This Cookie Policy explains how DD Auth uses cookies and similar technologies when you visit our websites and use our services, including auth.duodev.in (DD Auth Web Application) and accounts.duodev.in (DD Accounts). This policy should be read alongside our Privacy Policy.

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

Types of Cookies:
• Session Cookies - Temporary cookies that expire when you close your browser
• Persistent Cookies - Cookies that remain on your device for a set period
• First-Party Cookies - Set by the website you are visiting
• Third-Party Cookies - Set by other domains (we minimize use of these)

These cookies are necessary for the website to function and cannot be disabled:
• laravel_session: Session management and CSRF protection (Session duration)
• XSRF-TOKEN: Cross-site request forgery protection (Session duration)
• sso_tokens: OAuth2 authentication tokens (2 hours)
• remember_web_*: "Remember me" functionality (30 days)
• dark_mode: User's dark/light mode preference (1 year)

These cookies manage your authentication state:
• sso_access_token: OAuth2 access token (Token expiry)
• sso_refresh_token: Token refresh capability (30 days)
• sso_state: OAuth2 state parameter for security (Session)
• pkce_verifier: PKCE code verifier for secure auth (Session)

These cookies remember your settings and preferences:
• locale: Language preference (1 year)
• timezone: User's timezone (1 year)
• vault_view: Vault display preference - list/grid (1 year)
• sidebar_collapsed: Sidebar state preference (1 year)

These cookies help maintain security:
• device_fingerprint: Device identification for security (90 days)
• trusted_device: Remember trusted devices (30 days)
• last_activity: Session timeout management (Session)

Local Storage:
• theme: Theme preference ("light" or "dark")
• vault_cache_key: Cache validation (Timestamp)
• vault_sort_preference: Sorting preference (Sort field and direction)
• recent_searches: Search history (Last 10 searches)

Session Storage:
• oauth_state: OAuth2 state for security (Random string)
• redirect_after_login: Post-login redirect (URL path)
• form_draft: Unsaved form data (Form field values)

IndexedDB (for offline functionality):
• vault_items: Cached vault items for offline access (encrypted)
• sync_queue: Pending synchronization operations

The DD Auth mobile application uses platform-specific secure storage:

Android:
• Android Keystore for encryption keys
• Encrypted Shared Preferences for settings
• SQLite database (encrypted) for vault data

iOS:
• iOS Keychain for sensitive data
• UserDefaults for preferences
• SQLite database (encrypted) for vault data

Important: The mobile app does not use traditional cookies. All sensitive data is stored securely using platform security features.

Browser Settings:
You can control cookies through your browser settings in Chrome (Settings → Privacy and security → Cookies), Firefox (Settings → Privacy & Security → Cookies), Safari (Preferences → Privacy → Cookies), and Edge (Settings → Cookies and site permissions).

Consequences of Blocking Cookies:
If you block all cookies:
• Essential functionality may break - Authentication may not work
• Preferences won't be saved - You'll need to reconfigure settings
• Security features may be affected - CSRF protection relies on cookies

If you block only non-essential cookies, core functionality will work normally with some personalization features limited.

Our services respect the "Do Not Track" (DNT) browser signal:
• We do not track users across third-party websites
• We do not use tracking cookies for advertising
• DNT signals do not affect essential cookies

How We Obtain Consent:
When you first visit our website, you will see a cookie consent banner that allows you to accept all cookies, reject non-essential cookies, or customize cookie preferences.

Withdrawing Consent:
You can withdraw or modify your consent at any time by clicking "Cookie Settings" in the website footer, clearing cookies in your browser, or contacting us at privacy@duodev.in.