🍪 What Are Cookies?
Cookies are small text files placed on your device (computer, phone, or tablet) when you visit a website. They allow websites to remember information about your visit — such as your login status, preferences, and interaction history — so the platform behaves consistently across sessions.
At Kidillus, cookies are essential for our publishing and illustration platform to function correctly. They allow you to log in securely, access your dashboard, track orders, receive push notifications, and experience a personalized environment. We use cookies only for legitimate platform purposes — we do not sell, trade, or share cookie data with advertisers.
ℹ️
Our Commitment: Kidillus follows a privacy-first approach. Cookies are used strictly to operate the platform securely, deliver services, and understand how we can improve your experience. No cookie data is ever monetized or sold to third-party advertisers.
Cookies are classified by:
- Duration — Session cookies (deleted when you close your browser) vs. Persistent cookies (remain for a defined period after your session ends)
- Origin — First-party (set directly by Kidillus) vs. Third-party (set by trusted service providers we integrate with)
- Purpose — Essential, Analytics, Functional, Performance, Security, Consent, or Behavior Tracking
⚠️
Legal Basis: Under GDPR (EU) 2016/679 and the Indian Digital Personal Data Protection Act, 2023 (DPDPA), we process cookie data on one of three legal bases: Legitimate Interest (essential/security cookies), Contractual Necessity (session management for logged-in users), or Explicit Consent (analytics, behavior tracking, and personalization cookies). Non-essential cookies are only activated after you provide informed consent via our cookie banner.
📂 Types of Cookies We Use
Kidillus operates a full publishing platform with User Dashboards, Order Management, EBook Tools, and Illustration Services. Below are all categories of cookies used across our site:
🔐
Essential (Strictly Necessary)
Required for core website functions. Without these, login, checkout, wallet access, and order submission cannot work. These are set automatically and do not require consent.
⚠️ Cannot be disabled
Help us understand how visitors interact with Kidillus — pages visited, session duration, traffic sources, and aggregate behavior patterns. All data is anonymized before analysis.
✓ Optional (consent required)
⚙️
Functional / Preference
Remember your preferences such as dismissed banners, notification choices, and saved form states so every visit feels consistent and familiar.
✓ Optional (consent required)
Tracks engagement events (scroll depth, form activity, exit intent) only after you give explicit cookie consent. Used exclusively to improve UX — never for advertising targeting.
✓ Activated only after consent
🛡️
Security & Fraud Prevention
Prevent unauthorized access, CSRF attacks, bot submissions, and payment fraud. Set by Kidillus and trusted providers like Cloudflare and Razorpay. These protect your account and financial data.
⚠️ Cannot be disabled
📋 Specific Cookies & Their Purpose
Below is a complete disclosure of every cookie set by Kidillus or our integrated third-party providers. This covers cookies originating from our header, session manager, consent system, behavior tracker, payment gateways, and real-time services.
| Cookie Name |
Type |
Duration |
Purpose |
Set By |
| PHPSESSID |
Essential |
Session |
Links your browser to your server-side session. Required for dashboard login, wallet access, order tracking, chat, and all authenticated features. Automatically deleted when you close your browser. |
Kidillus (PHP) |
Auth Token
(Remember Me) |
Essential |
30 days |
Encrypted, HttpOnly, SameSite=Strict token set when you check "Remember Me" at login. Keeps you securely authenticated on trusted devices without re-entering credentials. |
Kidillus |
| kidillus_consent |
Consent |
365 days |
Stores your cookie consent decision ("accepted" or "rejected"). Acts as a gate: if set to "accepted", analytics and behavior tracking scripts are loaded; if "rejected", they are completely suppressed. Set by save_cookie_consent.php. |
Kidillus |
| kidillus_identity |
Functional |
365 days |
Stores your first name, extracted only from forms you voluntarily submit (e.g., quote request, contact form). Used to personalise your on-site experience and to prioritise lead response in our internal CRM. Never captures full names or contact details. |
Kidillus (tracker) |
| offer_closed |
Functional |
24 hours |
Remembers that you dismissed the promotional top banner so it does not re-appear during your browsing session for 24 hours. Expires automatically. |
