Cookies Policy

This Cookies Policy explains how Sleeping Trade LLC ("we", "us", "our") uses cookies and similar technologies on the website sleepingtrade.in and on the dashboards and authenticated areas accessible from it. It supplements our Privacy Policy, which describes our broader handling of personal data, and our Terms of Service, which govern your use of the Service. Please read all three together.

"Cookies" are small text files that a website places on your device — desktop, laptop, or mobile — when you visit it. The cookie file stores a small amount of data, typically an identifier and one or more parameters, which the website can read on subsequent visits. We also use comparable technologies including pixels, single-pixel images, web-storage entries (localStorage and sessionStorage), and server-side fingerprinting; for simplicity this Policy uses "cookies" to refer to all of them.

Cookies are used by virtually every modern website. Many cookies are essential to website function — without them you cannot stay logged in across pages, your shopping cart cannot remember its contents, and security mechanisms that protect against cross-site attacks cannot operate. Other cookies are not essential but are useful for understanding how the website is used and for showing relevant content. We use cookies in both categories, with the limits and consent rules described below.

We classify cookies into four categories. The category determines whether the cookie requires consent and whether it can be disabled without breaking the website.

2.1 Essential cookies

These are required for the website to function. They support authentication, session integrity, security against cross-site request forgery and clickjacking, load-balancing across servers, language and consent state, and remembering whether the cookie banner has been dismissed. Essential cookies do not require consent because the website cannot operate without them, and you cannot meaningfully agree to use the Service while disabling them.

2.2 Functional cookies

These are not strictly essential but enhance the user experience by remembering preferences such as your selected theme (light/dark, where applicable), your language preference, your last visited page, and your dashboard layout. We may set these only after you indicate consent through the banner, or where the law of your jurisdiction permits them on a "legitimate interest" basis.

2.3 Analytics cookies

We use Google Analytics 4 ("GA4") to understand how the website is used, which pages are most popular, how long visitors stay, and which links they click. GA4 cookies are placed only after you have indicated consent through the banner; GA4 receives a truncated IP address and does not personally identify you on our site. We use this aggregated, anonymised picture of site usage to fix bugs, improve content, and measure the effectiveness of marketing.

2.4 Marketing cookies

If active marketing campaigns are running, we may set cookies from advertising platforms such as Meta Pixel and Google Ads to measure conversion (whether a visitor who clicked an ad ultimately subscribed) and to enable retargeting. These cookies are placed only with consent and only for the duration of the relevant campaign. We do not allow advertising platforms to sell or share data they collect through our pixels for purposes unrelated to our advertising, and we have configured the platforms accordingly.

The principal essential cookies set by our domain are listed below, with name, purpose, and duration. The list reflects current implementation and may evolve; we will keep this list updated to reflect material changes.

• session_id — purpose: identifies your authenticated session on the dashboard; duration: until you log out or until thirty days of inactivity, whichever is earlier; flags: HttpOnly, Secure, SameSite=Lax.
• csrf_token — purpose: protects against cross-site request forgery on form submissions; duration: rolling, typically tied to the session; flags: HttpOnly, Secure, SameSite=Strict.
• cookie_consent — purpose: stores your consent preferences for the four cookie categories; duration: twelve months; flags: Secure, SameSite=Lax.
• locale_pref — purpose: stores your language preference (English by default; Hindi/regional language touches are added on top); duration: twelve months; flags: Secure, SameSite=Lax.
• cb_dismissed — purpose: prevents the cookie banner from re-appearing for the same visitor on every page; duration: until consent is withdrawn or twelve months; flags: Secure.
• announce_dismissed — purpose: hides a dismissed announcement bar on subsequent visits; duration: thirty days; flags: Secure.

Disabling essential cookies in your browser will, in most cases, prevent the website from operating. The login screen will not be able to keep you logged in across pages, the dashboard will repeatedly redirect you, and forms protected by CSRF tokens will return errors. We do not provide a website mode that operates without these cookies, because doing so would compromise security.

Google Analytics 4 ("GA4") is the principal analytics service we use. The cookies set by GA4 typically include:

• _ga — Google's primary analytics cookie; identifies a unique device or browser; duration: two years; first-party (set on our domain); contains a randomly generated identifier.
• _ga_<property-id> — GA4 session and engagement tracking cookie specific to our analytics property; duration: two years; first-party.
• _gid (legacy / where applicable) — short-lived analytics cookie; duration: 24 hours.

