This Cookie Policy explains how HAIEC Inc. (“HAIEC,” “we,” “us”) uses cookies and similar technologies on haiec.com. This policy supplements our Privacy Policy.

Summary

We use only essential cookies required for the platform to function
We use privacy-focused analytics (Vercel Analytics) that do not use cookies for tracking
We do not use advertising cookies or third-party tracking cookies
We do not sell data collected via cookies

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They are used to remember your preferences, maintain your session, and provide essential functionality.

“Similar technologies” include localStorage and sessionStorage, which serve similar purposes but are stored differently in your browser.

2. Cookies We Use

Essential Cookies (Strictly Necessary)

These cookies are required for the platform to function. They cannot be disabled.

Cookie	Purpose	Duration	Provider
next-auth.session-token	Maintains your authenticated session	Session (expires on browser close or after 24 hours)	HAIEC (NextAuth.js)
next-auth.csrf-token	Prevents cross-site request forgery attacks	Session	HAIEC (NextAuth.js)
next-auth.callback-url	Stores the return URL after authentication	Session	HAIEC (NextAuth.js)
__Secure-next-auth.session-token	Secure session token (HTTPS only)	Session	HAIEC (NextAuth.js)

Local Storage (Similar Technologies)

We use browser localStorage for the following purposes:

Key	Purpose	Data Stored
Wizard progress	Saves compliance wizard progress so you can resume later	Encrypted assessment responses (no PII)
UI preferences	Remembers sidebar state, theme preferences	UI configuration only
Demo state	Tracks onboarding demo progress	Step index and completion status
Scan preferences	Remembers email notification preferences for scans	Boolean toggle value

3. Cookies We Do NOT Use

Advertising cookies: We do not run ads or use advertising tracking pixels.
Third-party tracking cookies: We do not embed Google Analytics, Facebook Pixel, or similar tracking services.
Cross-site tracking: We do not track your activity across other websites.
Fingerprinting: We do not use browser fingerprinting techniques.

4. Analytics

We use Vercel Analytics for privacy-focused web analytics. Vercel Analytics:

Does not use cookies for tracking
Does not collect personally identifiable information
Collects only anonymized, aggregated page view data
Is compliant with GDPR, CCPA, and PECR without requiring cookie consent

5. Third-Party Service Cookies

The following third-party services may set their own cookies when you interact with their features:

Service	When Used	Cookie Policy
Stripe	During payment processing (checkout page only)	https://stripe.com/privacy
GitHub	During OAuth login flow	https://docs.github.com/en/site-policy/privacy-policies
Google	During OAuth login flow	https://policies.google.com/privacy

6. Managing Cookies

You can manage cookies through your browser settings. Most browsers allow you to:

View what cookies are stored and delete them individually
Block third-party cookies
Block all cookies from specific sites
Block all cookies entirely
Delete all cookies when you close your browser

Note: Blocking essential cookies will prevent you from logging in to HAIEC. The platform requires session cookies to function.

7. Legal Basis (GDPR / ePrivacy)

Essential cookies: Set under the “strictly necessary” exemption (Article 5(3) ePrivacy Directive). No consent required.
Analytics: Vercel Analytics does not use cookies and processes only anonymized data. No cookie consent required under ePrivacy Directive.

Because HAIEC uses only essential cookies and cookie-free analytics, we do not display a cookie consent banner. If we add non-essential cookies in the future, we will implement a consent mechanism before deployment.

Questions?

For questions about our cookie practices:

Email: privacy@haiec.com
General: contact@haiec.com

Cookie Policy