MySoftCredit Cookie Policy
Last Updated: June 10, 2026
Introduction
This Cookie Policy explains how Obraj, Inc. (“Obraj,” “we,” “us,” or “our”) uses cookies and similar technologies on the MySoftCredit web application and website at mysoftcredit.com (collectively, the “Service”). It describes what these technologies are, exactly which cookies we set and why, the limited cases where a third party may set a cookie, and the choices available to you.
MySoftCredit is offered exclusively to users of the aria.mortgage mobile application who reach the Service through a secure, encrypted link. Because the Service gives you access to sensitive credit information, the cookies we use are focused on one thing: keeping your sign-in session secure. We do not use cookies to advertise to you, to build a marketing profile, or to track you across other websites.
This Cookie Policy forms part of, and should be read together with, our Privacy Policy and Terms of Service. Where this policy uses a term that is defined in those documents, that definition applies here. By logging in and using MySoftCredit, you acknowledge the use of the strictly necessary cookies described below, which are required to deliver the Service.
What Are Cookies and Similar Technologies?
Cookies are small text files that a website or application asks your browser to store on your device. When you return to a site, your browser sends the relevant cookies back, which allows the site to recognise your session and keep things working correctly. Cookies cannot run programs or deliver malware to your device, and a cookie can generally only be read by the domain that set it.
Cookies are commonly described using a few simple distinctions:
- First-party vs. third-party: First-party cookies are set by the website you are visiting (here, MySoftCredit). Third-party cookies are set by a different domain whose content is embedded in the page (for MySoftCredit, this can happen only inside the embedded credit and identity-verification components — see Third-Party Cookies below).
- Session vs. persistent: A session cookie is temporary and is cleared when you close your browser. A persistent cookie remains for a defined period (or until you delete it) so you do not have to sign in again on every page.
- Strictly necessary vs. optional: Strictly necessary cookies are essential for a service you have requested to function (such as logging in). Optional cookies (for analytics, preferences, or advertising) are not essential. MySoftCredit uses only strictly necessary cookies.
“Similar technologies” can include items such as pixels, web beacons, and browser storage (local storage / session storage). For transparency: as of the date of this policy, MySoftCredit does not use tracking pixels, web beacons, or browser local/session storage to identify or profile you. Our use of client-side storage is limited to the cookies described in this policy.
How MySoftCredit Uses Cookies
We take a deliberately minimal approach to cookies. We set cookies for a single core purpose:
- Authentication and session management: To verify who you are after you sign in, to keep you securely logged in as you move between pages during your access period, and to direct you to the correct area of the Service (for example, the user dashboard).
- Security and integrity: To protect your account against unauthorized access and common web attacks (such as cross-site request forgery), and to confirm that a session belongs to the account that signed in.
- Service delivery and access control: To make fast, reliable decisions about what you are allowed to access (for example, enforcing that an account whose access period has ended, or that has been deactivated, can no longer reach protected pages) without repeatedly querying our database on every request.
We do not use cookies to serve advertisements, to track your activity on other websites or apps, to sell or rent your information, or to build a behavioural or marketing profile of you. Our cookies exist to make secure access to your own credit information possible, and nothing more.
Cookies We Use
All of the cookies set directly by MySoftCredit are strictly necessary first-party cookies. They are required to authenticate you and to operate the Service securely, so they cannot be turned off from within the Service. If your browser blocks them, you will not be able to log in or use MySoftCredit. The specific cookies are:
- app_session — Purpose: Maintains your authenticated session and records the minimal information our system needs to route and authorise your requests (your user identifier, email, account role, and account-status flag). Type: First-party, strictly necessary. It is an HttpOnly cookie (not readable by JavaScript, which protects it against cross-site scripting), is marked Secure so it is only sent over HTTPS in production, and uses SameSite=Lax to help prevent cross-site request forgery. The value is a signed, tamper-evident token — it is verified on our servers and cannot be altered by you or a third party without detection. Duration: Persistent, with a rolling lifetime of approximately 24 hours that is refreshed while you are actively using the Service.
- Supabase authentication cookies (names beginning with “sb-”) — Purpose: Set by Supabase, the authentication and database platform that powers our secure sign-in, to store your active sign-in session (your access and refresh tokens) so that you remain logged in and your identity can be validated on each request. Type: First-party (served from the MySoftCredit domain), strictly necessary, configured as Secure and, where applicable, HttpOnly. Duration: These are session/refresh tokens managed by the authentication platform; they are renewed while your session is active and are cleared when you sign out or your session expires.
Because these cookies are essential to a secure, authenticated service that you have actively requested, they must be allowed in order to log in and use MySoftCredit. They contain only the minimal data needed to operate your session and are never used for advertising or cross-site tracking. When you sign out, when your access period ends, or when your session expires, the app_session cookie and the related authentication cookies are removed or invalidated.
Third-Party Cookies (Embedded Verification and Credit Services)
To verify your identity and retrieve your credit report, MySoftCredit embeds secure components provided by our credit and identity-verification partners (for example, services that work with TransUnion through the Array platform). When you interact with these embedded components — primarily during enrollment, identity verification, and credit report retrieval — those third parties may set their own cookies that are necessary for their tools to function and to prevent fraud.
- Set and controlled by the third party: These cookies are governed by the privacy and cookie policies of the respective provider, not by MySoftCredit. We do not control how those providers configure or read their own cookies.
