Cookie Policy

Effective Date: 27 May 2026Version: 2.0Controller: SilicaSecure Private Limited (CIN, New Delhi, India)

1. About this policy

This Cookie Policy explains how SilicaSecure Private Limited ("SilicaSecure", "we", "us", "our") uses cookies and similar tracking technologies (collectively, "cookies") on silicasecure.com and any associated subdomains (the "Site").

It is designed to comply with — at a minimum — the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the EU ePrivacy Directive (2002/58/EC, as transposed into Member State law), the UK GDPR and PECR, India's Digital Personal Data Protection Act 2023 ("DPDP Act"), the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), Brazil's Lei Geral de Proteção de Dados ("LGPD"), Canada's PIPEDA, and South Africa's POPIA. It should be read together with our Privacy Policy.

2. What are cookies and similar technologies?

Cookies are small text files placed on your device by your browser when you visit a site. They allow the site to recognise your device on subsequent visits, remember choices, and collect aggregate information. We also use comparable technologies — localStorage, sessionStorage, pixels, SDKs, and server-side fingerprints — and treat them under this policy as if they were cookies.

Cookies may be first-party (set by SilicaSecure) or third-party (set by a service we embed, such as our analytics or CDN provider). They may be session cookies (deleted when you close the browser) or persistent cookies (retained for a defined period).

3. Categories of cookies we use

We group cookies into the following categories. You can accept, reject, or selectively enable each category (other than Strictly Necessary) at any time using the controls described in section 6.

3.1 Strictly Necessary

Required to deliver the Site, authenticate users, route requests, prevent fraud, balance load, and record your cookie consent. These cannot be disabled without breaking core functionality.

Legal basis:Article 6(1)(b) GDPR (contractual necessity) or 6(1)(f) (our legitimate interest in operating a secure site). Treated as "strictly necessary" under Article 5(3) of the ePrivacy Directive, so no consent is required.

3.2 Functional

Remember choices you make (theme, language, region) so the Site behaves consistently. Disabling them will not break the Site but you may need to re-set preferences each visit.

Legal basis: Your consent (Art. 6(1)(a) GDPR; § 6/§ 7 DPDP Act).

3.3 Analytics & Performance

Help us understand how visitors use the Site in aggregate (page views, navigation paths, performance metrics) so we can improve it. We do not currently use any third-party analytics provider; this category controls any future use and would only be loaded after you accept.

Legal basis: Your consent. Loaded only after you accept this category.

3.4 Marketing

Used to measure the effectiveness of campaigns, attribute conversions, and (where applicable) tailor advertising. We do not currently set any marketing cookies; this toggle pre-emptively controls any future use and any signals that may be shared with advertising partners.

Legal basis: Your consent.

4. Cookies inventory

The table below lists every cookie or storage entry we set, or that a third-party we embed sets on our behalf, together with its purpose, provider, retention period, and legal basis. We refresh this inventory at least quarterly.

Cookie / Storage keyCategoryPurposeProviderRetentionLegal basis
silicasecure-cookie-consentStrictly NecessaryStores your cookie consent choices, the version of the policy you consented to, and the timestamp of your decision so we can honour and demonstrate your preferences.SilicaSecure (first-party, localStorage)Until cleared or until policy version changesLegitimate interest / legal obligation to record consent
Authentication session cookiesStrictly NecessaryMaintain your authenticated session, refresh access tokens, and protect against CSRF when you sign in to a customer portal. Set as first-party, HttpOnly cookies by our managed authentication service.Managed authentication provider (first-party HttpOnly cookie)Session and up to 7 daysContractual necessity (Art. 6(1)(b) GDPR)
silicasecure-themeFunctionalRemembers your light/dark theme preference between visits.SilicaSecure (first-party, localStorage)Until clearedConsent (Art. 6(1)(a) GDPR; § 7 DPDP Act)
Hosting / edge cookies (none by default)Strictly NecessaryOur hosting and content-delivery provider may set short-lived cookies if we enable specific features such as edge A/B testing, server-side forms, or identity. None of these are enabled today, so no such cookies are set in the default configuration. Disclosed here for transparency.Hosting provider (third-party, only if feature enabled)Session – 1 year (varies by feature)Legitimate interest (Art. 6(1)(f) GDPR) — site delivery

Some browsers or extensions may set additional cookies outside our control. Where a third party processes data on our behalf, we have a data processing agreement in place.