Kidillus (header) |
Firebase FCM Token
(Service Worker) |
Functional |
Persistent |
Firebase Cloud Messaging device token, registered in the browser's service worker storage (not a traditional HTTP cookie). Used exclusively to deliver push notifications for order updates and dashboard messages — only if you grant browser notification permission. No notification permission = no token stored. |
Firebase (Google) |
| kidillus_visited |
Analytics |
Persistent |
Flags whether you are a new or returning visitor, allowing our internal analytics dashboard to differentiate visit types and track returning engagement rates accurately. |
Kidillus |
| _ga |
Analytics |
2 years |
Google Analytics 4 — distinguishes unique visitors by assigning an anonymized Client ID. Only loaded when kidillus_consent = accepted. No personally identifiable information is sent to Google. |
Google Analytics 4 |
| _ga_YJN3N7Y4D7 |
Analytics |
2 years |
GA4 property-specific session state cookie tied to the Kidillus measurement ID (G-YJN3N7Y4D7). Maintains session continuity for accurate GA4 reporting. Loaded conditionally with consent. |
Google Analytics 4 |
| __gtm_* |
Analytics |
Session |
Google Tag Manager (Container ID: GTM-MHQ78DTG) — manages and deploys tracking scripts without direct code edits. The GTM container itself only fires when consent is granted; no tags load on rejection. |
Google Tag Manager |
| __cf_bm |
Security |
30 minutes |
Cloudflare Bot Management cookie. Validates that incoming requests originate from legitimate human browsers rather than automated bots or DDoS sources. Refreshed every 30 minutes during active browsing. |
Cloudflare |
| cf_clearance |
Security |
1 year |
Cloudflare challenge clearance cookie. Set after you successfully pass a security challenge (e.g., CAPTCHA or JavaScript challenge triggered by suspicious traffic patterns). Proves verified human access to Cloudflare's edge servers. |
Cloudflare |
| razorpay_* / stripe_mid |
Security |
Up to 1 year |
Payment gateway fraud-prevention cookies. Set during checkout to verify transaction legitimacy, prevent duplicate charges, and detect anomalous payment behaviour. Required for secure payment processing. |
Razorpay / Stripe / PayPal |
| _GRECAPTCHA |
Security |
6 months |
Google reCAPTCHA v3 risk-score token. Runs silently on contact and quote forms to calculate a spam/bot risk score without showing a visual challenge to legitimate users. Prevents automated form abuse on Kidillus. |
Google reCAPTCHA |
pusher_*
(WebSocket session) |
Functional |
Session |
Pusher Channels (v8.2.0) session identifiers used to maintain persistent WebSocket connections for real-time inbox notifications and dashboard alerts. Not a traditional HTTP cookie — stored in session memory and cleared on tab close. |
Pusher |
p:domain_verify
(HTML meta tag — not a cookie) |
Functional |
N/A |
Note: This is a Pinterest domain-verification meta tag (31da334d13495c00fbf1255407cef113) embedded in the page <head>, not a browser cookie. It verifies Kidillus ownership with Pinterest Business Tools but does not track visitors or store any data on your device. |
Pinterest (meta tag) |
⚠️
Conditional Loading: Cookies from Google Analytics and Google Tag Manager (_ga, _ga_YJN3N7Y4D7, __gtm_*) are only activated when kidillus_consent = accepted. If you select "Reject" or close the banner without accepting, these scripts are never injected into the page. You can verify this in your browser's DevTools → Application → Cookies.
ℹ️
Legacy Note: Older Universal Analytics cookies (__utmz, __utma) may appear in your browser if you previously visited Kidillus before our migration to GA4. These are no longer set by our platform as of 2024 and will expire naturally. If you see them, you can safely clear them via your browser cookie settings.
📡 Behavior Tracking Disclosure
After you explicitly accept cookies, Kidillus activates a first-party behavior analytics system (tracker.php) that records how users interact with the platform. This system is entirely internal — data is stored on Kidillus servers only and is never forwarded to advertising networks, data brokers, or any third party.
🔒
Disabled by Default: The tracker is completely inactive if you select "Reject All" or dismiss the consent banner without accepting. Additionally, the system automatically excludes: known bot and crawler user-agents, our own admin IP addresses, and traffic originating from CN and RU IP ranges (excluded as a security precaution against scraping). No data is collected from these sources regardless of consent status.
