Is my health data secure with VaxCPass?

Your health data is protected with military-grade AES-256 encryption and zero-knowledge architecture. We are SOC 2 Type II audited, GDPR-compliant, and HIPAA-aligned.

Which countries are supported by VaxCPass?

VaxCPass supports 180+ countries with real-time health requirement data and AI-powered live updates for all supported destinations.

Does VaxCPass work offline?

Yes. Once your records are uploaded and verified, they are stored securely on your device. Your QR codes and health passport work without any internet connection.

VaxCPass | Digital Health Passport for Travelers

1. What Are Cookies

1.1 Definition

Cookies are small text files that are placed on your device (computer, smartphone, tablet, or other internet-enabled device) when you visit a website or use a mobile application. These files are widely used to make websites and applications work more efficiently, to provide a better browsing experience, and to supply information to the owners of the site or app.

1.2 How Cookies Work

When you access the VaxCPass website (https://vaxcpass.com) or use our mobile application, our servers send a cookie to your browser or app. Your browser or app then stores this cookie on your device. Each time you return to our website or open our app, your browser or app sends the cookie back to our servers, allowing us to recognize your device and remember information about your preferences or prior interactions.

Cookies can be first-party cookies (set by us directly) or third-party cookies (set by our trusted partners and service providers). Cookies can also be persistent (remaining on your device until they expire or are manually deleted) or session cookies (deleted automatically when you close your browser).

1.3 Types of Cookies Overview

There are four broad categories of cookies, each serving a distinct purpose:

Strictly Necessary Cookies: These cookies are essential for the operation of our website and mobile application. They enable core functionality such as security, network management, and accessibility. You cannot opt out of these cookies as the services cannot function properly without them.
Performance & Analytics Cookies: These cookies collect information about how visitors use our website and application, such as which pages are visited most often, how users navigate between pages, and whether error messages are encountered. All data collected by these cookies is aggregated and anonymized.
Functionality Cookies: These cookies allow the website or app to remember choices you make (such as your preferred language or region) and provide enhanced, personalized features.
Targeting / Marketing Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also help limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.

2. How We Use Cookies

Atlas Software Corporation ("we," "us," or "our") uses cookies and similar tracking technologies on the VaxCPass digital health passport platform for the following purposes:

To ensure the security and integrity of our platform: We use cookies to verify your session, protect against cross-site request forgery (CSRF), and maintain the authentication state of logged-in users.
To understand how our website and application are used: Through analytics cookies, we gain insights into user behavior, traffic patterns, and interaction trends. This helps us improve our services and optimize the user experience.
To remember your preferences and settings: Functionality cookies allow us to store your language preferences, display settings, and consent choices so that you do not have to reconfigure them each time you visit.
To deliver relevant content and measure campaign effectiveness: Marketing and targeting cookies help us present content that may be of interest to you and allow us to understand how our marketing efforts perform across different channels.
To comply with legal obligations: We use a consent cookie to record whether you have accepted or rejected non-essential cookies, ensuring that we honor your preferences in compliance with applicable privacy laws.

3. Types of Cookies We Use

3.1 Strictly Necessary Cookies

These cookies are indispensable for the VaxCPass website and mobile application to function correctly. They do not collect personally identifiable information beyond what is strictly required for the service to operate. You cannot opt out of these cookies because the platform cannot provide its core services without them.

Strictly necessary cookies we use include:

Session Cookies: These cookies are set by the Next.js framework and identify your session as you navigate the website. They ensure that pages load correctly and that your interactions (such as form submissions) are attributed to the correct session.
CSRF Protection Cookies: A Cross-Site Request Forgery (CSRF) token cookie is used to prevent unauthorized commands from being transmitted from a user that the website trusts. This cookie is essential for the security of your account and data.
Authentication Cookies: When you log in to VaxCPass, authentication cookies are used to maintain your logged-in state. These cookies verify your identity on each request so that you do not need to re-authenticate on every page.
Consent Preference Cookies: We store your cookie consent choice (accept or reject) in a cookie named vaxcpass_consent so that we can respect your decision on subsequent visits.

3.2 Performance & Analytics Cookies

These cookies collect aggregated, anonymized data about how visitors interact with our website and application. This information helps us understand which areas of the platform are popular, how users navigate through the site, and where we can make improvements. No personally identifiable information is collected at the individual user level through these cookies unless you have separately consented to such collection.

