Ishavi keeps the cookie surface small on purpose. The five entries below are the entire set. None are third-party. None are used for cross-site tracking. The consent banner on first visit covers the Functional and Analytics categories; Necessary cookies are always on because the site cannot run without them.
Necessary
Default: OnRequired for the platform to function. Authentication, tenant routing, security tokens, and the consent record itself. Cannot be turned off because the site cannot serve without them. EU consent mode: always-on under GDPR Recital 30 and PECR Reg. 6(4).
Functional
Default: OffImprove the experience but are not strictly required. Theme preference, future language preference, future remembered-region preference. Off by default in EU / UK; opt-in via the banner.
Analytics
Default: OffAnonymous usage telemetry (page views, interaction events, error rates) used to improve the product. None deployed today; this category is reserved for future use. Off by default in every jurisdiction; opt-in via the banner; categorical opt-out honoured.
| Name | Purpose | Category | Lifetime | Storage |
|---|---|---|---|---|
| ishavi.session | Recruiter authentication session token. Signed, httpOnly, SameSite=Lax. Cleared on sign-out. | Necessary | Session + 7 days sliding | Cookie |
| ishavi.candidate-session | Candidate session token bound to a single interview link. Scoped to the candidate routes. httpOnly, SameSite=Lax. | Necessary | 24 hours from issue | Cookie |
| ishavi.active-tenant | Active tenant ID for users who belong to multiple tenants. Read by the application to pick the data-residency boundary for the current request. | Necessary | Session + 30 days sliding | Cookie |
| ishavi.theme | Stores the user’s theme preference (light / dark / system) so the next visit avoids a flash of the wrong palette. | Functional | Persistent until cleared | localStorage |
| ishavi.cookie-consent | Records the cookie consent choice (accept-all or necessary-only) and timestamp. Read by the banner to decide whether to reappear and by future analytics scripts to gate loading. | Necessary | Persistent until cleared | localStorage |
The consent banner appears on first visit and records your choice in localStorage under ishavi.cookie-consent. To withdraw consent or change the category, clear that entry in your browser’s site data and reload the page; the banner reappears with the defaults. We will add an in-product manager when Functional or Analytics cookies are actually deployed; until then, the reset flow is the authoritative path.
Questions or complaints: email privacy@ishavi.app. EU and UK residents may also lodge a complaint with their national supervisory authority -- the right is unconditional.