5. International data transfers

SilicaSecure is established in India. The third-party processors described in section 4 operate globally, which means data sent via their services may be processed in the United States, the European Economic Area, or other jurisdictions. Our current named sub-processors are published at silicasecure.com/sub-processors, and further detail is available on request from dpo@silicasecure.com.

Where personal data leaves the EEA or the UK, we rely on the European Commission's Standard Contractual Clauses (2021/914) and, for the United Kingdom, the UK International Data Transfer Addendum. Transfers under the DPDP Act are made only to jurisdictions not restricted by the Central Government under § 16 of the Act. For CCPA/CPRA, transfers are accompanied by service-provider commitments that the recipient will not "sell" or "share" the personal information.

6. Your choices and how to control cookies

You are in control. You can:

  • Accept, reject, or customisecategories using the cookie banner shown on your first visit. "Reject All" is given equal prominence to "Accept All".
  • Change your mind at any timeby clicking the "Cookie Preferences" link in the footer of every page, or the button below.
  • Send a Global Privacy Control (GPC) signal from your browser — we honour it as an opt-out under CCPA/CPRA, Colorado, and Connecticut law and auto-decline all non-essential cookies.
  • Use your browser controls to block or delete cookies entirely. Instructions for Chrome, Firefox, Safari, and Edge.

Withdrawing consent is as easy as granting it, and withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Withdraw consent at any time, with future effect;
  • Data portability in a structured, commonly used, machine-readable format;
  • Lodge a complaint with a supervisory authority — for example, the Data Protection Board of India under § 27 DPDP Act, the Information Commissioner's Office in the UK, or your local EU supervisory authority;
  • Opt out of the "sale" or "sharing" of personal information and of certain profiling, where applicable under CCPA/CPRA, Colorado, Connecticut, Virginia, and similar laws.

To exercise any right, contact our Data Protection Officer using the details in section 11. We will respond within the period required by the applicable law (typically 30 days under GDPR / DPDP, 45 days under CCPA).

8. Children

We do not knowingly direct the Site at, or use cookies to profile, children. Under § 9 of the DPDP Act we will not process the personal data of a Data Principal under 18 without verifiable parental consent, and under GDPR we apply the higher of 16 or the digital-consent age set by the relevant Member State. Under COPPA, we do not knowingly collect personal information from children under 13. If you believe a child has provided us data, contact us and we will delete it promptly.

9. Do Not Track and Global Privacy Control

Because there is no industry consensus on the legal effect of the legacy "Do Not Track" HTTP header, we do not treat DNT alone as a binding opt-out. We do, however, honour the Global Privacy Control(GPC) signal: when our Site detects GPC, we automatically refuse all non-essential cookies and record a "gpc-auto-reject" consent decision for audit purposes.

10. Record of consent and security

When you make a choice on the cookie banner we record (a) the version of this policy you saw, (b) the categories you accepted or rejected, (c) the method of consent (accept-all, reject-all, custom, or GPC-auto), and (d) a timestamp. This record is stored locally on your device in your browser's storage and is required to demonstrate consent under Article 7(1) GDPR and § 6(4) DPDP Act. We do not transmit this record to our servers unless you contact us to exercise a right.

If we materially change the categories we use or the processors involved, we will bump the policy version and re-prompt you for consent.

11. Contact & Data Protection Officer

Controller: SilicaSecure Private Limited, New Delhi, India.

General enquiries: info@silicasecure.com

If you are in the EEA or UK and prefer to write to an EU/UK representative, contact us and we will provide current details. You always retain the right to complain directly to your local supervisory authority.

12. Changes to this policy

We may update this Cookie Policy from time to time. Material changes will be highlighted at the top of this page and, where required by law, we will re-prompt you for consent. The effective date and version number at the top of this page indicate the most recent revision.