Legal

Cookie Policy

Effective date: April 27, 2026 · Last updated: May 19, 2026

This Cookie Policy explains what cookies are, how EngageDM uses them, and your choices regarding cookies. By using the EngageDM platform, you consent to the use of cookies as described in this policy.

Table of Contents

What Are Cookies?
How We Use Cookies
Types of Cookies We Use
Third-Party Cookies
Your Cookie Choices
Do Not Track Signals
Updates to This Policy
Contact Us

1. What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They help websites remember information about your visit, such as your preferred language and authentication status, which makes your next visit easier and the site more useful to you.

Cookies may be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain on your device for a set period or until you delete them).

2. How We Use Cookies

EngageDM uses cookies for the following purposes:

Authentication: To keep you signed in to your account across pages and browser sessions.
Security: To help protect your account against cross-site request forgery (CSRF) attacks.
Session state: To remember which Instagram account (workspace) you last had active.

We do not use advertising cookies, analytics cookies (e.g., Google Analytics), or any third-party tracking cookies. Your theme preference (light/dark mode) is stored in your browser's localStorage, not in a cookie.

3. Types of Cookies We Use

Cookie Name	Purpose	Duration
`token`	Stores your authenticated session JWT. Required to keep you logged in across pages and browser sessions.	7 days
`active_workspace`	Remembers which Instagram account (workspace) you last had active so you don't have to re-select it on each visit.	Persistent (until you switch workspace or log out)
`csrf-token`	A double-submit CSRF token that protects your account against cross-site request forgery attacks. Set automatically on each page load and validated on all form submissions and API mutations.	Session
`ig_oauth_state`	A short-lived cookie set only during the Instagram account connection flow. Contains a signed, tamper-proof state value used to verify that the OAuth callback comes from a legitimate request (prevents CSRF during OAuth). Deleted immediately after the Instagram connection completes or fails.	10 minutes
`post_login_redirect`	A short-lived cookie set when you click a call-to-action link on the landing page before you are signed in. After you complete Google sign-in, we use this cookie to redirect you to the page you originally intended to visit. Deleted immediately after use.	Short-lived (cleared on use)
`recovery_link_state`	A short-lived, signed cookie set only when you initiate the recovery account linking flow from Settings → Account. Contains a tamper-proof token that carries your session identity across the Google OAuth round-trip. Deleted immediately after linking completes or fails.	10 minutes (cleared on use)

3.1 Strictly Necessary Cookies

All cookies EngageDM sets are strictly necessary for the platform to function securely. They are set in response to actions you take — such as logging in, switching workspace, or submitting a form. You can block these cookies in your browser, but you will not be able to use EngageDM without the token cookie.

4. Third-Party Cookies

EngageDM itself does not use any third-party tracking or analytics cookies. However, when you interact with third-party services integrated into the platform, those services may set their own cookies:

Razorpay — for payment processing. Razorpay may set cookies during the checkout flow. See Razorpay's Privacy Policy.
Google OAuth — for authentication. Google may set cookies as part of the OAuth sign-in flow. See Google's Privacy Policy.
Google Fonts — the Inter typeface is loaded from Google's CDN. Google may set cookies or collect your IP address as part of font delivery. See Google's Privacy Policy.

We do not have control over third-party cookies. Please refer to the respective third parties' privacy and cookie policies for more information.

5. Your Cookie Choices

Because all cookies EngageDM sets are strictly necessary for the platform to work, there are no non-essential cookies to opt out of. However, you can still control cookies via your browser:

5.1 Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically set your browser to: refuse all cookies; accept all cookies; notify you when a cookie is set; or delete existing cookies.

Note that deleting or blocking the token cookie will sign you out and prevent you from staying logged in. Blocking the csrf-token cookie will prevent form submissions from working correctly. Blocking ig_oauth_state will prevent you from connecting an Instagram account.

5.2 Clearing Cookies

To clear EngageDM cookies, use your browser's "Clear browsing data" or "Clear cookies" option. This will sign you out of your EngageDM session. Your account data is not affected.

6. Do Not Track Signals

Some browsers transmit a "Do Not Track" (DNT) signal to websites. Because EngageDM does not use any tracking, analytics, or advertising cookies, your DNT setting has no practical effect on how the platform operates. We do not change our data collection practices in response to DNT signals, as our cookies are strictly necessary for the platform to function and are already as minimal as possible.

7. Updates to This Policy

We may update this Cookie Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this page periodically to stay informed about how we use cookies.

8. Contact Us

If you have any questions about this Cookie Policy, please contact us:

Email: [email protected]
Website: engagedm.in/contact