VigilChain
Code-to-cloud risk visibility
Book a Demo

Cookie Policy

What cookies we use, why we use them, and your choices.

Effective Date: April 21, 2026 Version 1.0

1. Overview

This Cookie Policy explains what cookies VigilChain uses, why we use them, and how you can control your preferences. It supplements our Privacy Policy, which describes our data practices in full. Capitalized terms used but not defined here have the meanings given in our Terms of Service or Privacy Policy.

2. What are cookies

Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites function, improve performance, and sometimes to track users across sites. Cookies can be first-party (set by the site you are visiting) or third-party (set by a domain other than the one you are visiting).

3. VigilChain's approach

VigilChain takes a minimal approach to cookies. We use:

  • Strictly necessary cookies on the VigilChain Platform (app.vigilchain.com) for authentication and request-forgery protection.
  • Analytics cookies on the marketing website (www.vigilchain.com) via PostHog, so we can understand how visitors interact with our content.

We do not use advertising cookies, social media tracking pixels, or any cookies that track you across other websites.

4. Cookies we use

Cookie Type Purpose Duration
Platform (app.vigilchain.com)
vc_session Strictly Necessary Contains an encrypted JWT access token that authenticates your session. This cookie is httpOnly (not accessible to JavaScript) and secure (only sent over HTTPS). It is not used to track your browsing activity. Session (expires when you close your browser, or after the access token's configured lifetime)
vc_refresh Strictly Necessary Contains an encrypted refresh token used to renew your session without requiring re-authentication. This cookie is httpOnly, secure, and path-restricted to the /v1/auth/refresh endpoint only — it is not sent with requests to any other part of the application. 7 days (configurable by tenant administrator)
vc_csrf Strictly Necessary A cross-site request forgery protection token that prevents unauthorized actions from being performed on your behalf. This cookie works in conjunction with a matching header value to validate that requests originate from the VigilChain application. Session
Marketing website (www.vigilchain.com)
ph_*_posthog Analytics Set by PostHog, our product analytics provider. Stores an anonymous device identifier used to understand how visitors interact with our marketing website. This cookie does not contain personal information and is not used for advertising or cross-site tracking. PostHog is configured with person_profiles: 'identified_only', meaning anonymous visitors are not linked to personal profiles. 1 year

5. What we do not use

To be explicit about what is absent from VigilChain:

  • No advertising cookies. We do not serve ads, participate in ad networks, or use cookies for ad targeting or retargeting.
  • No social media tracking. We do not embed social media widgets that set third-party cookies or track your activity.
  • No cross-site tracking. Our analytics cookies are scoped to VigilChain domains and cannot be used to track you across other websites.
  • No localStorage or sessionStorage for authentication. Authentication tokens are stored exclusively in httpOnly cookies, which cannot be accessed by JavaScript — protecting against cross-site scripting attacks.

6. Analytics provider

Our marketing website uses PostHog for product analytics. PostHog helps us understand which pages visitors view, how they navigate the site, and where they encounter issues. PostHog is configured to:

  • Collect anonymous usage data only — personal profiles are created only when a visitor explicitly identifies themselves (for example, by submitting the demo request form);
  • Capture JavaScript exceptions to help us identify and fix site errors;
  • Not track visitors across other websites or participate in cross-site behavioral advertising.

PostHog is listed in our Privacy Policy as one of our subprocessors. PostHog data is hosted in the United States. For more information, see PostHog's Privacy Policy.

7. Managing cookies

Because the VigilChain Platform uses only strictly necessary cookies, disabling them will prevent the application from functioning — you will not be able to log in or maintain an authenticated session.

You can manage cookies through your browser settings:

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies

Blocking strictly necessary cookies for app.vigilchain.com will prevent you from using the Platform. The marketing website at www.vigilchain.com remains viewable without cookies, though analytics will not be recorded for your session.

8. Updates to this Policy

If we introduce new categories of cookies in the future (such as optional analytics on the Platform, or preference cookies), we will update this policy, add those cookies to the table above, and implement a cookie consent mechanism that allows you to accept or decline non-essential cookies before they are set.

Material changes will be notified consistent with the change-notice terms in our Privacy Policy.

9. Contact us

If you have questions about our use of cookies, please contact us at privacy@vigilchain.com. For our full data practices, see our Privacy Policy.

Changelog

  • v1.0 — April 21, 2026. Initial publication. Replaces the earlier version dated March 27, 2026.