Ishavi keeps the cookie surface small on purpose. The five entries below are the entire set. None are third-party. None are used for cross-site tracking. The consent banner on first visit covers the Functional and Analytics categories; Necessary cookies are always on because the site cannot run without them.
Necessary
Default: OnRequired for the platform to function. Authentication, tenant routing, security tokens, and the consent record itself. Cannot be turned off because the site cannot serve without them. EU consent mode: always-on under GDPR Recital 30 and PECR Reg. 6(4).
Functional
Default: OffImprove the experience but are not strictly required. Theme preference, future language preference, future remembered-region preference. Off by default in EU / UK; opt-in via the banner.
Analytics
Default: OffAnonymous usage telemetry (page views, interaction events, error rates) used to improve the product. None deployed today; this category is reserved for future use. Off by default in every jurisdiction; opt-in via the banner; categorical opt-out honoured.
| Name | Purpose | Category | Lifetime | Storage |
|---|---|---|---|---|
| ishavi.session | Recruiter authentication session token. Signed, httpOnly, SameSite=Lax. Cleared on sign-out. | Necessary | Session + 7 days sliding | Cookie |
| ishavi.candidate-session | Candidate session token bound to a single interview link. Scoped to the candidate routes. httpOnly, SameSite=Lax. | Necessary | 24 hours from issue | Cookie |
| ishavi.active-tenant | Active tenant ID for users who belong to multiple tenants. Read by the application to pick the data-residency boundary for the current request. | Necessary | Session + 30 days sliding | Cookie |
| ishavi.theme | Stores the user’s theme preference (light / dark / system) so the next visit avoids a flash of the wrong palette. | Functional | Persistent until cleared | localStorage |
| ishavi.cookie-consent | Records the cookie consent choice (accept-all or necessary-only) and timestamp. Read by the banner to decide whether to reappear and by future analytics scripts to gate loading. | Necessary | Persistent until cleared | localStorage |
The consent banner appears on first visit and records your choice in localStorage under ishavi.cookie-consent. To withdraw consent or change the category, clear that entry in your browser’s site data and reload the page; the banner reappears with the defaults. We will add an in-product manager when Functional or Analytics cookies are actually deployed; until then, the reset flow is the authoritative path.
Questions or complaints: email privacy@ishavi.app. EU and UK residents may also lodge a complaint with their national supervisory authority -- the right is unconditional.
Cookie consent
Ishavi uses strictly necessary cookies to run the authentication session and remember your tenant. Analytics and functional cookies are off by default. You can change this at any time on the cookie policy page.