Cookie Policy - Oryn Inventory

1 What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work efficiently, provide a better user experience, and supply information to the owners of the site.

This Cookie Policy explains how Oryn Systems LLC ("we," "our," or "us") uses cookies and similar technologies on the Oryn Inventory Management System ("Service"). This Cookie Policy should be read alongside our Privacy Policy, which provides further detail on how we handle personal data.

2 Similar Technologies

In addition to traditional cookies, we may use the following similar technologies:

Local Storage — HTML5 local storage allows us to store small amounts of data in your browser that persists across sessions. Unlike cookies, local storage data is not automatically sent to the server
Session Storage — Similar to local storage, but data is cleared when you close the browser tab or window. Used for temporary state management within a single session
IndexedDB — A client-side database used for structured data caching, such as offline-ready inventory records or search indices
Web Workers / Service Workers — Background scripts that may cache assets locally for performance optimization. Service workers do not access or transmit personal data
Server-Side Session Storage — We store session data on our servers, linked to a session cookie in your browser. Server-side session data is encrypted and automatically expires

All references to "cookies" in this policy also apply to these similar technologies, unless otherwise stated.

3 Cookies We Use

We use only strictly necessary cookies that are essential for the Service to function. We do not use advertising, tracking, or third-party analytics cookies.

Cookie Name	Purpose	Type	Duration
session	Maintains your logged-in state and session data	Strictly Necessary	Session / until logout
_csrf_token	Cross-site request forgery protection; prevents unauthorized actions on your behalf	Strictly Necessary	Session
remember_token	"Remember me" functionality for persistent login across browser sessions	Functional	30 days

3.1 Cookie Attributes

All cookies set by our Service use the following security attributes where applicable:

HttpOnly — Session and CSRF cookies are marked HttpOnly, preventing client-side JavaScript from accessing them
Secure — All cookies are transmitted only over HTTPS encrypted connections
SameSite — We use the SameSite=Lax attribute to prevent cross-site request forgery while allowing normal navigation
Domain Scope — Cookies are scoped to our Service domain only and are not accessible by third-party domains

4 Local Storage

In addition to cookies, we use browser local storage for client-side preferences. These are not transmitted to our servers:

Key	Purpose	Duration
oryn-theme	Stores your light/dark mode preference	Persistent
oryn-sidebar-collapsed	Remembers whether the sidebar is collapsed or expanded	Persistent
oryn-table-preferences	Stores column visibility, sort order, and page size preferences for data tables	Persistent
oryn-recent-searches	Stores your recent search queries for quick access	Persistent (max 20 items)

No Tracking: We do not use Google Analytics, Facebook Pixel, or any other third-party tracking technologies. Your browsing activity on our Service is not shared with advertisers or third-party analytics platforms.

5 Consent Mechanism

Because we use only strictly necessary cookies (which are required for the Service to function), we rely on the following legal bases for cookie use:

Strictly Necessary Cookies — These cookies do not require consent under GDPR Article 5(3) of the ePrivacy Directive, as they are essential for providing the Service you have requested. You cannot opt out of these cookies while using the Service
Functional Cookies — The "remember me" cookie is set only when you affirmatively check the "Remember me" checkbox at login, which constitutes your consent to that specific cookie
Local Storage — Local storage data is set based on your explicit interactions (e.g., toggling dark mode, collapsing the sidebar). This constitutes implied consent through your affirmative action

If we introduce non-essential cookies in the future (e.g., analytics, performance), we will implement a cookie consent banner that allows you to accept or reject each category of non-essential cookies before they are set. Consent preferences will be stored and respected across sessions.

6 Third-Party Cookies

Our Service loads fonts from Google Fonts. Google may set cookies related to font delivery. These are governed by Google's Privacy Policy. We do not control these cookies.

If you use a third-party payment processor (e.g., Stripe) through our Service, they may also set cookies subject to their own cookie and privacy policies.

We are not responsible for the cookie practices of any third party. We encourage you to review the cookie policies of any third-party services you interact with through our Service.

7 Managing Cookies

You can manage or delete cookies through your browser settings. Please note that if you disable strictly necessary cookies, the Service may not function properly — you will not be able to log in or maintain a session.

Browser-Specific Instructions

Chrome: Settings → Privacy and Security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

To clear local storage data, use your browser's Developer Tools (usually accessible via F12) and navigate to the Application or Storage tab.

8 Cookie Audit Log and Compliance

We conduct periodic audits of our cookie usage to ensure compliance with applicable privacy regulations:

Quarterly Review — We review all cookies and similar technologies set by the Service on a quarterly basis to ensure accuracy of this policy
New Cookie Assessment — Before introducing any new cookie or similar technology, we conduct a privacy impact assessment to determine whether consent is required
Regulatory Compliance — Our cookie practices are designed to comply with the EU ePrivacy Directive (Directive 2002/58/EC), GDPR, UK PECR, and California's CPRA
Documentation — We maintain internal records of all cookies set by the Service, including their purpose, legal basis, and retention period

9 Impact of Disabling Cookies

The table below describes the impact of disabling or blocking the cookies used by our Service:

Cookie / Technology	Impact if Disabled
session	You will not be able to log in or maintain an authenticated session. The Service will be completely inaccessible
_csrf_token	Form submissions will fail with security errors. You will be unable to create, update, or delete records
remember_token	You will need to log in each time you visit the Service, but all other functionality will work normally
Local Storage	Your theme preference, sidebar state, and table preferences will reset to defaults on each visit. Core functionality is unaffected

10 Changes to This Policy

We may update this Cookie Policy from time to time to reflect changes in our technology, practices, or legal requirements. We will update the "Last Updated" date at the top of this page. If we introduce non-essential cookies or make material changes to our cookie practices, we will notify users via email or in-app notification.

11 Contact Us

If you have questions about our use of cookies or similar technologies, please contact us:

Email: [email protected]