you complete a Premium payment, Razorpay's hosted checkout may set cookies in Razorpay's domain for fraud prevention and payment processing. We do not read those cookies from our pages.
Why we use them
We use storage and any cookies to: keep your session secure and convenient; apply your display preferences; process payments when you use Razorpay’s flow; and meet operational and security needs (fraud reduction, sign-out, password rotation) consistent with the session model in the server code. We do not use cookies to sell a third-party ad profile in the current product configuration described in the repository.
How to control cookies
You can use your browser’s settings to block or delete cookies and site data. Blocking all cookies or local storage for our site may break sign-in or preferences. You can also use private browsing to avoid persistent storage for a session, at the cost of convenience. The “Sign out” action in the app is designed to clear client-held tokens where implemented. For Google or Razorpay, use their own consent and help pages when you are on their UIs.
Third-party cookies
Third parties with their own cookies or storage in this product flow include Google (OAuth) and Razorpay (payments), as outlined above. Their policies control how they use that data. We recommend reviewing their documentation when you use those features. If you embed or load other scripts in a custom deployment, list them in this section when you go live.
Contact
Questions about this Cookie Policy: [email protected]. We respond within 24 hours.