Cookies are small text files that are stored in your internet browser or by your internet browser on your computer system. They help websites remember information about your visit, making your online experience easier and more personalized.
We rely on the following lawful bases for processing personal data through cookies: Consent: For all non-essential cookies (e.g. analytics, marketing, personalization). Legitimate Interest: For strictly necessary cookies essential to the functionality and security of our services.
Users are presented with a cookie banner at first visit, allowing them to:
You can withdraw or modify your cookie consent at any time by clicking the “Cookie Settings” link in the footer of our website or in your browser settings. The details are also noted below.
On your first visit, our cookie banner will appear and allow you to:
If you choose Customize, select which categories (excluding Necessary cookies) you're comfortable enabling. These categories are clearly defined in the Cookie Types section.
You may withdraw or modify your consent at any time by:
| Cookie Type | Service / Provider | Purpose | Examples of Data Collected | Retention Period | Legal Basis (EU/UK/CH) |
|---|---|---|---|---|---|
| Strictly Necessary Cookies | Website Core (e.g., session ID, load balancer) | Enables core website functionality (navigation, authentication, fraud prevention, cart, etc.) | Session ID, authentication token, shopping cart contents | Session duration only | Art. 6(1)(b) GDPR — Performance of a Contract or Art. 6(1)(f) GDPR — Legitimate Interests |
| Functional Cookies | Language preference, geolocation cookie | Remembers language, region, or other user preferences | Language, region, user preference settings | Up to 12 months | Art. 6(1)(a) GDPR — Consent |
| Analytics/Performance Cookies | Google Analytics, Hotjar | Collects usage data to improve site performance and usability | IP address (truncated), device ID, browser type, pages visited, session time | 6 to 24 months | Art. 6(1)(a) GDPR — Consent |
| Advertising/Marketing Cookies | Google Ads, Meta Pixel, LinkedIn Ads | Tracks browsing to deliver personalised ads and measure campaign effectiveness | Device ID, IP address, browser ID, pages visited, ad interactions | Up to 24 months | Art. 6(1)(a) GDPR — Consent |
| Social Media Cookies | Facebook Like Button, Twitter Share Button | Allows sharing via social networks and enables social platform tracking | Social media account ID, pages visited, browser/device info | Controlled by provider | Art. 6(1)(a) GDPR — Consent |
| Preference Management Cookies | Consent Management Tools (e.g., OneTrust) | Stores cookie consent preferences and ensures legal compliance | Consent status, timestamp, consent ID | Up to 12 months | Art. 6(1)(f) GDPR — Legitimate Interest |
These cookies are required to operate our Services. For example, they allow us to authenticate users or enable specific features within the Services, including for security purposes. These cookies cannot be disabled as they are essential for our website to function properly.
| Cookie Name | Source (Provider) | Expiry Date / Data retention time period | Purpose/Description |
|---|---|---|---|
| __Host-authjs.csrf-token | Merlin | Session | Security token to prevent CSRF attacks during user sessions. |
| NEXT_LOCALE | Merlin | ~1 year | Stores the user's preferred language for localization. |
| __Secure-authjs.callback-url | Merlin | Session | Ensures a secure callback URL after successful login. |
| __Secure-authjs.session-token | Merlin | ~1 month | Secure session management token to keep the user logged in. |
| AEC | ~6 months | Ensures requests are user-initiated; used by reCAPTCHA. | |
| SEARCH_SAMESITE | ~6 months | Security cookie to prevent CSRF across same-site requests. |
The following cookies are optional, but if you want to chat with live-support then these need to be enabled.
| Cookie Name | Source (Provider) | Expiry | Purpose/Description |
|---|---|---|---|
| tawk_uuid_* | Tawk.to | ~ 6 months | Unique visitor tracking via UUID. |
| twk_idm_key | Tawk.to | Session | Manages visitor's connection requests. |
| twk_token_* | Tawk.to | Session | Authentication and secure connection management. |
| twk_uuid_propertyId | Tawk.to | ~ 6 months | Tracks visits across pages for a property. |
| TawkConnectionTime | Tawk.to | Session | Synchronizes connection across browser tabs. |
These cookies help us understand how visitors interact with our website, allowing us to analyze usage patterns and improve our services and user experience.
| Cookie Name | Source (Provider) | Expiry | Purpose/Description |
|---|---|---|---|
_clck | Microsoft Clarity (via GTM) | ~1 year | Persists Clarity user ID across sessions for analytics. |
_clsk | Microsoft Clarity (via GTM) | 1 day | Connects multiple page views by a user into a single session recording. |
_ga, _ga_* | Google Analytics | 2 years | Used to distinguish users. Multiple variations per property. |
CLID | Microsoft Clarity | ~1 year | Identifies the first time Clarity saw this user on any site using Clarity. |
These cookies help us support and measure the performance of our marketing campaigns, deliver targeted advertising, and enhance the Services' visibility across various platforms.