The following interaction events are recorded only after consent is given:
📡 Tracked Interaction Events (Consent-Gated)
📜 Scroll depth (75% page threshold)
⏱️ Time on page (1-min & 3-min milestones)
📋 Copy-paste actions (short text snippets only)
💰 "Hire" / primary CTA button clicks
🚪 Exit intent (cursor leaving viewport)
😡 Rage clicks (3+ rapid clicks on same element)
✍️ Form field interaction (typing started)
🔄 Device orientation change (mobile)
🌍 Geographic region (IP-based, anonymized)
🔗 Traffic source & UTM campaign parameters
All tracking data is transmitted over HTTPS to a private, secured internal endpoint. It is never shared with third parties, advertisers, or data brokers under any circumstance.
✅
IP Anonymization: Your IP address is used for geo-region lookup only. Before storage, the last octet is replaced with .0 (e.g., 103.21.45.x → 103.21.45.0) in compliance with GDPR Article 25 (Data Protection by Design). The full IP is never logged. The kidillus_identity cookie stores only your first name, derived exclusively from forms you voluntarily submit.
🤝 Third-Party Cookies & Services
Kidillus integrates several trusted third-party providers that may set their own cookies or use equivalent storage technologies. Each provider is independently GDPR-compliant and governed by its own privacy framework. We have listed all active integrations below:
📊
Google Analytics 4
Anonymous visitor statistics and funnel analysis. Measurement ID: G-YJN3N7Y4D7. Loaded on consent only.
Privacy Policy →
🏷️
Google Tag Manager
Script deployment container. Container ID: GTM-MHQ78DTG. No tags fire until consent is accepted.
Privacy Policy →
🔔
Firebase (FCM)
Push notification delivery for order updates and inbox alerts. Requires explicit browser notification permission.
Privacy Policy →
🛡️
Cloudflare
DDoS protection, global CDN performance, and bot mitigation. Always active for platform stability.
Privacy Policy →
💳
Razorpay / Stripe
PCI-DSS compliant payment processing. Fraud-prevention cookies set only during active checkout flows.
Privacy Policy →
📌
Pinterest
Domain verification via HTML meta tag only. No Pinterest tracking pixels or cookies are active on Kidillus.
Privacy Policy →
🤖
Google reCAPTCHA v3
Invisible spam protection on contact, quote, and order forms. Assigns a risk score without user-visible challenges.
Privacy Policy →
⚡
Pusher Channels
Real-time WebSocket connections for live dashboard notifications and inbox alerts. SDK version 8.2.0.
Privacy Policy →
ℹ️
No Advertising Networks: Kidillus does not integrate Facebook Pixel, TikTok Pixel, Google Ads remarketing tags, or any advertising retargeting technology. No cookie data is used for cross-site tracking or ad targeting.
⚖️ Your Rights & Choices
You have full control over how cookies are used on Kidillus. Under the GDPR (EU) 2016/679 and the Indian Digital Personal Data Protection Act, 2023 (DPDPA), you are entitled to the following rights regarding your cookie and personal data:
👁️
Right to Access
Request a copy of all data we hold about you, including your consent record and any identity data stored in cookies.
✏️
Right to Rectification
Ask us to correct inaccurate personal data linked to your account or cookie identity profile.
🗑️
Right to Erasure
Request deletion of your personal data ("right to be forgotten"). We will erase data within 30 days, except where legal retention is required.
⛔
Right to Restrict Processing
Ask us to pause processing of your data while a dispute is being resolved or a deletion request is being verified.
📦
Right to Data Portability
Receive your personal data in a structured, machine-readable format (JSON/CSV) for transfer to another service.
🚫
Right to Object
Object to processing of your data for analytics or behavior tracking at any time by withdrawing consent via the sidebar button.
↩️
Right to Withdraw Consent
Revoke your cookie consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
📣
Right to Lodge a Complaint
File a complaint with your national Data Protection Authority if you believe your rights have been violated.
🎛️ Cookie Consent Preferences (Interactive Preview)
Essential Cookies
Login, session, security, payment — required for the platform to function
Analytics Cookies
Google Analytics 4, internal visit tracking (kidillus_visited)
Behavior Tracking
Scroll depth, time on page, exit intent, rage clicks, form activity
Functional / Personalization
Promotional banner state, identity cookie, UTM campaign memory
* This is a visual preview only. To update your actual consent, use the "Manage My Consent" button in the sidebar. Changes take effect on the next page load.
