Cookie Policy
Last updated:
We keep cookies to a minimum: strictly necessary session cookies to keep you signed in, and nothing else, unless this page says otherwise.
2. The legal position
Under the Privacy and Electronic Communications Regulations 2003 (PECR), as amended, cookies that are strictly necessary to provide a service you've asked for don't require consent. Any other cookie — for analytics, preferences, or advertising — requires your consent before it's set, and you must be able to withdraw that consent as easily as you gave it.
3. The cookies we use
We currently use only strictly necessary cookies. We don't set any analytics, advertising, or non-essential cookies today. If that changes, we'll update this policy and add a consent mechanism before any non-essential cookie is set, as PECR requires.
| Cookie | Purpose | Category | Duration |
|---|---|---|---|
| sb-*-auth-token | Keeps you signed in to the firm portal, client portal, or master admin console (set by our authentication provider, Supabase). | Strictly necessary — no consent required | Session / up to 7 days, refreshed on activity |
| sb-*-auth-token-code-verifier | Supports the sign-in flow (PKCE) during authentication. | Strictly necessary — no consent required | Short-lived, cleared after sign-in completes |
6. Changes to this policy
We'll update this page whenever the cookies we use change. See our Privacy Policy for how we handle the personal data associated with your account more broadly.
7. Contact us
Questions about this policy: privacy@amaesa.co.uk