| Cookie Name | Source (Provider) | Expiry | Purpose/Description |
|---|---|---|---|
_fbp | Meta/Facebook (via GTM) | 3 months | Stores a unique ID for retargeting ads via Facebook. |
_gcl_au | Google Ads (via GTM) | 3 months | Tracks ad conversion data across websites. |
_rdt_uuid | Reddit Ads (via GTM) | ~90 days | Tracks conversion and campaign effectiveness on Reddit. |
__Secure-1PAPISID | ~2 years | Used for ad targeting and Google sign-in flows. | |
__Secure-1PSID | ~2 years | For user verification, Google Sign-In, and reCAPTCHA. | |
__Secure-1PSIDCC | ~2 years | Enhances session integrity and fraud prevention. | |
__Secure-1PSIDTS | ~2 years | Stores session-related data for authentication. | |
__Secure-3PAPISID | ~2 years | Enables personalized advertising across Google services. | |
__Secure-3PSID | ~2 years | Builds ad interest profiles based on user interactions. | |
__Secure-3PSIDCC | ~2 years | Protects session data and enables secure tracking. | |
__Secure-3PSIDTS | ~2 years | Supports personalized ads and session protection. | |
APISID | ~2 years | Stores preferences for YouTube, Maps, and Google services. | |
DV | 24 hours | Analytics + security for Google services and reCAPTCHA. | |
HSID | ~2 years | Ensures security of authenticated Google users. | |
NID | ~6 months | Stores ad preferences and Google UI customizations. | |
SAPISID | ~2 years | Used for Google Sign-In and personalization across Google services. | |
SID | ~2 years | Authenticates Google users via encrypted ID. | |
SIDCC | ~1 year | Protects user session integrity and data. | |
SNID | ~6 months | Used for securely identifying repeat Google users. | |
SSID | ~2 years | Stores Google service preferences. | |
S | Session | Handles session state for secure Google logins. | |
IDE | Google DoubleClick | 1 year | Delivers targeted ads across the web based on browsing behavior. |
DSID | Google DoubleClick | ~1 year | Links user activity across devices for targeted advertising. |
ANONCHK | Microsoft Clarity | ~1 year | Determines if a MUID is passed to ANID, used for advertising. |
SM | Microsoft Clarity | Session | Synchronizes the MUID across Microsoft domains. |
test_cookie | Google DoubleClick | ~15 mins | Tests if the browser supports cookies. |
We use various Google services that may set cookies on your device:
Google Analytics: We use Google Analytics to understand how visitors interact with our website. This helps us improve our services and user experience. Google Analytics cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited.
Google Ads and Remarketing: We use Google Ads cookies to measure the effectiveness of our advertising campaigns and to show you relevant ads based on your previous visits to our website. These cookies enable us to present you with more relevant advertising on Google services and across the web.
Google Tag Manager: We use Google Tag Manager to manage website tags without editing code. While Google Tag Manager itself doesn't set cookies, it may deploy other tags that do set cookies.
The Facebook pixel cookie (_fbp) helps us measure, optimize, and build audiences for our advertising campaigns. It allows us to:
Microsoft Clarity cookies help us understand how users interact with our website by collecting information about mouse movements, clicks, and scrolling behavior. This data is used to:
The Reddit advertising cookie (_rdt_uuid) enables us to:
Your web browser may also allow you to manage your cookie preferences, including to delete and disable cookies. You can take a look at the help section of your web browser or follow the links below to understand your options:
Functionality Impact: Please note that changes you make to your cookie settings may affect the availability or functionality of the Services. Cookies listed as "Necessary" are required for the Services to function and cannot be disabled.
Device and Browser Specific: Cookie settings are device- and browser-specific, so you will need to set cookie preferences for each device's browser.
Opt-Out Options: For many of the advertising cookies, you can also opt out through industry opt-out platforms such as:
Cookies have varying lifespans:
We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Cookie Policy on this page with an updated revision date.
If you have any questions about this Cookie Policy or our use of cookies, please contact us at support@getmerlin.in
For questions about our cookie practices: Data Protection Officer: dpo@foyer.work Customer Support: support@foyer.work DPO Phone: Sirsendu Sarkar (+91-8953348922) Our DPO: Sirsendu Sarkar (+91-8953348922)
EU GDPR Representative: Rickert Rechtsanwaltsgesellschaft m.b.H. Colmantstraße 15, 53115 Bonn, Germany Email: info@rickert.law Phone: +49 (0)228 74 898 0
UK GDPR Representative: Rickert Services Ltd UK PO Box 1487, Peterborough, PE1 9XX United Kingdom Email: art-27-rep-foyertech@rickert-services.uk
Mailing Address for DPO: House 721, 6th B Cross Road, Block-3, Koramangala, Bangalore, India 560034
Registered Address and Mailing Address: Foyer Tech Inc 16192 Coastal Highway, Lewes, DE 19958 United States Email: support@foyer.work
You have the right to request the withdrawal of your data through erasure of your personal data held by us. This means we will delete all personal data pertaining to you from our systems, subject to any legal obligations for data retention.
To initiate a request for data erasure:
We will respond to your request within 30 days and complete the erasure within the timeframes required by applicable law.
You also have the right to object to the processing of your personal data where we rely on legitimate interests or use your data for direct marketing purposes. To exercise this right, contact us at dpo@foyer.work and support@foyer.work
Last Updated: 27-June-2025