This Cookie Policy explains how TrueFio ("we," "us," or "our"), operated by the entity behind TrueFio, a profit analytics platform for Indian D2C brands, uses cookies and similar client-side storage technologies when you access or use our website at truefio.com and the TrueFio application (collectively, the "Platform"). This policy should be read alongside our Privacy Policy and Terms of Service.
We believe in full transparency about data collection. TrueFio is designed to be a privacy-respecting platform. We do not use third-party advertising trackers, marketing pixels, or behavioural analytics cookies. Every piece of data we store on your device serves a direct, functional purpose that enables the Platform to work correctly and securely.
1. What Are Cookies and Similar Technologies
Cookies are small text files that a website places on your device (computer, smartphone, or tablet) when you visit it. They are widely used to make websites function properly, to remember your preferences, and to provide information to the website operator. Cookies set by the website you are visiting are called "first-party cookies." Cookies set by parties other than the website you are visiting are called "third-party cookies."
In addition to traditional HTTP cookies, modern web applications use other client-side storage mechanisms such as localStorage and sessionStorage, which are part of the Web Storage API provided by your browser. These mechanisms serve similar purposes to cookies but have different technical characteristics. localStorage data persists until explicitly deleted, while sessionStorage data is cleared when the browser tab is closed. Unlike HTTP cookies, Web Storage data is not automatically sent to the server with every request, which can improve performance and security.
Throughout this Cookie Policy, when we refer to "cookies," we include both traditional HTTP cookies and these Web Storage mechanisms, unless we specifically distinguish between them.
2. Cookies and Storage We Use
Below is a comprehensive and exhaustive list of all cookies and client-side storage items that TrueFio sets on your device. We have documented every single item. There are no hidden trackers, no undisclosed analytics cookies, and no marketing pixels.
| Name | Type | Duration | Purpose |
|---|---|---|---|
| truefio_refresh | HTTP Cookie httpOnly, Secure, SameSite=Strict | 7 days | Authentication refresh token. Used to securely issue new access tokens without requiring you to log in again. This cookie is httpOnly (cannot be accessed by JavaScript), Secure (only sent over HTTPS), and SameSite=Strict (never sent on cross-site requests), providing maximum protection against XSS and CSRF attacks. |
| truefio_theme | localStorage | Persistent | Stores your dark mode or light mode preference so the Platform can render the correct theme immediately on load, preventing a "flash" of the wrong theme. Contains only the string value "dark" or "light." |
| truefio_token | localStorage | Session | Short-lived access token (JWT) used to authenticate API requests from the browser to TrueFio servers. This token is currently stored in localStorage and is being actively migrated to memory-only storage for enhanced security. Once the migration is complete, this item will no longer persist in localStorage and will exist only in application memory during your active session. |
| active_client_org | localStorage | Session | Relevant only for agency accounts. Stores the identifier of the currently selected client organisation so the Platform can display the correct client's data when an agency user switches between their managed brands. Contains only an internal organisation identifier. |
| active_client_name | localStorage | Session | Relevant only for agency accounts. Stores the display name of the currently selected client organisation for UI rendering purposes. This avoids an additional API call when displaying the client name in the navigation bar and other interface elements. |
| truefio_onboarding_dismissed | localStorage | Persistent | Records whether you have dismissed the onboarding checklist that appears for new users. This prevents the checklist from reappearing after you have closed it. Contains only a boolean value. |
3. Essential vs. Non-Essential Cookies
Under applicable data protection laws, cookies are generally categorised as either "essential" (also called "strictly necessary") or "non-essential" (which includes analytics, functional preference, and marketing/advertising cookies).
All cookies and storage items used by TrueFio are essential. Every item listed above is strictly necessary for the operation of the Platform. The authentication cookies are required for you to log in and maintain your session securely. The theme preference prevents visual disruption. The agency client context cookies are required for multi-brand management functionality. The onboarding state prevents repetitive UI interruptions.