Next.js Internal Cookies: The Next.js framework may set internal cookies (prefixed with __next_) that assist with routing, performance optimization, and page rendering. These cookies help ensure the website loads quickly and reliably.
Plerdy Analytics: We use Plerdy, a third-party analytics and heatmap service, to understand user interactions on our marketing and landing pages. Plerdy sets cookies that record session information, user identifiers, and interaction patterns such as mouse movements, clicks, and scroll behavior. This data helps us improve the design and usability of our platform.
Google Analytics: We use Google Analytics to track and report website traffic. Google Analytics sets cookies that help us estimate the number of visitors, the pages they visit, and the time they spend on each page. For more information on how Google Analytics uses cookies, please visit Google's Cookie Policy.

3.3 Functionality Cookies

These cookies enable the website and application to provide enhanced features and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

Language Preferences: We store your preferred language setting in a cookie so that the VaxCPass website and app display content in your selected language each time you return.
Display & Accessibility Preferences: These cookies remember your preferences for font size, color contrast, and other accessibility settings to ensure a consistent experience across sessions.
Regional Settings: If applicable, cookies may store your country or region so that we can present content relevant to your location, including appropriate legal notices and health-related information.

3.4 Targeting / Marketing Cookies

Targeting cookies are used to deliver advertisements that are tailored to your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies track your browsing activity across different websites and may build a profile of your interests over time.

Plerdy Heatmap & Click Tracking: Plerdy provides heatmap and click-tracking analytics that record how users interact with page elements. While primarily used for analytics and optimization purposes, the data collected (such as which buttons or links are clicked most frequently) can also inform our marketing and content strategies.
Future Advertising Cookies: As we expand our marketing efforts, we may introduce additional third-party advertising cookies from platforms such as Facebook (Meta Pixel), Google Ads, or other ad networks. Before deploying any such cookies, we will update this Cookie Policy and obtain your consent where required by applicable law.
Social Media Pixels: We may embed social media platform pixels (e.g., Facebook Pixel, LinkedIn Insight Tag) on our marketing pages to measure the effectiveness of our social media campaigns and to retarget visitors who have shown interest in VaxCPass.

The table below provides a detailed list of all cookies currently used on the VaxCPass website and mobile application. This table will be updated whenever we add, modify, or remove cookies from our platform.

Cookie Name	Category	Purpose	Duration	Type
__next_*	Strictly Necessary	Maintains session state, supports Next.js framework routing, page rendering, and performance optimization.	1 session	First-party
vaxcpass_consent	Strictly Necessary	Records your cookie consent preference (accept or reject) so that we can honor your choice on subsequent visits.	1 year	First-party
_ga	Analytics	Used by Google Analytics to distinguish unique visitors. Generates a unique, random identifier to calculate visitor, session, and campaign data.	2 years	Third-party
_ga_*	Analytics	Maintains session state for Google Analytics 4. Used to distinguish individual users and their sessions within a given property.	2 years	Third-party
_gid	Analytics	Used by Google Analytics to distinguish users within a 24-hour period for more granular, short-term analytics.	24 hours	Third-party
_gat	Analytics	Used by Google Analytics to throttle the request rate — limits the collection of data on high-traffic sites to prevent performance degradation.	1 minute	Third-party
_plerdy_session	Analytics	Set by Plerdy analytics to track your session on the website, recording page views, interaction events, and navigation paths for heatmap and behavioral analysis.	1 year	Third-party
_plerdy_uid	Analytics	Assigns a unique user identifier used by Plerdy to recognize returning visitors and build anonymized behavioral profiles across sessions.	2 years	Third-party

Note:Additional cookies may be set by third-party services (e.g., social media embeds, payment processors) if you interact with those features. Such cookies are governed by the respective third-party's privacy and cookie policies.

5. Third-Party Cookies

In addition to our own first-party cookies, the VaxCPass platform uses cookies set by third-party service providers. These third parties are independent entities with their own privacy and cookie policies. We encourage you to review their policies to understand how they collect and use data.

5.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to analyze how visitors use our website. The information generated by the cookie about your use of the website (including your IP address) is transmitted to and stored by Google on servers in the United States. We have enabled IP anonymization, so Google will truncate your IP address within the European Economic Area or other regions as required by applicable law.

Opt-out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
Learn more: Google Privacy Policy.

5.2 Plerdy

We use Plerdy to collect heatmap data, click tracking analytics, and user interaction recordings on our marketing and landing pages. Plerdy cookies help us understand how visitors engage with our content, including which areas of a page attract the most attention, where users click, and how far they scroll. This data is used exclusively for website optimization and user experience improvement.

Website: https://plerdy.com
Privacy Policy: Plerdy Privacy Policy
Opt-out: You may opt out of Plerdy tracking by using our cookie consent tool (accept only strictly necessary cookies) or by contacting us directly at vaxcpass@gmail.com.