- Purpose-limited: To our knowledge, such cookies are used to operate the verification or credit-retrieval experience and to help detect fraud — not to advertise to you or to track you across unrelated websites on our behalf.
- Where to learn more: If you would like to understand how these partners use cookies, please review the privacy and cookie notices of TransUnion and our verification partners, as referenced in our Privacy Policy.
Outside of these embedded verification and credit components, MySoftCredit does not knowingly load third-party cookies. If our integrations change in a way that introduces new third-party cookies, we will update this policy accordingly.
Cookies We Do Not Use
In the interest of full transparency, and as of the date of this policy, MySoftCredit does not use the following categories of cookies or similar technologies on its own domain:
- Advertising or marketing cookies — we do not serve targeted ads or share cookie data with advertising networks.
- Cross-site or behavioural tracking cookies — we do not follow your activity across other websites or apps.
- Social media tracking pixels — we do not embed third-party social trackers to monitor your interactions.
- Analytics cookies that identify you personally — we do not deploy cookies that build an individual analytics profile linked to your identity.
- Sale of cookie data — we do not sell or rent any information collected through cookies.
If we ever decide to introduce optional cookies (for example, privacy-respecting analytics or preference cookies), we will update this policy and, where required by law, request your consent through a clear cookie banner or preference tool before any non-essential cookie is set.
Your Consent and Legal Basis
The cookies described in Cookies We Use are strictly necessary to provide a secure, authenticated service that you have actively requested by signing in. Under applicable data protection and e-privacy laws, strictly necessary cookies of this kind do not require prior opt-in consent, because the Service simply cannot function securely without them. We nonetheless disclose them here so you can make an informed decision.
- To log in, you must allow our essential cookies. If you configure your browser to block first-party or authentication cookies, you will not be able to sign in, remain signed in, or access your dashboard.
- You remain in control. You can withdraw from cookie storage at any time by logging out and clearing cookies in your browser; doing so will end your session and require you to sign in again to continue using the Service.
- Consent for non-essential cookies. Should we introduce any optional cookies in the future, we will obtain your consent first where the law requires it, and you will be able to accept or decline them without losing access to the core Service.
Managing and Disabling Cookies
You can control and delete cookies through your browser settings. Most browsers let you view the cookies stored on your device, delete them individually or in bulk, block cookies from specific sites, or block all cookies. The exact steps vary by browser, so please refer to your browser's help documentation (for example, the settings or privacy section of Chrome, Safari, Firefox, or Edge).
- Blocking essential cookies breaks sign-in. Because our cookies are strictly necessary, blocking or deleting them will prevent you from logging in or staying logged in, and protected pages will not load.
- Clearing cookies logs you out. Deleting the app_session and authentication cookies during an active session will end that session immediately; you will need to sign in again.
- Signing out is the recommended way to clear your session. Using the in-app Sign Out action removes your session cookies securely. We especially recommend signing out when using a shared, public, or unsecured device.
You are responsible for managing your own session, particularly on devices that others can access. As noted in our Terms of Service, MySoftCredit is not liable for unauthorized access that results from a failure to sign out or to secure your session on a shared or public device.
How Long Cookies Last
The lifetime of a cookie depends on its type:
- app_session: A persistent cookie with a rolling lifetime of approximately 24 hours, refreshed while you are actively using the Service, and cleared when you sign out or when it expires.
- Supabase authentication cookies: Managed by our authentication platform for the duration of your active session; renewed while you stay signed in and cleared on sign-out or session expiry.
- Third-party verification cookies: Retained according to the policies of the provider that set them, only for as long as needed to operate their embedded component.
Cookies are a session mechanism and are separate from the personal data we hold in our systems. MySoftCredit is a limited, time-bound service (typically a four-week access period). When your access period ends, or when your account is deactivated (by you or by us), your session cookies are invalidated and your associated data is handled as described in our Privacy Policy and Terms of Service — including the removal of credit report information within ninety (90) days of deactivation.
Do Not Track Signals
Some browsers offer a “Do Not Track” (DNT) setting that signals a preference not to be tracked. Because there is no common industry standard for how DNT signals should be interpreted, MySoftCredit does not currently respond to DNT signals in a uniform way. In any case, MySoftCredit does not track you across other websites or services, so there is no cross-site tracking to opt out of. We will continue to monitor developments in this area and update our practices as standards emerge.
Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our technology, our integrations, or applicable law. When we make changes, we will revise the “Last Updated” date at the top of this policy. If a change is material — for example, if we introduce a new category of cookies — we will take reasonable steps to notify you and, where the law requires it, obtain your consent before the change takes effect. We encourage you to review this policy periodically so you stay informed about how we use cookies.
Contact Us
If you have any questions about this Cookie Policy or how MySoftCredit uses cookies, please contact us using the details below. We are happy to explain our practices and help you exercise your choices.
We value your privacy and your trust. Thank you for taking the time to understand how MySoftCredit uses cookies. Our goal is to keep your access to your own credit information secure, transparent, and free of unnecessary tracking.
Privacy Officer — MySoftCredit (Obraj, Inc.)
Email: [email protected]
Mailing Address: MySoftCredit — Obraj, Inc., 1601 Industrial Blvd STE 3019, Sugar Land, TX 77478, USA
