Cookie Policy

This policy describes the cookies and similar storage technologies used by jazhi.com.au and the authenticated Jazhi application (collectively, “Jazhi”). It is published by Tax Tracker Pty Ltd (Tax Agent 26321143), the operator of Jazhi.

• Authentication session — set by Supabase Auth when you sign in. Required to keep you logged in. Cleared when you sign out or the session expires.
• CSRF and security cookies — short-lived tokens set by Next.js to protect form submissions from cross-site request forgery.

We do not set tracking cookies on our marketing pages. We do not run a Meta Pixel, Google Ads pixel, or LinkedIn Insight Tag.

The following sub-processors may drop cookies when you use the specific features they support. Each is named explicitly so you can verify against your AML/CTF Tranche 2 vendor checklist:

• Supabase — authentication session cookies (see §2). Hosted in AWS Sydney (ap-southeast-2).
• Stripe— payment-page cookies during checkout and customer-portal sessions. Stripe's cookie policy applies while you are on a Stripe-hosted page.
• Vercel — server-side analytics token (no browser cookie unless Web Vitals is enabled). We do not enable Vercel Analytics on the marketing pages.
• Sentry — error-reporting cookies in the authenticated app only. Used to correlate front-end errors with the originating session for debugging.

You can clear or block cookies via your browser settings. Blocking authentication cookies will prevent you from signing in to Jazhi. Blocking Stripe cookies during checkout will prevent payment processing.

We'll update this policy when our cookie usage changes. The “Last updated” date above reflects the current version. Material changes are mentioned in the public changelog.

Questions: zaki@taxtracker.com.au