VAI
Ask VAI
Sign InRequest Access

Ask VAI

Cookie Policy

Disclosure of cookies and similar technologies, with consent obtained per the Digital Personal Data Protection Act, 2023.

Effective date: [DD Month YYYY]Last updated: [DD Month YYYY]

Draft — not published. All highlighted placeholders must be replaced before publication. Set NEXT_PUBLIC_LEGAL_PUBLISHED=true only after all placeholders are filled and an Indian advocate has reviewed the documents. The build will fail if any placeholder still contains brackets when that flag is set.

3.1 Overview

Cookies are small files stored on a browser or device. Similar technologies include local storage, session storage, pixels, tags, and device identifiers. This Cookie Policy explains how Ask VAI, an internal organizational tool operated by Versoaltima India Pvt. Ltd., uses these technologies on our website and application.

3.2 Lawful basis

Strictly-necessary cookies are deployed on the basis of legitimate use under Section 7 of the Digital Personal Data Protection Act, 2023, as they are necessary for performance of the Service requested by the user. All other cookies (preference, analytics, performance, marketing) are deployed only after the user provides explicit, granular, withdrawable consent under Section 6 of the DPDP Act through the cookie banner. Consent is recorded with timestamp and may be withdrawn at any time at the same ease with which it was given.

3.3 Categories of cookies and similar technologies

(a) Strictly-necessary cookies (no consent required)

Required for the platform to function. They support login, session management, authentication, security, load balancing, CSRF protection, and tenant routing. These cookies cannot be disabled through our cookie banner because the Service may not function without them.

  • Session cookie — maintains the active user session
  • Authentication token cookie — verifies the logged-in user on each request
  • CSRF token cookie — prevents cross-site request forgery attacks
  • Organization routing cookie — enforces tenant isolation
  • Cookie-consent cookie — records the user's consent choice

(b) Preference cookies (consent required)

Remember user settings such as dashboard layout, saved filters, locale, timezone, or theme.

(c) Analytics and performance cookies (consent required)

Help us understand how the website and application are used, identify slow pages, and detect errors. Used only with explicit consent. Where analytics is enabled, only first-party, privacy-respecting measurement is used; no third-party advertising analytics are deployed.

(d) Marketing and advertising cookies

Not used. As Ask VAI is an internal organizational tool and not a commercial product, we do not deploy marketing or advertising cookies. If this ever changes, it will be disclosed here, deployed only after fresh consent, and listed by name and purpose.

3.4 Cookie inventory and retention

Default retention for the cookies and similar technologies we use:

  • Session cookies: deleted at browser close or logout
  • Authentication cookies: 15 minutes (sliding session) up to 7 days when "keep me signed in" is enabled
  • Preference cookies: 12 months
  • Analytics cookies: 14 months
  • Cookie-consent cookie: 12 months unless withdrawn earlier

3.5 Managing and withdrawing consent

Users may manage cookies through:

  • our cookie banner — accept all, accept essential only, or customize per category
  • the Cookie Settings link in the website footer (re-opens the banner)
  • browser settings — most browsers allow blocking or deleting cookies
  • device-level controls

Disabling strictly-necessary cookies will prevent login and use of the Service. Withdrawing consent is recorded; consent can be re-granted later. Withdrawal does not affect lawfulness of processing carried out before withdrawal.

3.6 Third-party cookies and recipients

Some cookies may be set by service providers that support analytics, monitoring, or security. Each provider processes data per its own privacy policy and our data-processing agreement, which prohibits use beyond agreed purposes and prohibits use of cookie data for training AI models. The current list of service providers is available on the Sub-processor List.

3.7 Children's data

The Service is not directed at Children (defined as a person under 18 under the DPDP Act). We do not knowingly collect cookie data from Children. If we discover such data, we will delete it.

3.8 Cross-border transfer

Cookie data processed by third-party analytics providers may be transferred to and processed in jurisdictions outside India. We use only providers whose contractual safeguards meet Indian standards and whose host country is not restricted by the Central Government under Section 16 of the DPDP Act.

3.9 Changes to this Cookie Policy

We may update this Cookie Policy from time to time. Material changes will be notified through the website, application, or cookie banner, and where required fresh consent will be obtained.

3.10 Grievances and contact

For cookie questions or to exercise rights under the DPDP Act, first contact support@askvai.in. If there is no response within 15 days, escalate to the Grievance Officer at grievance@askvai.in. See also the Grievance Redressal Policy.