Telemetry & Infrastructure Node
Cookie & Telemetry Tracking Policy
Last Updated: May 21, 2026 | Enterprise Revision 5.0
TECHNICAL ARCHITECTURE NOTICE
This document governs browser tracking, local storage elements, and API telemetry across vyaparies.com, all platform-generated subdomains, and the Khata Bahi interface. Vyaparies Technologies (a Sole Proprietorship) is a Pure SaaS Technology Provider. We deploy data-minimizing local storage strictly to secure infrastructure, route SaaS subscriptions, and isolate system telemetry from retail transaction pipelines, completely shielding the Sole Proprietor from consumer tracking liabilities.
1. SCOPE OF TRACKING & INFRASTRUCTURE BOUNDARIES
Unlike an e-commerce marketplace or data broker network, our Platform does not deploy behavioral profiling cookies, cross-site advertisement trackers, or hidden marketing pixels to identify end-consumers across the web. Tracking is strictly limited to the technical telemetry required to authenticate Vendor dashboards, process SaaS billing, and secure the network architecture.
The Fintech Shield (No Payment Tracking): End-consumer storefront checkouts execute direct P2P UPI Intent handshakes via external banking applications (e.g., Google Pay, PhonePe, Paytm). No cookie-based session logs tracking consumer credit cards, UPI PINs, or personal bank credentials ever pass through, render, or reside within the Platform's local storage or cloud databases.
2. ITEMIZED INVENTORY OF COOKIES & LOCAL DATA OBJECTS
To satisfy the granular visibility mandates of the Digital Personal Data Protection (DPDP) Act, 2023, the Platform explicitly catalogs the specific tracking vectors utilized below:
| Technical Vector | Classification | Functional Purpose & Lifespan |
|---|---|---|
| __next_auth.session | Strictly Necessary (First-Party) | Authenticates secure Vendor logins, manages active JWT state, and routes dashboard tokens within Next.js middleware layers. Cleared on logout/browser close. |
| __XSRF-TOKEN-SECURE | Strictly Necessary (First-Party) | Crucial security token generated to prevent Cross-Site Request Forgery (CSRF) attacks across data mutations. Persistent (24 Hours). |
| rzp_device_id | Functional Essential (Third-Party) | Dropped securely via Razorpay API integrations. Essential to process B2B SaaS subscription renewals and block fraudulent payment tokenization. Governed by Razorpay networks. |
| __vyp_telemetry_shield | Security Analytics (First-Party) | Logs IP structures and API interaction velocity. Utilized exclusively to prevent data scraping, bot activity, and DDoS attacks against the NLP engine. 1 Year (Cybersecurity audit retention). |
3. SUBDOMAIN TRACKING ISOLATION & VENDOR INDEMNITY
The Company explicitly clarifies that independent Vendors may deploy their own web layouts and integrate third-party marketing tags (e.g., Google Analytics, Meta Pixels, custom tag managers) across their platform-generated store subdomains.
THE VENDOR AS PRINCIPAL DATA FIDUCIARY: If a Vendor embeds custom tracking scripts or retargeting codes on their storefront, they operate strictly as the Principal Data Fiduciary for that tracking layer under the DPDP Act, 2023.
The Company does not review, control, or execute scripts on behalf of Vendor configurations. The Vendor bears 100% legal liability to provide explicit cookie consent banners and opt-out mechanisms for their end-consumers. The Vendor fully indemnifies Vyaparies Technologies and its Sole Proprietor against any privacy penalties, consumer forum actions, data breaches, or regulatory fines caused by tracking components embedded inside their specific subdomains.
4. CONSENT WITHDRAWAL, BROWSER CONTROLS, & NLP IMMUNITY
- Consent & Rejection: The Platform implements a granular Cookie Consent Banner upon initial UI load. Users maintain an unconditional right to withdraw consent for non-essential telemetry via browser settings.
- Blocking Necessary Cookies: Users can configure their browsers to block all cookies. However, disabling “Strictly Necessary” tokens will instantly break Next.js authentication loops, rejecting server payloads, and permanently denying Vendor access to the management dashboard.
- Khata Bahi Transient Buffer Immunity: Browser cookies track technical session states, not conversational text inputs. Any customer ledger records typed by the Vendor into our conversational parser completely bypass persistent cookies. They are processed via our isolated Transient Buffer and are automatically shredded post-computation, immunizing the platform from data retention claims.
5. TECHNICAL ANTI-ABUSE POLICIES & INSTANT TAKEDOWN RIGHT
The telemetry objects embedded within our systems exist strictly to enforce security and protect the proprietary Next.js source code and NLP datasets of Vyaparies Technologies. Users are explicitly prohibited from running botnets, scraper modules, or automated intercept sequences to alter, mask, or manipulate these telemetry headers.
Any verified attempt by a Vendor or third-party entity to spoof device IDs, bypass API rate limits, scrape platform subdomains, or flood API endpoints to execute reverse-engineering loops constitutes severe technical abuse. This directly triggers the Company's unilateral Instant Takedown Right, resulting in an immediate account freeze, permanent database deletion, and absolute forfeiture of SaaS subscription balances without refund, alongside immediate civil action.
6. LIABILITY CAP & JURISDICTIONAL VENUE LOCK
The 3-Month Matrix: Any operational disputes, technical failures, or privacy negligence claims relating to tracking cookies or system telemetry fall strictly under the structural liability cap. The total aggregate liability of Vyaparies Technologies and its Sole Proprietor for commercial Vendors is strictly limited to the SaaS subscription fees paid by that Vendor in the three (3) months immediately preceding the dispute.
Platform liability toward non-paying End-Consumers for any tracking or telemetry anomaly is capped at absolute zero (INR 0.00).
Binding Arbitration (Satna Lock): All business disputes, compliance audits, or civil claims regarding data telemetry and tracking scripts shall bypass civil courts and be resolved exclusively through private binding arbitration under the Arbitration and Conciliation Act, 1996. The seat, venue, and sole jurisdiction for this arbitration shall be strictly locked to Satna, Madhya Pradesh, India, presided over by a Sole Arbitrator appointed by the Company.
7. STATUTORY COMPLIANCE & SUPPORT DESK
In strict compliance with the Information Technology (Intermediary Guidelines) Rules and DPDP Act mandates, inquiries regarding technical telemetry, right-to-erasure requests, or cookie management must be addressed to our unified compliance channel:
Designated Officer: Technical Compliance & Support Cell
Legal Entity: Vyaparies Technologies (Sole Proprietorship)
Jurisdictional Seat: Satna, Madhya Pradesh, India
Unified Help Desk: support@vyaparies.com
Statutory SLA: Technical tracking issues, telemetry concerns, or data erasure requests are acknowledged within 24 hours and fully resolved within 15 working days.