What GA4 collects on our site, when consent is given: page URL and title visited, time on page, referrer, approximate geography (country and city level, not street address) derived from a truncated IP address, browser and operating-system characteristics, and the events you trigger (button clicks, scroll depth, conversions). GA4 does not capture information you type into form fields, except the page URL on which you submitted the form.

We have enabled GA4 IP anonymisation and have not enabled the Google Signals feature that would link GA4 events with Google's cross-device user graph. Data retention in GA4 is set to fourteen months for event-level data; aggregated reports may be retained longer at Google's end. To opt out of GA4 directly, install Google's official browser extension at tools.google.com/dlpage/gaoptout; this opts you out across every GA-enabled site, not only ours.

When marketing campaigns are running, we may use the following advertising-platform tools, each of which sets cookies only with your consent:

• Meta Pixel — measures conversions from Facebook and Instagram ads, and enables retargeting of visitors with relevant content. Cookies set: _fbp, fbm_, etc., typically with a duration of three months. Meta Privacy Policy.
• Google Ads conversion tracking — attributes subscriptions to specific Google Ads click sources. Cookies set: _gcl_au, _gac_, NID (third-party), with durations between three and twelve months. Google Privacy Policy.
• LinkedIn Insight Tag (if/when used) — used for B2B campaign measurement. Cookies set: li_sugr, bcookie, etc. LinkedIn Privacy Policy.

5.1 How behavioural advertising works

Behavioural advertising tracks the websites you visit and the actions you take in order to show you advertisements that are likely to be relevant. The effect can be useful (you see ads for things you actually want) or invasive (you feel followed across the web). We use a conservative configuration: pixels fire only on pages directly relevant to the advertised campaign; we do not pass personally identifiable parameters to advertising platforms; we do not share contact lists with platforms for "lookalike audience" expansion without explicit consent.

5.2 How to opt out

You can opt out of behavioural advertising at the platform level using each platform's settings, and you can opt out across multiple platforms at once through the Digital Advertising Alliance opt-out at optout.aboutads.info and the Network Advertising Initiative opt-out at thenai.org/opt-out. You can also use Global Privacy Control, an emerging signal that browsers send to indicate "do not sell or share" — we honour this signal where applicable.

In addition to cookies we set ourselves, certain third-party services that load on our pages may set their own cookies on your browser. These include:

• Razorpay — when you reach the payment page, Razorpay's checkout iframe loads and sets payment-flow cookies in the Razorpay domain. We do not control these cookies; the relationship is between you, Razorpay, and your payment instrument. Razorpay Privacy Policy.
• Supabase — for authentication and dashboard interactions, Supabase sets session cookies in our domain. These are essential and behave like our own essential cookies.
• YouTube embeds — if we embed a YouTube video on a page (in privacy-enhanced mode), YouTube may still set cookies when you click play. YouTube Privacy Policy.
• Embedded social-media widgets — if a Twitter/X or LinkedIn widget is embedded, the corresponding platform may set cookies. We avoid such embeds wherever a static link will do, precisely to limit cookie footprint.

Our responsibility is to identify these third-party cookies, to obtain consent where required, and to provide links to the third party's own cookie and privacy policy. The third parties' responsibilities are governed by their own terms; we are not in a position to control or alter their behaviour beyond declining to embed their tools on our site.

The first time you visit our website with cookies cleared, a cookie consent banner appears at the bottom of the page. The banner offers three primary actions: "Accept all", "Reject non-essential", and "Customise". Customise opens a detail panel where you can toggle each non-essential category (functional, analytics, marketing) independently.

Your choice is stored in the cookie_consent cookie for twelve months. Until you make a choice, only essential cookies are set; non-essential cookies are blocked. If you "Reject non-essential", we record the rejection and do not set any cookie in those categories until you change the setting. If you "Accept all", all categories are enabled. The "Customise" detail panel allows finer control between these extremes.

You can withdraw consent at any time by clicking the "Cookie settings" link in the website footer. Withdrawal applies prospectively: cookies already set will remain on your device until they expire or are cleared. To clear them immediately, use your browser's "clear browsing data" option scoped to the past hour or longer.

