Cookie Policy
Automate Routine
Effective Date: 7 June 2026
1. Introduction
This Cookie Policy explains how Automate Routine ("we," "our," or "us") uses cookies and similar technologies when you visit or use our platform at www.automateroutine.com (the "Service").
This Policy should be read together with our Privacy Policy, which provides further detail on how we process personal data collected through cookies and other technologies.
DPDP Act 2023 Notice: Under India's Digital Personal Data Protection Act, 2023 and DPDP Rules, 2025, cookies that collect personal data (such as device identifiers, IP addresses, or behavioural data) require your explicit, informed consent before they are placed, except for strictly necessary cookies required for the Service to function. We do not fire analytics or optional cookies until you have provided consent.
2. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile) when you visit a website. They help websites recognise your device, remember your preferences, and provide security features.
Cookies may be:
- Session cookies, temporary; deleted automatically when you close your browser;
- Persistent cookies, stored on your device for a defined period or until you delete them; and
- First-party cookies, set by Automate Routine directly, versus third-party cookies set by external services.
We also use technologies similar to cookies, such as browser localStorage, for storing user preferences (e.g., workspace selection) on your device.
3. Cookies We Use
A. Strictly Necessary Cookies
These cookies are essential for the Service to function. They cannot be disabled without preventing you from logging in or using secure features. Your consent is not required for these cookies; they are placed automatically.
| Cookie Name | Set By | Duration | Purpose |
|---|---|---|---|
| __Secure-next-auth.session-token | Automate Routine (NextAuth.js) | 30 days | Authenticates your session after login. HTTP-only, Secure, SameSite=Lax. Deleted on logout. |
| __Host-next-auth.csrf-token | Automate Routine (NextAuth.js) | Session | Protects against Cross-Site Request Forgery (CSRF) attacks on all authenticated form submissions. HTTP-only, Secure. |
| __Secure-next-auth.callback-url | Automate Routine (NextAuth.js) | Session | Stores the URL to redirect you to after completing OAuth sign-in (Google or GitHub). Deleted after redirect. |
B. Functional Cookies & Local Storage
These technologies enhance your experience by remembering your preferences. They are not essential but improve usability. Consent is required for these where they collect or process personal data.
| Technology / Name | Type | Duration | Purpose |
|---|---|---|---|
| selectedWorkspaceId (localStorage) | Browser localStorage (first-party) | Until cleared or logout | Remembers your last-selected workspace so you don't need to re-select it on every visit |
C. Analytics Cookies
We do not currently use third-party analytics cookies (such as Google Analytics, Mixpanel, or Hotjar). If we introduce analytics cookies in the future, we will update this Policy and obtain your explicit consent before placing them. Analytics cookies will only be activated after you opt in via our consent banner.
D. Third-Party Cookies (Security & OAuth)
The following third-party cookies may be placed during OAuth sign-in or security verification. These are strictly necessary for those authentication flows.
| Set By | Cookie / Technology | Duration | Purpose |
|---|---|---|---|
| Google LLC (reCAPTCHA v3) | _GRECAPTCHA | 6 months | Bot detection on registration and login forms. Google's reCAPTCHA analyses user behaviour to distinguish humans from bots. Subject to Google's Privacy Policy. |
| Google LLC (OAuth) | Google OAuth state token (session) | Session | CSRF protection during Google OAuth sign-in flow. Only placed if you choose "Sign in with Google." |
| GitHub Inc. (OAuth) | GitHub OAuth state token (session) | Session | CSRF protection during GitHub OAuth sign-in flow. Only placed if you choose "Sign in with GitHub." |
4. Legal Basis for Cookie Use (India, DPDP Act 2023)
Under the Digital Personal Data Protection Act, 2023 and DPDP Rules, 2025, cookies that collect personal data require consent unless they are strictly necessary for the Service:
| Cookie Category | Legal Basis | Consent Required? |
|---|---|---|
| Strictly Necessary (authentication, CSRF) | Legitimate interest / contractual necessity, essential for Service delivery | No, placed automatically |
| Functional (localStorage preferences) | Consent | Yes, activated on opt-in |
| Analytics (if introduced in future) | Explicit consent | Yes, blocked until opt-in; never implied from continued use |
| Third-party / OAuth (reCAPTCHA, Google sign-in, GitHub sign-in) | Contractual necessity, only placed during the specific OAuth flow you initiate | Implicit, placed only if you actively choose Google/GitHub sign-in |
We do not use the "continued use of the Service" as a substitute for explicit consent for non-essential cookies. Consent is obtained via a separate, granular consent banner at the first visit.
5. Managing Your Cookie Preferences
Platform Cookie Banner
When you first visit our website, you will see a cookie consent banner that allows you to:
- Accept all cookie categories;
- Accept only strictly necessary cookies; or
- Choose your preferences for each category separately (granular toggles per category).
Your preferences are saved and you can update them at any time by clicking the "Cookie Preferences" link in the footer of any page. Withdrawing consent for optional cookies is as straightforward as giving it.
Browser Settings
You can also control cookies through your browser settings. Most browsers allow you to:
- View and delete existing cookies;
- Block all cookies from a specific site; or
- Block third-party cookies.
Instructions for common browsers:
Disabling strictly necessary cookies (authentication and CSRF cookies) will prevent you from logging in to the Service.
6. Do Not Track
Some browsers include a "Do Not Track" (DNT) signal. As we do not currently use cross-site tracking or behavioural advertising cookies, this signal does not materially change our cookie behaviour. We do not sell or share personal data collected via cookies for advertising purposes.
If we introduce any tracking technologies in the future that would be affected by DNT signals, we will update this Policy accordingly.
7. Cookies and Personal Data
Some cookies described above collect or are associated with personal data (such as your device identifier or session ID). Such data is processed in accordance with our Privacy Policy. Your rights under the DPDP Act, 2023 (including the right to access, correct, erasure, and withdraw consent) apply to personal data collected through cookies, and are exercisable by contacting us as described in the Privacy Policy.
8. Updates to This Cookie Policy
We may update this Cookie Policy when we add, remove, or change the cookies we use. Material changes will be communicated via a notice on the Service and/or by email. The "Effective Date" at the top of this page reflects the date of the most recent version.
9. Contact Information
For questions or concerns about this Cookie Policy, please contact us at:
Automate Routine
Phase 8B, Industrial Area
Mohali, 160071, Punjab, India
Email: support@automateroutine.com