5.3 Social Media Pixels and Plugins

We may embed social media pixels or plugins from platforms such as Facebook (Meta), LinkedIn, Twitter (X), or Instagram on our marketing pages. These third-party technologies may set cookies on your device when you visit our website or interact with social media features embedded in our pages.

These cookies are used by the respective social media platforms to personalize content and advertisements, provide social media features, and analyze traffic. We do not control the cookies set by these platforms, and their use is subject to their own privacy and cookie policies.

Meta (Facebook) Pixel: Facebook Data Policy
LinkedIn Insight Tag: LinkedIn Privacy Policy
X (Twitter) Pixel: X Privacy Policy

6. Managing Your Cookie Preferences

You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences at any time through the methods described below.

6.1 Cookie Consent Banner

When you first visit the VaxCPass website, a cookie consent banner will appear, allowing you to accept or reject non-essential cookies. You may also customize your preferences by selecting only specific categories of cookies. Your choice will be saved in the vaxcpass_consent cookie so that we remember your preference on future visits.

You can change your consent preferences at any time by clearing the vaxcpass_consent cookie (which will trigger the consent banner to reappear) or by using the cookie settings link, typically found in the footer of our website.

6.2 Browser Settings

Most web browsers allow you to control cookies through their settings. Below is a summary of how to manage cookies in the most common desktop browsers:

Google Chrome: Go to Settings > Privacy and security > Cookies and other site data. Here you can block third-party cookies, clear cookies on exit, or manage exceptions for specific sites.
Mozilla Firefox: Go to Settings > Privacy & Security > Cookies and Site Data. You can choose to block cookies from unvisited websites, block third-party cookies, or set custom exceptions.
Apple Safari: Go to Safari > Preferences > Privacy. You can block all cookies, prevent cross-site tracking, or manage stored website data.
Microsoft Edge: Go to Settings > Cookies and site permissions > Manage and delete cookies and site data. You can block or allow cookies, and manage site-specific permissions.

For detailed, up-to-date instructions, please consult the help documentation for your specific browser version. Please note that if you disable cookies in your browser, some features of the VaxCPass website may not function as intended.

6.3 Opt-Out Links for Third-Party Services

In addition to browser-level controls, you can opt out of cookies set by specific third-party services through the following mechanisms:

Google Analytics: Install the Google Analytics Opt-out Browser Add-on or adjust your ad personalization settings at Google Ads Settings.
Plerdy: Contact us at vaxcpass@gmail.com to opt out of Plerdy tracking, or use our cookie consent banner to reject analytics cookies.
Network Advertising Initiative (NAI): Visit optout.networkadvertising.org to opt out of interest-based advertising from NAI member companies.
Digital Advertising Alliance (DAA): Visit optout.aboutads.info to opt out of personalized advertisements.
European Digital Advertising Alliance (EDAA): Visit youronlinechoices.eu to manage your ad preferences within the European Economic Area.

6.4 Mobile App Cookie Equivalents

The VaxCPass mobile application does not use traditional browser cookies. However, it may use equivalent technologies such as:

Local Storage: Similar to cookies, local storage saves small amounts of data (such as preferences and settings) on your device. This data persists across app sessions.
Session Storage: Functions like local storage but is cleared when you close the app, similar to session cookies.
Keychain / Secure Storage: On iOS and Android, sensitive data such as authentication tokens are stored in the device's secure keychain, which is the mobile equivalent of secure authentication cookies.

You can manage these storage types through your device settings. For example, on iOS go to Settings > VaxCPass, and on Android go to Settings > Apps > VaxCPass > Storage. Clearing the app's data or cache will remove all locally stored information.

7. Cookies and Mobile Apps

The VaxCPass mobile application relies on technologies that serve the same purposes as cookies on the web. Understanding these equivalents is important for managing your privacy on mobile devices.

7.1 Local Storage and Device Identifiers

Our mobile app uses local storage to remember your preferences, login session, and consent choices. On mobile devices, we may also collect device identifiers (such as the advertising identifier provided by iOS or Google Play) for analytics and attribution purposes. These identifiers are pseudonymous and do not directly reveal your identity.

7.2 Mobile Analytics

We may use mobile analytics SDKs (such as Google Analytics for Firebase or similar services) embedded in the VaxCPass app to collect usage data, crash reports, and performance metrics. These SDKs use persistent identifiers stored on your device and may transmit data to third-party analytics providers.

