MyJanji← Back

Cookie Policy

Effective: 19 July 2026 · MyJanji (myjanji.com)

This Cookie Policy explains how MyJanji (myjanji.com) uses cookies and similar technologies. In short: we use only strictly-necessary cookies to run the service securely — no advertising cookies, no cross-site tracking, and no third-party analytics. It sits alongside our Privacy Policy and is effective 19 July 2026.

What cookies are

Cookies are small text files a website stores in your browser. Related technologies — such as browser local storage and session storage — read or write information on your device in a similar way. Throughout this policy, references to "cookies" include these equivalent storage technologies, because the same rules apply to any information stored on or read from your device.

We use them for a narrow, functional purpose: to keep you signed in, remember your basic preferences, and protect the service against abuse.

The only cookies we use: strictly necessary

MyJanji sets only essential cookies — the ones without which the platform cannot securely deliver the pages and features you request. These fall into three groups:

  • Session and authentication — keep you logged in as you move between pages, and hold the staff access token for team members. Without these, sign-in does not work. These cookies are set with secure, HTTP-only and same-site protections and are not used to track you across other websites.
  • Security and CSRF protection — help verify that requests genuinely come from you and defend against cross-site request forgery.
  • Preferences — remember lightweight choices such as your language and light/dark theme so the interface stays as you left it.

We do not use third-party advertising cookies, cross-site tracking pixels, social-media tracking cookies, or any analytics software at all — no Google Analytics, no product-analytics or heat-mapping SDKs. Every cookie we set is first-party and essential to running the service.

Cookie reference table

The exact names may vary as we maintain the platform, but every cookie we set falls within the categories below. Durations are approximate.

CategoryPurposeRoughly how long
Session / authenticationKeeps you signed in; carries the staff access token for team membersSession, or until you sign out / the session expires
Security / CSRFVerifies that requests come from you; guards against cross-site request forgerySession
PreferencesRemembers language and light/dark themePersistent (until cleared), typically up to ~12 months

Some sign-in cookies are set by our authentication and database provider (Supabase) to keep your session valid; they serve the same essential login purpose and are not used to track you across other websites.

Referral links (?ref=)

If you arrive through a referral link, the web address may include a ?ref= value identifying who referred you. We read that value from the URL and process it on our servers to attribute referral credit. It reflects only how you reached us.

This is a first-party attribution value handled server-side. It is not an advertising or cross-site tracking cookie, is not shared with ad networks, and is not used to build a profile of you. Because it is not stored on your device as a persisting marketing cookie, it does not appear in the essential-cookie table above.

Consent and your choices

Every cookie we set is strictly necessary to provide a service you have asked for. Under EU/UK ePrivacy rules, cookies that are strictly necessary to deliver a service you explicitly requested do not require prior consent — so we do not show a cookie consent banner, because there is nothing non-essential to opt into. This same analysis applies equally to cookies and to equivalent device storage (such as local and session storage): the essential-only position does not depend on which storage mechanism is used.

In Malaysia and other jurisdictions that do not operate an ePrivacy-style cookie regime, we use these essential cookies on the basis that they are necessary to provide the service you have requested, consistent with general notice-and-consent principles under laws such as the PDPA.

You remain in control. Every major browser lets you view, block, or delete cookies through its settings. You can restrict or clear our cookies at any time.

If you block or delete essential cookies, core functions will stop working — most notably you will not be able to log in or stay signed in, and security protections may fail. These cookies exist to run the service, not to profile you.

If this ever changes

If in future we introduce analytics or any non-essential cookies or device storage, we will update this policy first, clearly describe what is added, and — where the law requires it — ask for your consent before those technologies are set, giving you a genuine choice to accept or decline. Until then, this policy reflects our actual, essential-only practice.

More information

How we handle personal data more broadly — including the roles we play (as a processor for our business customers and as a controller for account, billing and security data), the categories of data we process, international transfers, retention and your data-protection rights — is set out in our Privacy Policy.

Questions about this Cookie Policy can be sent to [email protected]. This policy is provided by MyJanji, based in Malaysia, and is governed by the laws of Malaysia, with the courts of Malaysia having exclusive jurisdiction. Effective date: 19 July 2026.