Back to Home

Cookie Policy

Last Updated: February 19, 2026

1. Introduction

This Cookie Policy explains how Quantum Solutions (Private) Limited uses cookies and similar technologies on our website and customer portal. We only use strictly essential cookies by default. For third-party cookies (such as Google reCAPTCHA), we ask for your explicit consent before they are loaded.

2. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

3. Cookie Categories

We use two categories of cookies:

Strictly Essential Cookies (Always Active)

These cookies are necessary for the website and portal to function. They cannot be switched off because they are required for authentication, security, and session management. No consent is required for these cookies under GDPR and the ePrivacy Directive.

Third-Party / Functional Cookies (Opt-in)

These cookies are set by third-party services (currently only Google reCAPTCHA) and are only loaded after you give your explicit consent. You can withdraw your consent at any time via the Cookie Settings link in the footer.

4. Cookies We Use

4.1 Strictly Essential Cookies

These cookies are required for the service to function and are always active

  • Access Tokens (HTTP-Only): Secure cookies storing your authentication tokens. Cannot be accessed by JavaScript, protecting against XSS attacks.
  • Refresh Tokens (HTTP-Only): Used to automatically renew your session without requiring a re-login.
  • Session Cookies: Maintain your login session while you use the customer portal.
  • AWS Cognito Cookies: Set by AWS Cognito for identity and access management (OAuth 2.0 / OpenID Connect).
  • CSRF Tokens: Protect against Cross-Site Request Forgery attacks.
  • Security Verification Cookies: Verify the authenticity of requests and prevent unauthorised access.
  • Rate Limiting Cookies: Prevent abuse and protect against brute-force attacks.

4.2 Google reCAPTCHA v2 Cookies (Third-Party, Opt-in)

These cookies are only loaded if you choose to allow them

We use Google reCAPTCHA v2 on our payment portal to protect forms from spam and bot abuse. reCAPTCHA is a service provided by Google LLC and sets the following cookies:

  • _GRECAPTCHA: Used by Google reCAPTCHA for risk analysis and to distinguish humans from bots.
  • NID, SID, HSID: Google security cookies set as part of the reCAPTCHA service.

For more information about how Google uses data, please visit: Google Privacy Policy

If you decline reCAPTCHA cookies, you will not be able to complete payment form submissions that require reCAPTCHA verification.

5. AWS Cognito Identity and Access Management

We use AWS Cognito for secure user authentication and identity management. Cognito may set cookies for the following purposes:

  • Managing user authentication sessions
  • Storing authentication tokens securely
  • Implementing multi-factor authentication (if enabled)
  • Managing OAuth 2.0 and OpenID Connect flows

All authentication tokens are stored in HTTP-only cookies, which means they cannot be accessed by client-side JavaScript, providing an additional layer of security against XSS attacks.

6. HTTP-Only Cookies Explained

We use HTTP-only cookies for storing sensitive information such as authentication tokens. These cookies have the following security benefits:

  • XSS Protection: Cannot be accessed via JavaScript, preventing XSS attacks from stealing session tokens
  • Server-Side Only: Only transmitted between your browser and our server, never exposed to client-side code
  • Secure Flag: Transmitted only over HTTPS encrypted connections
  • SameSite Attribute: Helps prevent CSRF attacks by restricting how cookies are sent with cross-site requests

7. Cookie Duration

Session Cookies: Deleted when you close your browser

Authentication Cookies: Expire after your session ends or when you log out

Security Cookies: Typically expire after 24 hours or at the end of your session

reCAPTCHA Cookies: Vary in duration, typically 6 months to 2 years (set by Google)

Your Cookie Consent Preference: Stored for 1 year. You can change your preference at any time.

8. Managing Your Cookie Preferences

You have the right to accept or reject non-essential cookies at any time:

  • Use the Cookie Settings link in the footer of any page to update your preferences
  • Clear your browser cookies — this will reset your consent and the banner will reappear on your next visit
  • Use your browser settings to block or delete cookies entirely

Note: Disabling strictly essential cookies via your browser settings will prevent you from logging in to the customer portal.

9. Data Protection and Privacy

All cookies we use are designed with your privacy and security in mind:

  • We do not use analytics or marketing cookies
  • We do not store personal data in cookies
  • Authentication tokens are encrypted and stored securely in HTTP-only cookies
  • We do not sell or share cookie data with third parties
  • All data transmission is encrypted using HTTPS/TLS

For more information about how we handle your data, please see our Privacy Policy.

10. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our practices. We will notify you of any material changes by posting the new Cookie Policy on this page and updating the "Last Updated" date. When we make significant changes, your consent will be requested again.

11. Contact Us

If you have any questions about our use of cookies, please contact us:

Quantum Solutions (Private) Limited

Email: hello@quantumsolutions.dev

Phone: +94 (77) 643-4458

Address: NO 61/12, 6th Pope Paul Road, Negombo, 11500, Sri Lanka