📝
To exercise any of the rights listed above, email our Privacy Team at [email protected] with the subject line "Data Rights Request". We will acknowledge your request within 72 hours and respond fully within 30 calendar days.
🗓️ Data Retention Periods
Different cookies and their associated data are retained for different periods. Below is an exact breakdown of how long each type persists and why:
Session
Session Cookies (PHPSESSID, Pusher WebSocket)
Deleted immediately when you close your browser tab or window. No data persists to disk after the session ends.
30 min
Cloudflare Bot Management (__cf_bm)
Short-lived security validation token. Automatically refreshed every 30 minutes during active browsing to maintain DDoS protection.
24 hours
Promotional Banner State (offer_closed)
Records that you dismissed the offer banner. Expires after 24 hours so the banner may reappear on your next visit the following day.
30 days
Remember Me (Auth Token)
Keeps you logged into your Kidillus account on trusted devices. Stored as an encrypted, HttpOnly, SameSite=Strict cookie. Invalidated immediately on logout.
6 months
Google reCAPTCHA (_GRECAPTCHA)
Risk-score token cached to avoid repeated CAPTCHA evaluations on the same device. Expires after 6 months of inactivity.
1 year
Consent Record (kidillus_consent), Identity Cookie (kidillus_identity), Cloudflare Clearance, Payment Security
Your consent choice is persisted for 365 days as an audit record. Identity and payment fraud-prevention cookies also have a maximum 1-year lifespan.
2 years
Google Analytics (_ga, _ga_YJN3N7Y4D7)
GA4 cookies have a maximum 2-year lifespan as mandated by Google's analytics terms. These cookies are only set after you give consent.
Legal Hold
Consent Audit Logs (Server-Side Database)
Your consent decision (timestamp, anonymized IP, choice) is stored server-side for legal compliance under GDPR Article 7(1) — which requires controllers to demonstrate that consent was obtained. This record is retained for the minimum period required by applicable law. You may request deletion at any time; we will erase it unless an overriding legal obligation applies. We will confirm the outcome in writing.
🎛️ How to Manage or Delete Cookies
You have two levels of control over cookies — directly through Kidillus, or via your browser's native settings:
1
Use the Kidillus Consent Manager
Click the "Manage My Consent" button in the sidebar at any time to reopen our cookie settings panel. Your preference change takes effect immediately on the next page load — no account required.
2
Clear Cookies from Your Browser
Delete all Kidillus cookies directly via your browser's built-in settings. Select your browser below for step-by-step instructions:
3
Opt Out of Google Analytics
Install the official Google Analytics Opt-Out Browser Add-on to prevent GA4 from collecting data on your visits across all websites that use Google Analytics — not just Kidillus.
4
Disable Push Notifications
To stop Firebase push notifications, go to your browser's Settings → Privacy & Security → Notifications and revoke permission for kidillus.com. The FCM token will no longer be registered.
⚠️
Important: Disabling or deleting essential cookies (PHPSESSID, Auth Token) will prevent you from logging in, accessing your dashboard, submitting orders, or using your wallet. Essential cookies are technically required for the platform to function and cannot be deactivated while using Kidillus services.
🚫 Do Not Track (DNT) Signal
Some browsers allow you to send a Do Not Track (DNT) signal to websites you visit, indicating that you prefer not to be tracked across sites. Currently, there is no universally accepted standard for how websites must respond to DNT signals.
Kidillus does not alter its cookie behaviour based on browser DNT signals at this time. Instead, we provide the explicit consent mechanism described above, which gives you direct, granular control over which categories of cookies are active on your device — which we consider a more transparent and effective approach than relying on the DNT header alone.
ℹ️
If you wish to opt out of all non-essential tracking on Kidillus, the most effective method is to select "Reject All" in our cookie consent banner, or use the Consent Manager in the sidebar to disable Analytics and Behavior Tracking categories.
🔄 Policy Updates
Kidillus may revise this Cookie Policy to reflect changes in technology, third-party service integrations, legal requirements under GDPR or DPDPA, or platform feature additions. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify logged-in users via the dashboard notification system
- Re-display the cookie consent banner if the changes affect the scope of consent previously given
- Archive the previous version and make it available upon request
We encourage you to review this policy periodically. Your continued use of Kidillus after a policy update constitutes acknowledgement of the revised terms. If you disagree with any changes, you may reject non-essential cookies or discontinue use of the platform.