Where required by law (notably for users in the EEA, UK, or California), the legal basis for non-essential cookies is your opt-in consent; we do not use any other basis (such as "legitimate interest") to bypass the consent requirement for these categories. For Indian users, the DPDP Act 2023 framework supports a similar consent-led approach.

In addition to the cookie banner on our site, every modern browser provides controls to view, block, and clear cookies. The relevant settings, by browser:

• Google Chrome: Settings → Privacy and security → Cookies and other site data. You can block third-party cookies, block all cookies (will break most sites), or block specific sites.
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data. Firefox includes a "Strict" mode that blocks more trackers by default.
• Apple Safari: Settings → Privacy → Manage Website Data. Safari blocks cross-site tracking by default.
• Microsoft Edge: Settings → Privacy, search, and services → Cookies and site permissions. Edge has tracker-prevention modes ranging from Basic to Strict.
• Brave: Settings → Shields. Brave aggressively blocks trackers and third-party cookies by default.

8.1 Mobile browsers

Mobile browsers expose comparable settings under Privacy or Security menus. iOS Safari and Android Chrome support content blockers and cookie controls; specifics vary by OS version.

8.2 What happens when you clear cookies

Clearing cookies removes our session cookies, which logs you out. The next time you visit, the cookie banner appears again because the consent record has been removed; please reset your preferences. Clearing cookies does not remove personal data we hold on our servers; for that, see your data-subject rights under the Privacy Policy.

8.3 Do Not Track and Global Privacy Control

Older "Do Not Track" (DNT) headers are inconsistently honoured across the web; we acknowledge them but do not rely on DNT alone. The newer Global Privacy Control (GPC) signal, supported by browsers including Brave and Firefox, expresses a "do not sell or share" preference. We honour GPC by automatically declining marketing-cookie consent on its behalf, and we record this in our consent log.

If you are a resident of the European Economic Area, the United Kingdom, or another jurisdiction with comparable cookie or e-privacy law, the following rights apply over and above the controls provided by the cookie banner:

• Right to withdraw consent: at any time, with the same ease as it was given. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right of access: request information about the cookies set on our domain in respect of your visits, the purposes, and the categories of recipients (in this context, primarily ourselves and our analytics provider).
• Right to object: object to processing based on legitimate interest; we re-evaluate and either stop the processing or provide compelling legitimate grounds.
• Right to lodge a complaint: with your national data-protection authority. The lead authority for our EU presence (where applicable) is the relevant Member State DPA; for UK users, the Information Commissioner's Office (ICO).

To exercise any of these rights, write to legal@sleepingtrade.in. We will respond within thirty days (extendable by sixty days for complex requests). For day-to-day cookie management, the in-banner controls and the browser-level controls are the fastest way to act.

The Information Technology Act, 2000 ("IT Act") and the rules issued thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, apply to the collection of "personal information" by Indian websites. The Digital Personal Data Protection Act, 2023 ("DPDP Act") modernises and substantially expands this regime; cookie data that uniquely identifies an individual is "personal data" within the DPDP Act's scope.

Under the IT Act and the DPDP Act, you as an Indian Data Principal have the right to: (a) be informed about the purposes for which your personal data is processed (this Cookies Policy is one such notice); (b) provide or withhold consent for non-essential processing (the cookie banner is the consent vehicle for non-essential cookies); (c) request access to information about the processing of your personal data; (d) request correction or erasure subject to lawful retention; (e) lodge a grievance with us at legal@sleepingtrade.in; (f) escalate to the Data Protection Board of India if dissatisfied with our response.

The Grievance Officer responsible for cookie- and privacy-related complaints is the same as the one identified in our Privacy Policy and is reachable at the email above. Acknowledgement within forty-eight hours; substantive response within fifteen working days.

Cookies are categorised by duration as follows:

• Session cookies: deleted when you close the browser. Used for short-lived state such as the CSRF token and the active login session.
• Persistent cookies: remain on your device until they expire or until you clear them. Used for longer-lived state such as consent preferences and language preference.

