MTOS v1.0.1 · Legal

Cookie Policy

Approved Manish Tiffins cookie, session, security, and PWA storage policy.

Effective date: 2026-07-06 · Last updated: 2026-07-06

1. Authentication Cookies

  • refreshToken — staff session (HttpOnly, Secure, SameSite=Strict)
  • customerRefreshToken — customer portal session (HttpOnly, Secure)
  • Delivery staff tokens — separate secure session cookies
  • Purpose: maintain authenticated sessions; essential for platform operation

2. Session Cookies

  • Session identifiers tied to login state
  • Duration: access token ~15 minutes; refresh token up to 7 days
  • Cleared on logout or expiry

3. Security Cookies

  • CSRF and session integrity tokens where applicable
  • Rate-limit and abuse-prevention identifiers
  • Purpose: protect accounts and prevent unauthorised access

4. Local Storage

  • Customer access token — in-memory/session storage for API calls
  • UI preferences — display settings where enabled
  • Not shared with third parties

5. PWA Offline Storage

  • Service worker cache (manish-tiffins-apps-v3) — offline shell and static assets
  • Cached routes: portal, delivery, and kitchen login pages
  • Clear via browser "Clear site data" or app uninstall

6. Data Sale

MTOS does not sell customer data.

Cookie Policy | Manish Tiffins