1. What this policy covers
Cookies and similar technologies — local storage, session storage — across two surfaces that behave very differently and must not be described as one thing:
- This website —
digilightpms.com, the marketing site you are reading now. - The Digilight PMS application — the software a hotel signs in to.
2. This website sets no cookies
The marketing website sets no cookies at all.
No analytics. No tag manager. No advertising pixels. No chat widget. No embedded video. No third-party fonts. Nothing about your visit to this site is tracked, by us or by anyone else, and there is no consent banner because there is nothing to consent to.
This is a fact about the code, not a marketing claim, and it was verified rather than assumed:
- The site has no server code at all — no API routes, no server actions, no middleware. There is nothing that could attach a cookie to a response.
- Its entire dependency list is four packages. None of them is an analytics, tracking or session library.
- The fonts are self-hosted. They are downloaded when the site is built and served from our own domain, so your browser never contacts Google for them.
- The contact page is an email link, not a form. Nothing is posted anywhere.
- The compiled site was searched for every external address it contains. The only ones present are the three social-media links in the footer — and a link is not a request. Nothing loads unless you click it.
Engineering note — this section is a constraint, not a description.
The moment anyone adds analytics, a chat widget, an embedded video, a web font from a third party, or an advertising pixel to this website, this page becomes false. Whoever adds it owns updating this document, the Privacy Policy, and building a consent mechanism, in the same change. There is an automated check in
npm run qathat will fail the build if a third-party origin appears on the site.
LAWYER REVIEW REQUIRED — consent
Reason: Confirm that no consent notice is required where no cookies are set and no personal data is collected from a visit.
Suggested options: confirm the position, and confirm what must be said here if that ever changes — the engineering note above is the commitment that governs it.
3. Cookies the application sets
When a hotelier signs in to Digilight PMS, the application sets cookies that are strictly necessary to run it. They keep you signed in. Without them, sign-in cannot work.
There are two, and this is the complete list.
| Cookie | What it is for | Type | Expires |
|---|---|---|---|
auth-token |
Keeps you signed in, and identifies which hotel your session belongs to. | First-party, strictly necessary | 7 days |
staff-token |
The equivalent for Digilight India's own support staff, who sign in to a separate system. A hotelier never receives one. | First-party, strictly necessary | 7 days |
Both are set with the following attributes:
- HttpOnly — they cannot be read by JavaScript in the page.
- Secure — they are sent only over an encrypted HTTPS connection.
- SameSite=Lax — they are not sent when another website makes a request to us.
- Path=/, and no
Domainattribute, so they are not shared with any other host.
One exception worth naming: where a member of Digilight India's support staff enters
a customer's account with permission, the auth-token issued for that session lasts
30 minutes, not 7 days. See the DPA.
What the application does not set:
- No analytics cookies. None.
- No advertising or marketing cookies. None.
- No third-party cookies of our own.
- No cross-site tracking of any kind.
4. Local storage in the application
The application stores four small values in your browser's local storage. None is an identifier, none is sent to us, and none is readable by a third party. They exist so the software remembers how you left it:
| Key | What it holds |
|---|---|
digilight-sidebar-collapsed |
Whether you collapsed the sidebar. |
digilight-sidebar-expanded-group |
Which sidebar menu you left open. |
digilight:ota-setup:dismissed:… |
Whether you dismissed the channel-setup card. |
digilight:market-intel:watchlist:… |
The competitor list you typed into the market-intelligence screen. |
The application uses no session storage, no IndexedDB, and no service worker.
5. Third parties
On this website: none. See §2.
In the application: one screen — the market-intelligence screen — draws a map. The map tiles are loaded by your browser directly from the OpenStreetMap Foundation, and the map's marker icons from Cloudflare. Those two receive your IP address when the map draws, in the ordinary way that loading any image from another website does. They set no cookies of ours and we receive nothing from them.
BUSINESS DECISION REQUIRED — delete this section instead of drafting it
Reason: The screen those two third parties serve is not linked from any menu in the product. The Cloudflare dependency is three marker images that could be self-hosted in an afternoon.
Suggested options:
- Self-host the icons and remove the screen, or the map. Then this entire section, and two rows of the sub-processor table in the Privacy Policy, disappear — along with the need to disclose anything to anyone. Recommended: the cheapest privacy improvement available to this product.
- Keep them, and disclose as drafted.
6. The payment gateway
When subscription payments are switched on, the payment gateway's own checkout will set its own cookies while you are paying. That has not happened yet — no customer can currently pay through the product — so there is nothing to disclose here today.
This section must be completed before the first payment is taken. It is listed as a blocker in the internal review notes.
7. How to control cookies
Every browser lets you see, block and delete cookies — usually under Settings → Privacy.
Because the only cookies Digilight PMS sets are the ones that keep you signed in, blocking them has exactly one consequence: you will not be able to sign in. There is nothing else to switch off, because there is nothing else there.
8. Changes to this policy
Every change is recorded in the version history at the foot of this page.
9. How to contact us
Questions about cookies: support@digilightpms.com. See also the Privacy Policy.