Back to OpsvaraTM

Cookie Policy

Effective Date: May 11, 2026

Solvara Labs LLC · Austin, Texas

Questions: support@solvaralabs.com

This Cookie Policy ("Policy") explains how Solvara Labs LLC ("Solvara Labs," "we," "us," or "our") uses cookies and similar technologies when you visit our website at opsvara.com or use the Opsvara platform (collectively, the "Service"). This Policy should be read together with our Privacy Policy, which is incorporated herein by reference.

Strictly necessary cookies are required for sign-in and security. By using sign-in or authenticated areas of the Service, those cookies will be set as described below. On certain public pages that do not require authentication, we also load Google Analytics (GA4) as described in Section 2.2. If we introduce additional optional analytics, marketing, or similar cookies that require consent under applicable law, we will update this Policy and implement an appropriate consent mechanism before activating them where required.

1. What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, or tablet) by websites you visit. They are widely used to make websites function efficiently, remember your preferences, and provide information to website operators. Cookies may be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device for a set period or until you delete them).

We may also use similar technologies, including:

Web beacons (also called "pixel tags" or "clear GIFs"): small transparent images embedded in web pages or emails that help us understand email delivery and engagement.

Local storage and sessionStorage: data stored in your browser that may persist beyond a session for limited UI configuration (for example, industry vertical selection stored under keys such as opsvara_vertical_config_v18).

2. Categories of Technologies We Use

2.1 Strictly Necessary Cookies

These cookies are essential for the Service to function and cannot be disabled if you wish to remain signed in. They enable core functionality such as:

User authentication and session management — keeping you logged in as you navigate the platform.

Security features — including protections associated with our authentication provider (Auth.js / NextAuth).

Load balancing — distributing traffic across our servers to maintain performance.

Legal basis: Legitimate interest / contractual necessity. These technologies do not require marketing-style consent, but we disclose them here for transparency.

2.2 Performance and Analytics Cookies (Google Analytics on Public Pages)

On selected public pages that do not require you to be signed in to Opsvara (for example, the marketing home page, contact page, legal policies, staff sign-in and sign-up entry pages, and the customer portal sign-in and invite-acceptance entry pages), we may load Google Analytics 4 ("GA4"), a web analytics service provided by Google LLC. GA4 uses cookies and similar technologies to help us understand aggregate traffic and how those pages are used (for example, page views and general navigation patterns). We do not load GA4 on authenticated staff dashboard routes, the authenticated customer portal, print workflows, or internal super-admin tools.

GA4 is only activated when our deployment configuration includes a Google-issued Measurement ID. When active, Google may set or read cookies such as _ga, _gid, and _ga_<container-id> on your browser, subject to Google's policies. You can learn more at https://policies.google.com/privacy and https://policies.google.com/technologies/cookies.

We may continue to use server-side logs and application telemetry across the Service to operate and improve reliability and security. If we expand analytics beyond the scope described here, we will update this Policy and obtain consent where required by law (including adding interactive consent controls where appropriate for your region).

2.3 Functional Storage (Browser)

Certain preferences are stored in your browser using sessionStorage (not HTTP cookies), such as keys used for vertical configuration (for example, opsvara_vertical_config_v18 and legacy versioned keys). Clearing site data for opsvara.com will remove this storage and may reset in-app preferences.

2.4 Marketing and Targeting Cookies

As of the Effective Date above, we do not deploy marketing or advertising cookies (such as Google Ads or LinkedIn conversion tags) in the OpsVara web application codebase. If we add them, we will update this Policy and obtain consent where required by law.

3. Specific Cookies We Use

The following describes the primary HTTP cookies used by the Service. Cookie names may vary slightly by environment (for example, __Secure- prefixes in production).