The maximum duration of each non-essential cookie category is bounded as follows: functional cookies up to 12 months; analytics cookies up to 24 months (per Google's defaults but we apply a 14-month event retention at the GA4 property level); marketing cookies up to 12 months. We do not set non-essential cookies with durations longer than these unless we expressly notify you and obtain renewed consent.

The reason these durations are not set to be much shorter (for example, 30 days) is practical: setting durations too short forces the consent banner to re-appear constantly, which produces consent fatigue and does not actually improve privacy. We have therefore picked durations that balance recurrence with privacy; you can override these by clearing cookies more frequently.

The Service is intended for adults of legal age in India (eighteen years). We do not knowingly collect personal information from individuals under eighteen, including through cookies or comparable technologies. Our marketing pages, dashboard, and authentication flow are not designed for children, and the broker KYC framework on which our Service relies prevents minors from holding the type of trading account required to use it. The advertising creatives we run on Meta and Google are configured to exclude age brackets below eighteen, and we do not engage in behavioural advertising targeted at users whose age signals indicate minors.

If we become aware that a person under eighteen has interacted with the website in a way that resulted in cookies being set on their device, we will (a) delete the corresponding records from our analytics property, (b) reset cookies on subsequent visits to the essential-only baseline, (c) where possible, contact a parent or guardian and confirm closure of any account or interaction trail, and (d) review our advertising configuration to identify any creative or targeting setting that allowed the impression to occur and tighten it. Parents and guardians who suspect a minor in their care has interacted with our site should email legal@sleepingtrade.in with subject line "MINOR — COOKIE REMOVAL" for priority handling; we treat these requests as urgent and aim to action them within forty-eight hours.

Parental controls available on most operating systems and browsers can prevent children from interacting with adult-oriented websites in the first place. We support and recommend their use; "Family Link" on Android, "Screen Time" on iOS/macOS, and "Family Safety" on Windows are useful starting points. Where you suspect a child has been the subject of unlawful tracking by any website (not only ours), the Information Technology Act 2000, the DPDP Act 2023, and analogous laws abroad provide remedies; we will assist parents and guardians by providing copies of the consent records and cookie data we hold relating to the affected device.

We may update this Cookies Policy from time to time, for example when we add or remove a third-party tool, when the law changes, or when we refine our consent mechanism. The "Last Updated" date at the top of the page indicates the version currently in force.

Where we make a material change — for example, the addition of a new third-party tool that sets cookies in a category you have already consented to, a change to the duration of a cookie category, the introduction of a new fingerprinting or device-graph technology, or any change that increases the data collected through cookies — we will re-prompt for consent through the banner so that you can review and update your preferences. Re-prompting will be triggered automatically by versioning the cookie_consent record; the banner will appear with a notice that the policy has changed and a brief summary of what is different. Non-material changes — typographical corrections, hyperlink updates, expanded explanations, additional examples — may be made without re-prompting, since these do not alter the categories or scope of cookie processing.

An internal version history is maintained; a redline showing changes between versions is available on request to legal@sleepingtrade.in. We retain prior versions for a minimum of three years from the date they were superseded so that any user who began their relationship with us under an earlier version can compare. Where the change has implications for your rights — for example, removal of a tracking technology that previously needed consent, or the introduction of one that does — we will summarise the change in plain language at the top of this page during the transition period.

If at any point you find this Cookies Policy unclear or believe it does not reflect what we are actually doing on the website, please notify us at legal@sleepingtrade.in. We treat policy-accuracy concerns with priority because the Cookies Policy is the primary source of consent for non-essential cookies; an inaccurate policy is, in effect, a flawed consent.

For questions, complaints, or grievances about our cookie usage, or to exercise any rights described above, please use the contacts below:

• Legal and data-protection enquiries: legal@sleepingtrade.in — primary channel for cookie complaints, GDPR rights requests, DPDP rights requests, and CCPA/CPRA rights requests.
• Customer support: support@sleepingtrade.in — for general questions about cookie behaviour or cookie banner issues.
• Postal: Sleeping Trade LLC, Delaware, United States of America.

Acknowledgement of any cookie-related complaint within forty-eight business hours; substantive response within fifteen working days. If you remain dissatisfied with our response, you may escalate to the Data Protection Board of India (when operational), to your national data-protection authority (for users in the EEA, UK, or comparable jurisdictions), or to the relevant consumer-protection authority of your jurisdiction.