We do not use any non-essential cookies whatsoever. Specifically, TrueFio does not deploy:
- Marketing or advertising cookies — we do not track you for ad targeting or retargeting purposes
- Analytics cookies — we do not use Google Analytics, Mixpanel, Amplitude, Hotjar, or any similar service
- Social media cookies — we do not embed Facebook Like buttons, Twitter widgets, or similar social tracking tools
- Behavioural profiling cookies — we do not build profiles of your browsing behaviour across websites
Because all our cookies are strictly necessary for the functioning of the Platform, they do not require your consent under most data protection frameworks, including the EU ePrivacy Directive, the UK PECR, and India's Digital Personal Data Protection Act, 2023 (DPDPA). We still disclose them here for full transparency.
4. Third-Party Cookies
While TrueFio itself does not set any third-party cookies, certain third-party services that we integrate with may set their own cookies when you interact with them through our Platform. We want to be transparent about these:
Razorpay (Payment Processing)
When you make a payment on TrueFio (subscription purchase, plan upgrade, etc.), the Razorpay payment gateway may set its own cookies to process the transaction securely, prevent fraud, and comply with payment regulations. These cookies are set by Razorpay, not by TrueFio, and are governed by Razorpay's Privacy Policy. Razorpay cookies are essential for payment processing and are only active during the payment flow.
Google OAuth (Authentication)
If you choose to sign in using "Sign in with Google," Google may set cookies during the OAuth authentication flow to verify your identity and manage the authorisation process. These cookies are set by Google, not by TrueFio, and are governed by Google's Privacy Policy. These cookies are only active during the sign-in flow and are essential for the OAuth process to function.
We have no control over third-party cookies, and we encourage you to review the respective privacy policies of these services for more information about how they use cookies.
5. How to Control Cookies
You have the right to control and manage cookies on your device. Most web browsers allow you to manage cookies through their settings. Here is how you can control cookies in common browsers:
- Google Chrome: Settings → Privacy and Security → Cookies and other site data
- Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
- Apple Safari: Preferences → Privacy → Manage Website Data
- Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies
To clear localStorage and sessionStorage items, you can use your browser's developer tools (typically accessible via F12 or right-click → Inspect → Application tab → Storage section). From there, you can view and delete individual storage items or clear all storage for the truefio.com domain.
Important: Because all of our cookies and storage items are essential for the Platform to function, blocking or deleting them may prevent you from logging in, maintaining your session, or using certain features of TrueFio. If you delete the truefio_refresh cookie, you will be logged out and will need to sign in again. If you delete the active_client_org item, agency users will need to re-select their active client brand.
6. No Third-Party Trackers
We want to be explicit about what we do not use. TrueFio does not employ any of the following third-party tracking technologies on our Platform:
- Google Analytics (GA4 or Universal Analytics)
- Google Tag Manager
- Facebook Pixel / Meta Pixel
- Facebook Conversions API (for our own marketing)
- TikTok Pixel
- Snapchat Pixel
- Hotjar, FullStory, or similar session recording tools
- Mixpanel, Amplitude, Heap, or similar product analytics tools
- Intercom, Drift, or similar tools that set tracking cookies
- Any ad network retargeting pixels
- Any cross-site tracking beacons or web bugs
This is a deliberate design decision. TrueFio is a platform that helps D2C brands understand the true impact of advertising pixels and trackers on their business. It would be inconsistent with our mission to subject our own users to unnecessary tracking. We measure our product's performance through direct user feedback, support conversations, and server-side metrics that do not involve any client-side tracking.
If we ever decide to add any non-essential tracking in the future, we will update this Cookie Policy in advance, notify you, and implement a proper consent mechanism before activating any such technology.
7. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our technology, legal requirements, or business practices. When we make material changes, we will update the "Last updated" date at the top of this page. If we introduce any non-essential cookies or tracking technologies, we will notify you through the Platform before they are activated and provide you with the ability to opt in or opt out as required by applicable law.
We encourage you to review this Cookie Policy periodically to stay informed about how we use cookies and similar technologies.
8. Contact Us
If you have any questions about this Cookie Policy, our use of cookies, or how we handle data stored on your device, please contact us:
We will respond to your inquiry within 30 days.