Performance / Analytics — Google Analytics (public pages only):

When GA4 is enabled for our deployment, Google may set cookies such as _ga, _gid, and cookie names beginning with _ga_ associated with our Measurement ID. These cookies support aggregate usage analytics on the public URLs described in Section 2.2. They are not set on authenticated staff dashboard or authenticated portal application routes. Set by Google LLC on google.com / googletagmanager.com domains per Google's policies. See https://policies.google.com/technologies/cookies.

Strictly Necessary — Portal (customer portal):

opsvara.portal-session-token (and chunked variants such as opsvara.portal-session-token.0, opsvara.portal-session-token.1, and __Secure-opsvara.portal-session-token where the browser applies a secure prefix) — HttpOnly session cookie for the portal authentication session. Set by Opsvara (Auth.js / NextAuth). Persistent for up to twenty-four (24) hours of inactivity unless you sign out sooner.

Strictly Necessary — Staff / internal web app:

Cookies set by Auth.js / NextAuth for the internal application session (for example, names containing authjs.session-token or environment-specific secure variants). HttpOnly session cookies. Set by Opsvara. Persistent for up to seven (7) days of inactivity unless you sign out sooner.

Strictly Necessary — Authentication flows:

Additional short-lived cookies (for example, CSRF or OAuth callback cookies) may be set by Auth.js / NextAuth during sign-in and sign-out. Names and lifetimes are managed by the framework.

Third-party domains (when you use these features):

Stripe — When you use Stripe Checkout or related payment flows, Stripe may set cookies on Stripe-controlled domains. See stripe.com/legal/cookies.

Google — When you load maps, directions, places, or related features, Google may set or read cookies on Google-controlled domains in accordance with Google's policies. When GA4 is enabled as described in Section 2.2, Google may also set analytics cookies on public pages. See policies.google.com/privacy.

4. Third-Party Services and Domains

Some technologies are controlled by third parties that integrate with the Service. We do not control cookies on third-party domains. Providers relevant to the Service include:

Google LLC (Maps and related location APIs when those features load in your browser; and Google Analytics 4 on the public pages described in Section 2.2 when enabled in our deployment) — policies.google.com/privacy

Stripe, Inc. (payment processing) — stripe.com/privacy

We encourage you to review the privacy and cookie policies of these third parties. Solvara Labs is not responsible for the content or practices of third-party websites or services.

5. Managing Your Choices

5.1 Cookie Consent Banner

We do not currently display a category-based cookie consent banner on all visits to opsvara.com. Google Analytics cookies described in Section 2.2 are limited to public entry and marketing pages; authenticated application use is not tagged with GA4 in our standard configuration. If we introduce additional non-essential cookies or expand analytics in ways that require opt-in consent under applicable law in your region, we will update this Policy and provide a consent mechanism before activating them.

5.2 Browser Settings

Most web browsers allow you to view, delete, or block cookies through browser settings. Note that blocking strictly necessary cookies will prevent you from signing in or using authenticated parts of the Service. Refer to your browser's help documentation for instructions.

5.3 Opt-Out Tools

Industry opt-out tools (for example, for network advertising) apply primarily where third-party advertising cookies are used. If we deploy such cookies in the future, we will update this Policy with relevant links.

5.4 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is currently no industry standard for responding to DNT signals, we do not currently alter our data collection practices in response to DNT browser settings. We will revisit this position if a consensus standard emerges.

6. Cookies and Children

We do not knowingly use cookies to collect information from individuals under the age of 18. If you believe a child has provided personal information through our Service, please contact us at support@solvaralabs.com and we will take steps to delete such information.

7. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in the technologies we use, legal requirements, or our data practices. We will notify you of material changes by updating the Effective Date above and, where appropriate, by in-product notice or email.

8. Contact Us

If you have any questions about our use of cookies or this Policy, please contact us at:

Solvara Labs LLC

Email: support@solvaralabs.com

Website: https://opsvara.com

Last Updated: May 11, 2026 | Solvara Labs LLC | Austin, Texas | support@solvaralabs.com