Cookie Policy
Effective date: April 17, 2026 · Last updated: May 10, 2026
This Cookie Policy explains how MailSetu ("we", "us", "our") uses cookies and similar technologies on our website and dashboard at mailssetu.in.
1. What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work, to improve efficiency, and to provide information to the site owners. Cookies may be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain on your device for a set period or until you delete them).
Similar technologies include:
- localStorage (optional): may store a legacy Bearer token only if your deployment enables token-in-body mode for API tooling.
- HTTP cookies: used for dashboard session (HttpOnly access token) and CSRF protection.
2. Cookies We Use
MailSetu takes a minimal approach to cookies. We use strictly necessary cookies for auth and first-party browser storage for lightweight journey analytics. We do not use any advertising, tracking, or analytics cookies from third parties.
2.1 Strictly Necessary
These are essential for the website to function. The Service cannot be provided without them. You cannot opt out of these cookies.
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ms_access | Cookie (HttpOnly) | 30 days / until sign-out | Session JWT for the dashboard API origin; not readable by JavaScript. |
| ms_csrf | Cookie (not HttpOnly) | 30 days / until sign-out | Double-submit CSRF token paired with the X-CSRF-Token header on mutating requests. |
| __next_locale | Cookie | 1 year | Set by Next.js to remember your locale preference. |
2.2 First-Party Browser Storage
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ms_journey_visitor_id | localStorage | Persistent until cleared | First-party anonymous visitor identifier used to understand repeat visits and attribution without relying on third-party analytics tools. |
| ms_journey_session_id | localStorage | Rotated per browser session | Lets us map page transitions, landing pages, and drop-off points through a single journey. |
| ms_journey_first_touch | localStorage | Persistent until cleared | Stores the first known referrer and UTM parameters so attribution remains stable throughout onboarding. |
3. What We Do Not Use
We do not use:
- Google Analytics, Mixpanel, Amplitude, or any third-party analytics cookies.
- Facebook Pixel, Google Ads tags, or any advertising/retargeting cookies.
- Hotjar, FullStory, or any session recording tools.
- Any cross-site tracking or fingerprinting technologies.
4. First-Party Product Analytics
We collect basic first-party journey analytics events from our own website and dashboard so we can understand where visitors come from, which pages they land on, where they drop off, and how onboarding is performing. These events are sent only to MailSetu-controlled infrastructure and are not shared with external advertising networks.
When available from your hosting proxy, we may record coarse geo headers such as country or region. We do not use browser geolocation prompts for this purpose.
5. Email Tracking Pixels
As part of the Service, if you enable open tracking on emails you send through MailSetu, we insert a 1×1 pixel image into the HTML body of those emails. When a recipient opens the email and their email client loads images, this pixel reports the open event back to us. This event is logged against the email record in your account.
Similarly, if you enable click tracking, links in your emails are rewritten through our tracking redirect domain. When a recipient clicks a link, we record the click event before redirecting them to the original URL.
You are responsible for disclosing these tracking practices to your email recipients as required by applicable law (e.g., GDPR, DPDP Act). You may disable open and click tracking per-email via the API or globally in your domain settings.
6. Managing Cookies
You can control and delete cookies through your browser settings. Note that disabling strictly necessary cookies (including clearing site data for the API host) will sign you out of the dashboard and prevent you from remaining logged in.
Browser-specific instructions:
- Chrome: Settings → Privacy and security → Cookies and other site data.
- Firefox: Options → Privacy & Security → Cookies and Site Data.
- Safari: Preferences → Privacy → Manage Website Data.
- Edge: Settings → Cookies and site permissions.
7. Changes to This Policy
We may update this Cookie Policy to reflect changes in the technologies we use or changes in law. Any updates will be posted on this page with a revised effective date.
8. Contact
- Privacy queries: privacy@mailssetu.in
- Address: MailSetu, Mumbai, Maharashtra, India — 400001