7.3 Managing Mobile Tracking

Both iOS and Android provide built-in tools to limit ad tracking and manage privacy permissions:

iOS: Go to Settings > Privacy & Security > Tracking. Here you can prevent apps from requesting permission to track your activity across other companies' apps and websites.
Android: Go to Settings > Google > Ads. Tap Delete advertising ID to opt out of personalized ads. You can also reset your advertising ID at any time.

Please note that limiting ad tracking may reduce the relevance of advertisements you see but will not affect the core functionality of the VaxCPass app.

8. Your Rights Regarding Cookies

Depending on your location, you may have certain legal rights with respect to cookies and tracking technologies. We are committed to respecting and facilitating the exercise of these rights.

8.1 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or any other jurisdiction where the GDPR applies, you have the following rights:

Right to Prior Consent (Article 5(3) and ePrivacy Directive): We will not set non-essential cookies on your device without obtaining your prior, informed, and freely given consent. You may grant or withhold consent at any time.
Right to Withdraw Consent: You may withdraw your consent for the use of non-essential cookies at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw consent through our cookie consent banner, by adjusting your browser settings, or by contacting us.
Right to Information (Articles 13-14): You have the right to clear, transparent information about the cookies we use, including their purpose, duration, and the data they process. This Cookie Policy is designed to fulfill that obligation.
Right to Erasure (Article 17): In certain circumstances, you may request the deletion of personal data collected through cookies.
Right to Object (Article 21): You have the right to object to the processing of your personal data, including data collected through analytics cookies, at any time.
Right to Lodge a Complaint (Article 77): You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe that our processing of your personal data through cookies violates the GDPR.

8.2 Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, the CCPA grants you the following rights:

Right to Opt-Out of Sale or Sharing: Under the CCPA, "sale" is broadly defined and may include the sharing of data with third parties for their own purposes. You may opt out of the "sale" or "sharing" of your personal information collected through cookies. To exercise this right, please email us at vaxcpass@gmail.com with the subject line "CCPA Do Not Sell."
Right to Know: You have the right to request information about the personal data we have collected, disclosed, or sold about you in the past 12 months, including data collected through cookies.
Right to Delete: You may request the deletion of your personal information collected through cookies and other means, subject to certain exceptions.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

We do not sell your personal information as traditionally understood. However, we share cookie data with third-party analytics and marketing partners as described in this policy. If you wish to opt out, please follow the instructions in Section 6 or contact us directly.

8.3 Rights Under the UK Privacy and Electronic Communications Regulations (PECR)

Users in the United Kingdom are protected by the PECR, which implements the ePrivacy Directive in UK law. Under PECR:

Consent Requirement: We must obtain your informed consent before storing or accessing information on your device (except for strictly necessary cookies).
Clear Information: You must be provided with clear and comprehensive information about the cookies we use and how to manage them.
Easy Withdrawal: It must be as easy for you to withdraw your consent as it was to give it.

8.4 Rights Under the Kenya Data Protection Act 2019

As a Kenyan company, we also comply with the Kenya Data Protection Act 2019. Under this legislation:

Right to Privacy: You have the right not to have information relating to your personal data processed, including data collected through cookies.
Right to Access: You may request access to the personal data we hold about you, including cookie-related data.
Right to Correction: You may request the correction of inaccurate or incomplete personal data.
Right to Deletion: You may request the deletion of your personal data in certain circumstances.
Right to Data Portability: Where technically feasible, you may request your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You may object to the processing of your personal data, including for direct marketing purposes.
Right to Lodge a Complaint: You may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya if you believe your data protection rights have been violated.

To exercise any of the rights described above, please contact us using the details provided in Section 10 below.

9. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, changes in the cookies we use, or changes in applicable laws and regulations. When we make changes to this policy, we will:

Update the "Last Updated" date at the top of this page to reflect the date of the most recent revision.
Post the revised policy on the VaxCPass website and, where applicable, notify users through the app or by email for material changes.
Re-obtain your consent for any new categories of cookies or materially changed purposes for which consent is required under applicable law.

We encourage you to review this Cookie Policy periodically to stay informed about how we use cookies and related technologies. Your continued use of the VaxCPass website and mobile application after any changes to this policy constitutes your acceptance of the updated policy.

If you have questions or concerns about changes to this policy, please contact us using the information provided below.

10. Contact Information

If you have any questions, concerns, or requests regarding this Cookie Policy, the cookies we use, or your rights with respect to cookies and tracking technologies, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.

Atlas Software Corporation

Karen Ngong Rd, Nairobi, Kenya

Email: vaxcpass@gmail.com

Website: https://vaxcpass.com

For data protection inquiries under the Kenya Data Protection Act 2019, you may also contact the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.